pidgindownload.com - spyware?
ChO₂
chemistrydioxide at quantentunnel.de
Wed Jul 22 18:01:18 EDT 2009
Hello everybody,
Someone has put a web site on the internet that looks very similar to
pidgin.im, but is actually different. This web site offers a file for
download that it claims to be Pidgin 2.5.8 for Windows.
I've downloaded Pidgin for Windows from the questionable web site and
from pidgin.im:
Original file:
md5: e1f46848473cf69236b8a7020b7e5bd7
size: 14323030 bytes
Questionable version:
md5: fc87e991b2484c4eac968e17a41b0d6d
size: 14275882
I already suggested that pidgindownload.com could be shipping something
different than Pidgin or a version of Pidgin that is infected with
spyware or a virus, but after googleing for the md5 hash, it seems that
it's just Pidgin 2.5.4 which is offered there:
http://www.google.de/search?q=fc87e991b2484c4eac968e17a41b0d6d&ie=UTF-8&oe=UTF-8
However, I still think that the person who is running that site is up to
doing something nasty because
- the website is imitating pidgin.im and mirroring parts of it.
- pidgindownload.com is hiding its whois information which is uncommon
for reputable web sites when most websites in the same zone have
extensive whois data.
I am afraid that many people happen to end up on that site because it is
the third Google result for "pidgin download":
http://www.google.de/search?q=pidgin+download&ie=UTF-8&oe=UTF-8
Greetings from a country that doesn't know patriotism
ChO2
PS: This is from #pidgin, today:
(2009-07-22 21:35:27) thomas001: thank google for it
(2009-07-22 21:35:48) dan: i did google, and i actually ended up at
pidgindownload.com which appears to be spyware
(2009-07-22 21:36:26) thomas001: "pidgin windows download" gave good
results
(2009-07-22 21:37:45) dan: someone might want to take a look at the
pidgindownload.com site since it seems to be a near copy of the real web
site, but links to s 300k exe file from some ad company
(2009-07-22 21:39:40) thomas001: wow,this is bad
(2009-07-22 21:39:58) Cobalt: I got a 13.7MB exe.
(2009-07-22 21:41:29) thomas001:
http://preview.licenseacquisition.org/48/1056168924.86392/pidgin.exe
thie link is somewhat odd
(2009-07-22 21:42:20) Cobalt: That it is, also the name of the file,
although it appears to be the right size... But that can easily be
messed with.
(2009-07-22 21:42:48) Cobalt: Also, there's nothing there except the
Windows version, apparently.
(2009-07-22 21:44:10) Cobalt:
http://www.whois.net/whois/pidgindownload.com
(2009-07-22 21:45:13) Cobalt: Creepy?
[...]
(2009-07-22 22:33:45) chemistrydioxide: pidgindownlaod.com is somehow
mirroring part of pidgin.im
[...]
(2009-07-22 22:44:01) chemistrydioxide: i just downloaded pidgin 2.5.8
from pidgindownload.com. it's actually different from the official
version. it's slightly smaller
[...]
(2009-07-22 22:44:39) chemistrydioxide: i'm afraid that someone is
actually doing something nasty here
(2009-07-22 22:44:49) darkrain42: chemistrydioxide: ?
(2009-07-22 22:45:06) darkrain42: oh, sorry. saw the context. lastlog
was in the way.
(2009-07-22 22:45:10) ***darkrain42 grumbles
(2009-07-22 22:45:18) darkrain42: chemistrydioxide: Mention it in d at cpi,
please
(2009-07-22 22:45:23) elb: chemistrydioxide: that's not good
(2009-07-22 22:45:57) chemistrydioxide: darkrain42: k.
(2009-07-22 22:46:06) chemistrydioxide: i'll do it immediately
More information about the Devel
mailing list