pidgindownload.com - spyware?

Mark Doliner mark at kingant.net
Wed Jul 22 18:10:10 EDT 2009 

I believe in June we requested that the ISP hosting this site turn it
off.  I believe they did so, but then the pidgindownload.com people
moved to a different ISP (possibly one outside the US?)  Maybe Kevin
can clarify this statement?

I sent them an email on July 1st and said, "We ask that you avoid
using our trademarks in a way that looks as if pidgindownload.com is
the official website of the Pidgin IM client."  I haven't gotten any
response.

Next steps?

-Mark

On Wed, Jul 22, 2009 at 3:01 PM, ChO₂<chemistrydioxide at quantentunnel.de> wrote:
> Hello everybody,
>
> Someone has put a web site on the internet that looks very similar to
> pidgin.im, but is actually different. This web site offers a file for
> download that it claims to be Pidgin 2.5.8 for Windows.
>
> I've downloaded Pidgin for Windows from the questionable web site and
> from pidgin.im:
>
> Original file:
>    md5: e1f46848473cf69236b8a7020b7e5bd7
>    size: 14323030 bytes
> Questionable version:
>    md5: fc87e991b2484c4eac968e17a41b0d6d
>    size: 14275882
>
> I already suggested that pidgindownload.com could be shipping something
> different than Pidgin or a version of Pidgin that is infected with
> spyware or a virus, but after googleing for the md5 hash, it seems that
> it's just Pidgin 2.5.4 which is offered there:
> http://www.google.de/search?q=fc87e991b2484c4eac968e17a41b0d6d&ie=UTF-8&oe=UTF-8
>
> However, I still think that the person who is running that site is up to
> doing something nasty because
> - the website is imitating pidgin.im and mirroring parts of it.
> - pidgindownload.com is hiding its whois information which is uncommon
> for reputable web sites when most websites in the same zone have
> extensive whois data.
>
> I am afraid that many people happen to end up on that site because it is
> the third Google result for "pidgin download":
> http://www.google.de/search?q=pidgin+download&ie=UTF-8&oe=UTF-8
>
>
> Greetings from a country that doesn't know patriotism
> ChO2
>
>
> PS: This is from #pidgin, today:
>
> (2009-07-22 21:35:27) thomas001: thank google for it
> (2009-07-22 21:35:48) dan: i did google, and i actually ended up at
> pidgindownload.com which appears to be spyware
> (2009-07-22 21:36:26) thomas001: "pidgin windows download" gave good
> results
> (2009-07-22 21:37:45) dan: someone might want to take a look at the
> pidgindownload.com site since it seems to be a near copy of the real web
> site, but links to s 300k exe file from some ad company
> (2009-07-22 21:39:40) thomas001: wow,this is bad
> (2009-07-22 21:39:58) Cobalt: I got a 13.7MB exe.
> (2009-07-22 21:41:29) thomas001:
> http://preview.licenseacquisition.org/48/1056168924.86392/pidgin.exe
> thie link is somewhat odd
> (2009-07-22 21:42:20) Cobalt: That it is, also the name of the file,
> although it appears to be the right size... But that can easily be
> messed with.
> (2009-07-22 21:42:48) Cobalt: Also, there's nothing there except the
> Windows version, apparently.
> (2009-07-22 21:44:10) Cobalt:
> http://www.whois.net/whois/pidgindownload.com
> (2009-07-22 21:45:13) Cobalt: Creepy?
>
> [...]
>
> (2009-07-22 22:33:45) chemistrydioxide: pidgindownlaod.com is somehow
> mirroring part of pidgin.im
>
> [...]
>
> (2009-07-22 22:44:01) chemistrydioxide: i just downloaded pidgin 2.5.8
> from pidgindownload.com. it's actually different from the official
> version. it's slightly smaller
>
> [...]
>
> (2009-07-22 22:44:39) chemistrydioxide: i'm afraid that someone is
> actually doing something nasty here
> (2009-07-22 22:44:49) darkrain42: chemistrydioxide: ?
> (2009-07-22 22:45:06) darkrain42: oh, sorry. saw the context. lastlog
> was in the way.
> (2009-07-22 22:45:10) ***darkrain42 grumbles
> (2009-07-22 22:45:18) darkrain42: chemistrydioxide: Mention it in d at cpi,
> please
> (2009-07-22 22:45:23) elb: chemistrydioxide: that's not good
> (2009-07-22 22:45:57) chemistrydioxide: darkrain42: k.
> (2009-07-22 22:46:06) chemistrydioxide: i'll do it immediately
>
>
>
> _______________________________________________
> Devel mailing list
> Devel at pidgin.im
> http://pidgin.im/cgi-bin/mailman/listinfo/devel
>

More information about the Devel mailing list