Sourceforge pidgin download page blocked by google chrome as malicious
Philippe VIALLE
philippe.vialle at gmail.com
Tue Feb 24 14:31:50 EST 2015
Guys,
if I may, that's the binary file (Pidgin-2.10.11.exe) that was downloaded
that seems to get blocked (in fact, local detection of malicious files by
browser itself).
Here is an example of such an alert with a Chrome derivative browser
(Dragon):
[image: Images intégrées 1]
Despite my efforts, I could not reproduce any scenario where this was the
download URL that was blocked, therefore I believe this is a file-based
detection.
Now if you really look at VirusTotal, the Pidgin installer is not supposed
to be fully clean:
https://www.virustotal.com/en/file/2a2c58cba5f9360f5f48cc59ccb5e1f82d59c3cc87a52648e9bd45b3968e10e3/analysis/
- Rising AV repots it as PE:Trojan.Win32.Generic.141A9A33!337287731
- Clam AV detects it as PUA
- Symantec reputation reports a suspicious.insight
This might be due to a detection of screen capture capability (look at
Zemana results), but can't be sure right now, just thinking out loud.
Anyway, I would try to report this to Google, as a potential FP.
My 2 cents,
2015-02-24 20:03 GMT+01:00 Ethan Blanton <elb at pidgin.im>:
> Bogdan Harjoc spake unto us the following wisdom:
> > Tried to get pidgin-2.10.11 for windows from pidgin.im, and after the 5
> > second delay on sourceforge, was greeted by a red page in chrome, saying
> > the site was blacklisted. I downloaded the file anyway and chrome deleted
> > it after the download completed, calling the .exe 'malicious' as well.
> >
> > Virustotal says the file is clean (
> > 2a2c58cba5f9360f5f48cc59ccb5e1f82d59c3cc87a52648e9bd45b3968e10e3
> > ), maybe someone at google should be politely asked to drop
> sourceforge.net
> > from their blacklist ?
>
> This is probably due to a recent, well-known bogus DMCA takedown
> notice. I expect the courts will straighten it out for us.
>
> Ethan
>
> _______________________________________________
> Support at pidgin.im mailing list
> Want to unsubscribe? Use this link:
> https://pidgin.im/cgi-bin/mailman/listinfo/support
>
--
Philippe Vialle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/pipermail/support/attachments/20150224/0a38505e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 7560 bytes
Desc: not available
URL: <https://pidgin.im/pipermail/support/attachments/20150224/0a38505e/attachment.png>
More information about the Support
mailing list