[X2Go-User] x2go-user Digest, Vol 70, Issue 24

Josh Conway jwcrawley at gmail.com
Fri Feb 28 17:15:53 CET 2020 

Thank you for the rapid response Stefan Baur,

Although I do agree that those AV names are, shall we say, 'less
reputable', I was only emailing for due diligence in that both FF and
Chrome flagged it as malicious.

Thank you for addressing my concerns,

Josh Conway

On Fri, Feb 28, 2020 at 9:32 AM <x2go-user-request at lists.x2go.org> wrote:

> Send x2go-user mailing list submissions to
>         x2go-user at lists.x2go.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.x2go.org/listinfo/x2go-user
> or, via email, send a message with subject or body 'help' to
>         x2go-user-request at lists.x2go.org
>
> You can reach the person managing the list at
>         x2go-user-owner at lists.x2go.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of x2go-user digest..."
>
>
> Today's Topics:
>
>    1. Credible warning of infected / trojaned X2go windows binary
>       (Josh Conway)
>    2. Re: Credible warning of infected / trojaned X2go windows
>       binary (Stefan Baur)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 28 Feb 2020 09:09:17 -0500
> From: Josh Conway <jwcrawley at gmail.com>
> To: x2go-user at lists.x2go.org
> Subject: [X2Go-User] Credible warning of infected / trojaned X2go
>         windows binary
> Message-ID:
>         <CACxuvT5Pp7tSgc29tdeurqynrn=wwijRYJi_mb7_k7W6OVL=_
> g at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Greetings,
>
> Upon downloading the file:
>
>
> https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/x2goclient-4.1.2.2-2020.02.13-setup.exe
>
> MD5 8b1ac4cb969d116c9303ab3fafe50a01
> SHA-1 ce77b87fd972aa12c74bb36181371034b0bb051d
> SHA-256 227857330e14cf88c88159c5439c914ce2e4170c7aa29149641d5df11d1745f0
>
> Firefox *and* Google Chrome both throw errors for detected malware.
>
> Running said file through Virustotal shows the 6 AV products' results:
>
> Bkav: HW32.Packed.
>
> Panda: PUP/RemoteAdmin
>
> Trapmine: Malicious.moderate.ml.score
>
> Webroot: W32.Ransom.Gen
>
> Yandex: Trojan.Agent!RIMR9kcXEpU
>
> Zillya: Trojan.Generic.Win32.1026149
>
>
> I've attempted to ping people in the freenode #x2go irc room to no avail.
>
>
> Josh Conway
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/1d0d8bf8/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Fri, 28 Feb 2020 15:31:48 +0100
> From: Stefan Baur <X2Go-ML-1 at baur-itcs.de>
> To: x2go-user at lists.x2go.org
> Subject: Re: [X2Go-User] Credible warning of infected / trojaned X2go
>         windows binary
> Message-ID: <ad8d422c-f8f2-14f5-d2bc-dc6c594a63b5 at baur-itcs.de>
> Content-Type: text/plain; charset="utf-8"
>
> Am 28.02.20 um 15:09 schrieb Josh Conway:
> > Greetings,
> >
> > Upon downloading the file:
> >
> >
> https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/x2goclient-4.1.2.2-2020.02.13-setup.exe
> >
> > MD5 8b1ac4cb969d116c9303ab3fafe50a01
> > SHA-1 ce77b87fd972aa12c74bb36181371034b0bb051d
> > SHA-256 227857330e14cf88c88159c5439c914ce2e4170c7aa29149641d5df11d1745f0
> >
> > Firefox *and* Google Chrome both throw errors for detected malware.
> >
> > Running said file through Virustotal shows the 6 AV products' results:
> >
> > Bkav: HW32.Packed.
> > Panda: PUP/RemoteAdmin
> > Trapmine: Malicious.moderate.ml.score
> > Webroot: W32.Ransom.Gen
> > Yandex: Trojan.Agent!RIMR9kcXEpU
> > Zillya: Trojan.Generic.Win32.1026149
>
>
> Josh,
>
> these scanners are a) not exactly the most reliable ones and b) they are
> throwing "generic" names, which means it's their heuristic detection
> that is giving the alarm.
>
> The total amount of scanners at Virustotal that scanned the file is 57 -
> as long as only 6 out of 57 trigger the alarm, and there's not a single
> reputable name amongst those being triggered, there's nothing to worry
> about.  I'd start worrying once Avast, AVG, Avira, BitDefender, F-Prot,
> F-Secure, Kaspersky, G-Data, Malwarebytes, McAfee, Microsoft, Sophos,
> Symantec or TrendMicro start throwing warnings.  As of now, this can
> safely be dismissed as a false alarm.
>
> Also, next to our download, in the same directory
> <
> https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/
> >,
> you can find MD5, SHA1 and SHA256 checksums *as well as a GPG signature*
> from us.  Do check that signature - if it matches, there's nothing to
> worry about.
>
> The reason why Firefox and Chrome trigger an alert, and what to do about
> it, has been discussed on this mailing list before, see this thread:
> <https://www.mail-archive.com/x2go-user@lists.x2go.org/msg03640.html>
>
> Kind Regards,
> Stefan Baur
>
> --
> BAUR-ITCS UG (haftungsbeschränkt)
> Geschäftsführer: Stefan Baur
> Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
> Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: 0x6EDDF418CDBE5119.asc
> Type: application/pgp-keys
> Size: 56524 bytes
> Desc: not available
> URL: <
> http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/138979b4/attachment.key
> >
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 488 bytes
> Desc: OpenPGP digital signature
> URL: <
> http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/138979b4/attachment.sig
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> x2go-user mailing list
> x2go-user at lists.x2go.org
> https://lists.x2go.org/listinfo/x2go-user
>
>
> ------------------------------
>
> End of x2go-user Digest, Vol 70, Issue 24
> *****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/e2dd134e/attachment.html>

More information about the x2go-user mailing list