Do you think that you choose "general download" on the line? pattern!
Recently, a new message appeared in the Microstep community. A user named RTFM published an article.Contaminated Baidu download, Putty bundled, why is the programmer always hurt? !” , attracted users hot discussion.
The author stated that he downloaded the latest version of putty from the Baidu software center, and stressed that the click was "Ordinary Download". After the installation, the computer was installed with two softwares, Kingsoft Internet Security and Baidu's iQiyi.
The author analyzed the downloaded file and found that putty is not the official version. Unlike the official version, the putty of Baidu Software Center does not have a digital signature. The version is also strange 220.127.116.11.
True or false putty
After running the software, this program will first connect to a server and download a list.exe file. Actually, this file is a list containing the download addresses of Kingsoft Internet Security and iQiyi. Once the list is downloaded, the software will extract the file. A real putty file will silently download and install Kingsoft and iQiyi when putty is running.
In order to find out the truth, the author used the server's IP address to trace the source.
The author finally discovered that the owner of IP Bu X came from Baidu Shanghai and is a senior R&D engineer in the user product department.
At present, Baidu has not responded to this, and it is not known whether the bundled malware is the individual behavior of the engineer.
The big gods reply in the comment area
Xiao Bian also conducted a simple investigation on this and found that the problematic 0.67.0.0 has appeared in the software center at least in May 2017. 10 days ago, v2ex is also relevantPostIndicted the binding behavior. Currently through Baidu search putty, software center page has been deleted.
It is reported that 360, fire velvet, and some foreign anti-virus software will be on Baidu version of putty alert.
Download please go to the official website
This is notPuttyThe first time it was involved, as early as 2012, Chinese version of putty had been exposed backdoor, and a large number of host administrator passwords may be leaked. At the end of last year, Tencent apologized for the promotion of computer stewards and QQ browsers. We also apologized to everyone. We are also in the feature articles.MentionedThere are still a large number of inducing advertisements in a large number of download stations in China, affecting the user's experience. Therefore, when downloading software, it is recommended that you go to the product website.