Home > News content

Baidu Software Center putty was exposed malicious bundled software

via:博客园     time:2018/5/10 11:32:10     readed:70

TIM

Do you think that you choose "general download" on the line? pattern!

Recently, a new message appeared in the Microstep community. A user named RTFM published an article.Contaminated Baidu download, Putty bundled, why is the programmer always hurt? !” , attracted users hot discussion.

The author stated that he downloaded the latest version of putty from the Baidu software center, and stressed that the click was "Ordinary Download". After the installation, the computer was installed with two softwares, Kingsoft Internet Security and Baidu's iQiyi.

The author analyzed the downloaded file and found that putty is not the official version. Unlike the official version, the putty of Baidu Software Center does not have a digital signature. The version is also strange 1.0.0.1.

TIM

True or false putty

After running the software, this program will first connect to a server and download a list.exe file. Actually, this file is a list containing the download addresses of Kingsoft Internet Security and iQiyi. Once the list is downloaded, the software will extract the file. A real putty file will silently download and install Kingsoft and iQiyi when putty is running.

9971650c9ac2c984cfb45f8970291e254c3bde134c09e90a7bc6f89fb8ec9a31.png

In order to find out the truth, the author used the server's IP address to trace the source.

Untitled

Traceability process

The author finally discovered that the owner of IP Bu X came from Baidu Shanghai and is a senior R&D engineer in the user product department.

c224ea656e13a0db3466f301b12fe823c91ca55ac6647e06c2fd8c4955ddead5.png

At present, Baidu has not responded to this, and it is not known whether the bundled malware is the individual behavior of the engineer.

TIM

The big gods reply in the comment area

Xiao Bian also conducted a simple investigation on this and found that the problematic 0.67.0.0 has appeared in the software center at least in May 2017. 10 days ago, v2ex is also relevantPostIndicted the binding behavior. Currently through Baidu search putty, software center page has been deleted.

TIM

It is reported that 360, fire velvet, and some foreign anti-virus software will be on Baidu version of putty alert.

TIM

Download please go to the official website

This is notPuttyThe first time it was involved, as early as 2012, Chinese version of putty had been exposed backdoor, and a large number of host administrator passwords may be leaked. At the end of last year, Tencent apologized for the promotion of computer stewards and QQ browsers. We also apologized to everyone. We are also in the feature articles.MentionedThere are still a large number of inducing advertisements in a large number of download stations in China, affecting the user's experience. Therefore, when downloading software, it is recommended that you go to the product website.

* Reference source:Threatbook,V2ex, author of this article Sphinx, reprinted from FreeBuf.COM

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments