FlashGet download servers hacked, serving users malware.
// March 15th, 2008 // 3 Comments » // Malware Related, News
Kaspersky’s virus analysts have recently blogged on the popular download manager called “FlashGet” being hacked. Apparently the developer’s servers were hacked and files modified which mean FlashGet automatically downloaded a number of malicious files to users’ of FlashGet because it thought they were an update (inapp4.exe/inapp5.exe/inapp6.exe, within the container appA.cab). When executed, these files would initiate outbound communication and download additional malicious code.
Worryingly, there has been no acknowledgment from the FlashGet developers or anything posted on their website about the breach/hack at the time of posting this.
Currently, there are a number of postings on the FlashGet forums about the trojans, which were detected by fortunate users’s antivirus or firewall software.
The malicious code seems to have been removed from the FlashGet servers for now, but Kaspersky Lab has been quoted as saying FlashGet is still vulnerable to attack:
“All you need to do is add a link (which can point to any file you want) to the FGUpdate3.ini file and it will be automatically downloaded to your computer every time you launch FlashGet. Even if you don’t press “Refresh”, FlashGet uses the information from the .ini file. This “vulnerability” is present in all versions of FlashGet 1.9.xx.”
Which means?
“In spite of the fact that the site is no longer “hacked”, users are still vulnerable. Any Trojan program could modify the local .ini FlashGet file, causing it to function like a Trojan-Downloader. And it’s worth noting here that FlashGet is usually treated as a trusted application, consequently, network activity caused by the application or requests to sites won’t be flagged as suspicious, and users won’t be alerted.”
Advice?
Bin FlashGet until this vulnerability is sorted.
Read the full story here
