The Latest in IT Security

High profile site scares users

29
Apr
2013

We come across a plenty of malware reports every day. Sometimes we have to deal with some special cases, where a respected vendor is involved. This time it was the Dell driver download site.

Download site

Download site

The “Download file” link leads to this unexpected screen (our user complained about a false positive):

What a surprise?!

What a surprise?!

Well, being an average user, I’d be somehow confused as well. But I know where to look, when it comes to Sality. First of all – the file is supposed to be signed with a digital certificate (according to PE header), but there’s no valid signature (even the Digital signature tab in the file properties dialog does not appear):

No digital signature

No digital signature

On the other hand, what we can easily find in the file is an evident sign of Sality presence:

Traces of Sality

Traces of Sality

The highlighted section has been added by Sality. Fortunately, it has not been filled up with a vital Sality body (it seems to be either wrongly infected or wrongly disinfected), thus the file is not dangerous, but it’s definitely something what no one expects at a site with such reputation. Now it is up to Dell, I think that they don’t want to distribute this particular file anymore :-) .

VT analysis: https://www.virustotal.com/en- gb/file/c1402d0f47dc8a6effbdcdceced1296770730ad4fc17cb37d6d9650d3e2b1a52/analysis/1367238999/

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments