[OTR-dev] cypherpunks.ca serving malware as of 8/28

Nikita Borisov nikita at uiuc.edu
Mon Aug 29 17:53:47 EDT 2011


Dear Evan,

Thank you for bringing this to our attention.  I have visited the URL
you provided but was not able to find a threat expert report with the
md5 listed.  I have also tried scanning the indicated file with threat
expert and it did not list any issues, so I'm assuming that the
malc0de page is in error.  Please let us know if you have any
information to the contrary.

- Nikita

On Tue, Aug 30, 2011 at 12:02 AM, Keiser, Evan <ekeiser at perimeterusa.com> wrote:
> Guys,
>
>
>
> I have been an avid user of OTR since its inception and I wanted to ensure
> you were aware of some recent activity coming from your domain. Today a user
> on our network attempted to download one of the pidgin-OTR wrapped
> executables and we found it was blocked by one of our malware correlations.
> It appears since the 28th  of this month your executables have been serving
> numerous different types of malware. You can find the link to the malc0de
> entry here, http://malc0de.com/database/index.php?search=www.cypherpunks.ca
> and you can take a look at the MD5 hash links to the threatexpert reports.
> Please let us know when this is resolved or remove the download if possible.
> Thank you.
>
>
>
>
>
> Thanks,
>
> Evan Robert Keiser
>
> Security Analyst
>
> Perimeter e-Security
>
> 919.228.2571
>
>
>
> --
>  The sender of this email subscribes to Perimeter E-Security's email
>  anti-virus service. This email has been scanned for malicious code and is
>  believed to be virus free. For more information on email security please
>  visit: http://www.perimeterusa.com/services/messaging
>  This communication is confidential, intended only for the named
> recipient(s)
>  above and may contain trade secrets or other information that is exempt
> from
>  disclosure under applicable law. Any use, dissemination, distribution or
>  copying of this communication by anyone other than the named recipient(s)
> is
>  strictly prohibited. If you have received this communication in error,
> please
>  delete the email and immediately notify our Command Center at 203-541-3444.
>
>  Thanks
>



-- 
Nikita Borisov - http://hatswitch.org/~nikita/
Assistant Professor, Electrical and Computer Engineering
Tel: (217) 903-4401, Office: 460 CSL



More information about the OTR-dev mailing list