Malware & Stealth Keyloggers within
Published on April 12, 2011 By karmat In WinCustomize Talk

I just wanted to post news of what's going on at deviantART the past few days to warn people of the infected skins that are getting uploaded to the Rainmeter Gallery there.

We have found 20 rainmeter skins so far (almost 4,000 downloads so far) that:

1) contain malware, trojans, worms, and stealth keyloggers

2) are complete copies of other artists skins, right down to the same preview and description

A couple of ways to recognize a potential bad skin is that the person:

- is a brand new member

- they have their comments turned off

- they have no personal info on their profile page

- they don't have anything else in their gallery or they have the two or three infected skins from this week

We've been doing numerous testing, reporting, warning, blogging, etc etc, still waiting for dA staff to show signs that they are alive and interested.

I'm pretty sure it's someone that was banned that is now trying to wreak havoc, but there's no way of proving it unless dA decides to get involved. Needless to say, our group there and at the Rainmeter Forum are pretty upset by this and we're trying to keep on top of it, but it's pretty hard to do without assistance from dA. As soon as we find/test/report/blog one infection, another one has popped up.

For people here who download (or have downloaded any in the last week) rainmeter skins from dA, please read the full post at our Rainmeter Group there first, we are keeping it updated with news of infected skins as we find them along with the virus reports http://rainmeter.deviantart.com/blog/39762918/

Most important, if you download there, don't if it is a .exe file. It should either be .rmskin or a zip file with .ini and .png files.

As you know, here at WC, your rainmeter downloads are completely safe because they actually moderate here, novel concept!

If you have any questions or news, you can contact me here, private pm or at deviantART http://karmat111.deviantart.com/.

Keep it safe!

Karen


Update - Here is a screenshot of the Rainmeter Gallery with the infected skins circled in red - stay away from them.


Comments (Page 2)
2 Pages1 2 
on Apr 13, 2011

Well ...... that's something anyway. Lets hope it works.

on Apr 13, 2011

Did I mention that $chix0r is worth her weight in gold?

We [Fiona and myself] are in 'frequent' contact...

The new 'tag' re malware sounds like a great improvement.  The next trick may be to find a solution to 'duplicate reports'  where perhaps [assuming it doesn't now] multiple reports for one issue [policy violation] simply get a number prefix...eg Report XYZ[3] meaning 3 individual people have each reported the same upload.... and maybe that number count prioritizes the handling of the issue..... pushes it to the fore.

However, to be sure such a function is not abused it'd be clever to not advertise its use...

on Apr 13, 2011

When people complain about moderated uploads here, this is a thread I will point them too.  

 

on Apr 13, 2011

Did I mention that $chix0r is worth her weight in gold? We [Fiona and myself] are in 'frequent' contact...

Yes, Fiona is awesome! But I have to go back and test some more skins, cause the next wave is starting to come in again - so we shall see how fast they disappear. Though she did say to try and give it 24 hours till the changes are implemented.

Island Dog
When people complain about moderated uploads here, this is a thread I will point them too.  

 

Absolutely, best example for the benefits of strict moderation! Thank you for that!

 

 

on Apr 14, 2011

Regrettably, this situation will only repeat itself again and again unless dA take the route of moderated and checked uploads before showing and making available to site members and visitors. In this day and age, they have to be more responsible and diligent in their activities otherwise they will lose even more creditability........and eventually losing their support, confidence, respect and popularity of the site visitors and users. RESPONSIBILITY is the key word here. It's a mammoth task for such a big site however there are enough 'responsible'........theres that word again........volunteers, in most groups who would happily give up some time, for the site, to do a great moderating and checking job. Seize the opportunity dA and you will flourish..............ignore your audience and your responsibilities and your demise will surely, eventually follow. 

For the record, I've been a member over their for years and I would hate to see another art website go 'to the dogs'............      

on Apr 14, 2011

Apparently their stance is that it is the users/downloaders responsibility to scan files downloaded from their site for malware.  I say that is BS. Yes, all downloaded files should be checked but for them to take no responsibility for hosting the files on their site is just not the popular avenue. Folks should be able to trust that the files on the site are safe.

2 Pages1 2