Re: [Rails-devel] [Rails-users] Any user had Malware on PC after Rails installation?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Dave (and everyone else),

the current state of the mal-/ad-ware incident is the following: I asked 
the person who reported the infect to search for any Rails files on his 
system (download or installed files). In fact there were no Rails files 
to find.

So it is not clear that the (intended) download was the causal reason 
for the infection. Until now no one else reported a similar experience.

In addition I am pretty convinced that the installation files of Rails 
itself do not carry anything malicious.

However keep your browser updated and protected and make sure that you 
really download the rails installation files and not something else. I 
have no-script and ad-blocker installed for my browser, so I do not know 
if the sourceforge and/or its mirrors display ads close to the download 
links.

I will add download links for RC1 on github tomorrow for those who are 
still wary of sourceforge and post them here.

Thanks for asking,

Stefan

On 09/10/2015 07:40 PM, Dave Berry wrote:
> Hi Stefan,
>
> Has this malware issue been resolved?
>
> I'd like to install the 2.0 RC but I'm a bit wary based on this report.
>
> Dave.
>
> On 02/09/2015 12:47, Stefan Frey wrote:
>> Thanks for the link. I only google'd the malware's name and sourceforge
>> and got no result.
>>
>> That is really disturbing, please be assured Rails never gave any
>> permission to Sourceforge to add anything like that to our download
>> files.
>>
>> How I understand the article sourceforge claims that they have stopped
>> that practice.
>>
>> Technically I doubt that it effects our zipped releases of Rails 1.x
>> releases. Or are they converted to some exe-files on Windows OS?
>>
>> Can anyone provide a MD5 checksum for Rails downloaded files on a
>> Windows OS? Especially for the the current default (Rails-1.9.0 zip).
>>
>> It might be easier to wrap some malware around the testing launch4j
>> Rails-2.0-beta5.exe? Can someone provide me a MD5 checksum for a Windows
>> download?
>>
>> In any case another (good) reason to leave sourceforge for github as
>> soon as possible.
>>
>> Stefan
>>
>>
>>
>> On 09/02/2015 12:29 PM, Anttoni Huhtala wrote:
>>> There have been some reports of added malware by sourceforge..
>>> http://www.howtogeek.com/218764/warning-don%E2%80%99t-download-software-from-sourceforge-if-you-can-help-it/
>>>
>>>
>>>
>>> Mayby a change of hosting is in order?
>>>
>>> 2.9.2015, 13:19, Stefan Frey kirjoitti:
>>>> To all Rails users:
>>>> there has been a recent user experience that after some time after
>>>> installing Rails a virus/malware was on his PC.
>>>>
>>>> The malware is called "PlaythruPlayer", more details can be found by
>>>> google.
>>>>
>>>> There is no reason to assume currently that Rails would install such a
>>>> virus/malware on any system, however I would like to know if any other
>>>> Rails user had the same experience.
>>>>
>>>> So far I have no information which Rails version and installation
>>>> method
>>>> was used.
>>>>
>>>> Stefan
>>>>
>>>> ------------------------------------------------------------------------------
>>>>
>>>>
>>>> Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
>>>> Get real-time metrics from all of your servers, apps and tools
>>>> in one place.
>>>> SourceForge users - Click here to start your Free Trial of Datadog now!
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
>>>> _______________________________________________
>>>> Rails-users mailing list
>>>> Rai...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/rails-users
>> ------------------------------------------------------------------------------
>>
>> Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
>> Get real-time metrics from all of your servers, apps and tools
>> in one place.
>> SourceForge users - Click here to start your Free Trial of Datadog now!
>> http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
>> _______________________________________________
>> Rails-users mailing list
>> Rai...@li...
>> https://lists.sourceforge.net/lists/listinfo/rails-users
>