Security News Malicious 7-Zip site distributes installer laced with proxy tool

[Parkinsond]

I have tried too now; that is what I have got

View attachment 295587View attachment 295588View attachment 295589

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses

opentip.kaspersky.com

 

[Parkinsond]

7-Zip version 26.00 (stable release)

7-Zip / Discussion / Open Discussion: 7-Zip 26.00

sourceforge.net

Still working on Windows 2000
And is detected as malicious by MD

 

[7Oz-64]

@Parkinsond
No MD flag here (all ASLR rules enabled), maybe a virus definitions database update. latest 1.445.13.0

 

[Parkinsond]

@Parkinsond
No MD flag here (all ASLR rules enabled), maybe a virus definitions database update. latest 1.445.13.0

Security News Post in thread 'Malicious 7-Zip site distributes installer laced with proxy tool'

Today at 8:10 AM

This is an interesting twist. I just tried to download the newly published 26.00 7-zip manager (from 7-Zip), which failed because of "Trojan:Win32/Wacatac.H!ml" detection, also reported on the Eleven forum.

Spoiler: Redacted report from ConfigureDefender:

Event[0]:
Time Created : xxx
ProviderName : Microsoft-Windows-Windows Defender
Id : 1116
Message : Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:Win32/Wacatac.H!ml threat description - Microsoft Security Intelligence...

• Wrecker4923

• 
• 

 

[7Oz-64]

@Parkinsond
Ok so it's smartscreen alert

 

[Berny]

@Parkinsond

↓ Kaspersky Premium Scan ↓

 

[Parkinsond]

@Parkinsond
Ok so it's smartscreen alert

No, detected by MD and asked for quarantine or removal.

 

[Parkinsond]

@Parkinsond

↓ Kaspersky Premium Scan ↓

View attachment 295595

Already posted K result before

Security News Post in thread 'Malicious 7-Zip site distributes installer laced with proxy tool'

Today at 8:22 AM

I have tried too now; that is what I have got

View attachment 295587View attachment 295588View attachment 295589

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses

opentip.kaspersky.com

• Parkinsond

• 

 

[Berny]

@Parkinsond

Warning from MD : " Microsoft Defender SmartScreen has prevented an unknown app from starting. Running this app may pose a risk to your PC ."

 

[Parkinsond]

@Parkinsond

Warning from MD : " Microsoft Defender SmartScreen has prevented an unknown app from starting. Running this app may pose a risk to your PC ."

No mention of SmartScreen on my side.
It was blocked before landing on my drive (using Chrome, not Edge) even before trying to execute and SmartScreen could kick in.

In addition, I have Edge uninstalled.

 

[7Oz-64]

@Parkinsond
SM-S AND MD are in the same boat, anyway it's a false positive

 

[Parkinsond]

@7Oz-64

or the website is compromised and the installer is tampered.
It is not the first time for MD to flag 7-Zip freshly released installer.

To keep on the safe side, I delete the installer and redownload it again a week later.
During such a period, if the website was compromised, it would be discovered and fixed.
If the problem the young age of the installer, it would not be considered young then anymore.