WARNING: InfraRecorder Download Malware

Chat about just about anything else

WARNING: InfraRecorder Download Malware

Postby reed-white on Mon Apr 14, 2014 4:02 pm

I followed the manual's instructions and attempted to download InfraRecorder (to burn DVDs). I was auto re-directed to a different web site (than sourceforge) with a number of links that implied download InfraRecorder.

Unfortunately, after attempting the download, I ended up with a bunch of malware (and even a virus detected) on my Windows 7 computer. It took me four hours to remove the crap, and I'm not 100% certain that I found it all.

So, this is a WARNING -- be very careful what you click! (I wish the MINT manual had warned me in advance.) After the four hours to recover, I decided to just order the disk. Call me a woos...
Last edited by Pilosopong Tasyo on Mon Apr 14, 2014 11:11 pm, edited 2 times in total.
Reason: Thread has nothing to do with Installation & Boot. Moved to Open Chat.
reed-white
Level 1
Level 1
 
Posts: 2
Joined: Mon Apr 14, 2014 3:39 pm

Linux Mint is funded by ads and donations.
 

Re: WARNING: InfraRecorder Download Malware

Postby Pilosopong Tasyo on Mon Apr 14, 2014 11:10 pm

I looked at the official User's Guide (English language) from this download page: http://www.linuxmint.com/documentation.php . InfraRecorder was mentioned on page 11:

If you’re running Windows you can use a program like InfraRecorder:
http://infrarecorder.sourceforge.net/?page_id=5

"Can" is the operative word here. It is not a requirement. There are many other burning applications available to choose from. Anyway, when I clicked that link, I was redirected to the official InfraRecorder site: http://infrarecorder.org/ . The download link on the right side of the main page led me to http://infrarecorder.org/?page_id=5

Download version 0.53 for Windows 2000/XP/Vista/7 (3.96 MiB).

The download link from the above: http://sourceforge.net/projects/infrare ... e/download

Clicking that link did led me to the sourceforge page eventually. Didn't bother installing it, though, as I don't have a Windows machine for testing.

As the usual case of freeware, when you run the installer, it will also install bundled "crapware" unless if you unchecked that option.

Ignoring the "recommended" burning software mentioned in the manual, *your* Windows 7 installation already has a built-in burning application installed in the first place. I fail see the logic why a user would want to install a third-party burning program when a built-in one already suffices for most cases. Instructions on how to burn an ISO using Windows 7: http://windows.microsoft.com/en-us/wind ... n-iso-file
Image
o Give a man a fish and he will eat for a day. Teach him how to fish and he will eat for a lifetime!
o If an issue has been fixed, please edit your first post and add the word [SOLVED].
User avatar
Pilosopong Tasyo
Level 6
Level 6
 
Posts: 1121
Joined: Mon Jun 22, 2009 3:26 am
Location: Philippines

Re: WARNING: InfraRecorder Download Malware

Postby Midnighter on Tue May 06, 2014 9:34 pm

If you accept - and I do - that freedom of speech is important, then you are going to have to defend the indefensible. That means you are going to be defending the right of people to read, or to write, or to say, what you don't say or like or want said.
User avatar
Midnighter
Level 6
Level 6
 
Posts: 1305
Joined: Tue May 22, 2007 1:52 pm
Location: Western Australia

Re: WARNING: InfraRecorder Download Malware

Postby click on Wed Jul 02, 2014 6:55 am

I unstalled Linux Mint using a disk image created by the recommended "infrarecorder". It proved impossible to remove all the crapware I inadvertently installed (despite considerable care), especially malware called "readpassword" Its uninstall jams and won't - Revo doesn't remove it either, so I had to restore the whole PC to a recent, pre-Linux point. Very tiresome. Readpassword includes many nasties, so watch out!!!!

I don't trust the LINUX Mint 48 page introduction any more...
click
Level 1
Level 1
 
Posts: 1
Joined: Wed Jul 02, 2014 6:44 am

InfraRecorder Does Not Download Malware

Postby karlchen on Wed Jul 02, 2014 8:00 am

Hello, folks.

Honestly, the InfraRecorder software itself is clean. The statement expressed in the thread title is incorrect: InfraRecorder does not download malware.
The programme does what you expect, no more, no less. No malware bundled together with InfraRecorder. Virustotal check of InfraRecorder ir053.exe.

The problem is that you have to be careful where you click on download pages. This is not only true for the InfraRecorder page, but for others as well. It has become a really bad habit to place misleading commercial links in such a way on download pages that you are fooled into clicking on the wrong link. And it may be really hard to find the genuine InfraRecorder download link.
Just a rule of thumb:
The larger the download button the more likely it is not the one that you want. Pay attention to the URL which Firefox will display when you hover over a download button.

In the case of InfraRecorder, I recommend - like in all comparable cases - preferring the portable versions [32-bit [64-bit] over the installer versions. The poratble versions clearly reveal what is in them whereas an installer always might come with some unasked-for "addon". (Note: Virustotal did not detect any such thing, see above.)

So from all that I could check, recommending InfraRecorder in the Mint User Guide is perfectly all right. The software InfraRecorder seems to be perfectly all right. - The commercial links on the InfraRecorder webpage may be all right or may be not. Keep in mind that ad servers which the commercial links point to might have been infected with malicious code in order to misuse them for malware deployment.

Kind regards,
Karl
--
Virustotal on InfraRecorder 0.53 32-bit portable
Virustotal on InfraRecorder 0.53 64-bit portable
User avatar
karlchen
Level 10
Level 10
 
Posts: 3397
Joined: Sat Dec 31, 2011 7:21 am

Re: WARNING: InfraRecorder Download Malware

Postby Pilosopong Tasyo on Wed Jul 02, 2014 8:14 am

karlchen wrote:So from all that I could check, recommending InfraRecorder in the Mint User Guide is perfectly all right.

This raises the question: is it really necessary to use a third party application when a built-in one can do the job?

Pilosopong Tasyo wrote:Ignoring the "recommended" burning software mentioned in the manual, *your* Windows 7 installation already has a built-in burning application installed in the first place. I fail see the logic why a user would want to install a third-party burning program when a built-in one already suffices for most cases. Instructions on how to burn an ISO using Windows 7: http://windows.microsoft.com/en-us/wind ... n-iso-file

Or is it a case of (a) the end-user being clueless that they already have such an application already installed, and (b) whoever wrote the user's guide may have been oblivious to the fact that a third-party app is not really necessary.
Image
o Give a man a fish and he will eat for a day. Teach him how to fish and he will eat for a lifetime!
o If an issue has been fixed, please edit your first post and add the word [SOLVED].
User avatar
Pilosopong Tasyo
Level 6
Level 6
 
Posts: 1121
Joined: Mon Jun 22, 2009 3:26 am
Location: Philippines

InfraRecorder Does Not Download Malware

Postby karlchen on Wed Jul 02, 2014 8:44 am

Hello, Pilosopong Tasyo.

Well. I assume letting Windows users know that they might use InfraRecorder was meant as a helpful piece of advice on how they could create a bootable DVD from the Linux Mint ISO image file which they have downloaded.
OK, so Windows 7 can burn ISO images as bootable DVDs. Fine.
Windows XP definitely could not do so out of the box. And we all know quite a few people arrived here in the Mint forums who converted from Windows XP to Mint.
If the User Guide did not explain at least one way of burning the ISO mage as a bootable DVD then we would very likely be blamed for not being helpful enough.

The point why I felt like making clear statements is this:
The software mentioned by the Linux Mint User Guide does not transport malware. Windows users who decide to really use InfraRecorder do not run any higher risk of being infected by any malware than if they decided to use a different burning software which can create bootable DVDs.

Kind regards,
Karl
User avatar
karlchen
Level 10
Level 10
 
Posts: 3397
Joined: Sat Dec 31, 2011 7:21 am

InfraRecorder Does Not Download Malware

Postby karlchen on Wed Jul 02, 2014 10:04 am

Hello, click.
[...] "infrarecorder". It proved impossible to remove all the crapware I inadvertently installed (despite considerable care)
Sorry to read your machine has been infected by malware. Yet, I doubt that InfraRecorder is to be blamed.

I just tested it (once again). Went to the Infrarecorder webpage, http://infrarecorder.org/. Clicked on the Download link in the right hand part of the page. This took me here: Downloads.
Decided to download the 64-bit installer version Installer (x64 version, 3.96 MiB)
After about 5 seconds waiting time I was offered to download ir053_x64.msi. Clicked OK.
Scanned the downloaded file with Symantec antivirus. Symantec did not find any reason to warn or complain.
Checked the content of the installation package with the help of 7-zip. Looks pretty much identical to the content of the 64-bit portable ZIP archive.
Installed ir053_x64.msi.
The setup programme did not offer to install any other software.
No hint that it did do so secretly.

Whatever caused your infection, I do not see any substantial piece of evidence that it was caused by InfraRecorder. There is no hint that either the InfraRecorder webpage or the InfraRecorder installer bring along any kind of malicious payload. And the Mint User Guide did not point you to a website that is more dangerous than any other webpage.

Without speculating, rather because it does happen, and one such incident was reported only a few days ago in this forum:
Perhaps you might like to check your router configuration. In case you find it uses some Chinese DNS servers or any other weird looking DNS servers which do not match your internet provider, then any browser request may have been redirected through some malicious servers without your notice. - Note: I do not pretend this is what has happened. It might. Maybe the root cause for the infection is quite different.

Kind regards,
Karl
User avatar
karlchen
Level 10
Level 10
 
Posts: 3397
Joined: Sat Dec 31, 2011 7:21 am

Re: WARNING: InfraRecorder Download Malware

Postby /dev/urandom on Mon Jul 07, 2014 4:43 am

As InfraRecorder is only a GUI for cdrtools, you might as well use them directly.

Or you'd just use CDBurner XP if you're still not sure.
Linux is not the only answer! :: eD2k/Kad mirrors for Linux Mint and LMDE.
Users who misspell "Windows" as "Windoze" intentionally will be considered stupid.

Image
User avatar
/dev/urandom
Level 4
Level 4
 
Posts: 469
Joined: Sun Jul 17, 2011 8:02 pm

Re: WARNING: InfraRecorder Download Malware

Postby mike acker on Mon Jul 07, 2014 8:17 am

I use Norton/360 on all my customer Windows machines.

one of the key features of Norton/360 is it will "vet" (check the credentials and authenticity) of a download.

as Karl mentioned: if you just Google for downloads for software -- you will hit some fake sources that have been made to look exactly like the authentic source. it is necessary to use a digital signature of some kind to verify files in this kind of environment. I like Norton/360 for this on Windows systems.

the essentials of security:
1. protect your operating software against un-authorized modifications ( use Linux )
2. authenticate transactions using PGP or at least some type of signature hash such as CRC or MD5

while it is possible to create "collisions" on digital hash signatures,--- the effort is non-trivial.
Home assembled box using ASUS M5A88-M motherboard and x64 AMD Phenom II X4 3.4GHz cpu; 4x4MB DDR3 RAM
User avatar
mike acker
Level 4
Level 4
 
Posts: 350
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Linux Mint is funded by ads and donations.
 

Return to Open chat

Who is online

Users browsing this forum: No registered users and 3 guests