Ethereal/Wireshark downloads have malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by Fluffy, Aug 11, 2006.

  1. Fluffy

    Fluffy Private E-2

    If a downloaded program directly from a company's own main site contains malware, then will downloads of the same program from sites like Geeks and Download.com, etc also contain the malware? (I'm unclear how the mirror sites work, I guess.)
     
    Fluffy, Aug 11, 2006
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Possibly.. depends on what the program is as some may contain forms of malware already, in the forums of advertising add-ons etc

    However the programs listed here are always tested before they are listed for anything that is potentially harmful, if it has something then its not listed on the main downloads site ( as we are all human their maybe the odd one that may pop through, rare but thats where our users let us know which app may have changed in an update and now has a form of malware included )

    Download.com.. I cannot comment on as they have only reciently followed Majorgeeks testing of all apps for malware or harmful components!

    What malware is found by your scans in Ethereal or Wireshark?

    ( the newer updated Ethereal project from the same creator )... as these are security packet data collecting apps they have been know to throw up false positives in some antivirus products.. noteably Symantec Norton, which classified Wireshark as having the Trojan.Zlob virus... the developers of this app have tested their own product and I'm more inclined to trust their word over Symantec's as I have used Ethereal for a number of years on and off and have not had any Malware warnings at all.
     
    Last edited: Aug 12, 2006
    DavidGP, Aug 12, 2006
    #2
  3. Fluffy

    Fluffy Private E-2

    Thanks for your reply, I 'm sure Ethereal and Wireshark did not originally contain any adware, so the question really is whether mirror sites are getting their downloads directly from the original source, or have an entire contained copy of the program of their own? I'm presuming the adware was added at some recent time somehow to the main sites, you see, since a number of people have told me they got none with their DLs from mirror sites, but others have said they did indeed get this adware from the main company site in recent days.

    So, will mirror sites have this recently added adware as well? (Assume that this is how it happened, I'm more interested in the general process than this specific example..)

    PS Hotbar and searchbus were the 'wares. Both of my security programs id'ed them as such, and someone on another forum listed the same from another spyware program they use, so it seems to be unanimous?
     
    Fluffy, Aug 13, 2006
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds