Header
 
If you only want to see the news of certain categories, please click on the desired categories below:
ALL Android Hardware Internet Linux Nagios/Monitoring Personal PHP Proxy Shell VMware Windows Wyse

Google Gears a Virus (Trojan.Downloader-90750) ?
Today our Squid proxy server denied the download of GoogleGears.exe saying it found a virus (Trojan.Downloader-90750). At the begin I thought, this must be a false-alert by ClamAV but by doing a refresh of the download site, the download worked and after another refresh the same virus was found again. Here what the squid logs are saying: 1) Download blocked - Virus found: 1269416489.415 372 internal IP TCP_MISS/200 12879 GET http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? squid.user DIRECT/74.125.79.136 application/x-ms-application Wed Mar 24 08:28:43 2010 [29891] LOG Redirecting URL to: http://squid. ip/clwarn.cgi?url=http://dl.google.com/tag/s/appguid%3D %7B283EAF47-8817-4c2b-A801-AD1FADFB7BAA%7D%26iid%3D%7BF5B2DDAE- AC72-6B11-E4D9-E2ADF4A58E0B%7D%26lang%3Den%26browser%3D2%26usagestats %3D1%26appname%3DGears%26needsadmin%3DTrue/gears/ GearsSetup.exe&source=internal.IP/-&user=squid.user&virus=stream: +Trojan.Downloader-90750+FOUND 2) Download worked, not blocked, no virus: 1269420614.010 26 127.0.0.1 TCP_MISS/200 379 HEAD http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? - DIRECT/74.125.79.190 application/x-ms-application 1269420614.060 50 127.0.0.1 TCP_MISS/200 12879 GET http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? - DIRECT/74.125.79.190 application/x-ms-application 1269420614.164 182 internal.IP TCP_MISS/200 12879 GET http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? squid.user DIRECT/74.125.79.190 application/x-ms-application Note the different remote servers of Google: 74.125.79.136 (Virus found), 74.125.79.190 (download without problem). I tried to contact Google but as everybody knows, it is difficult to get in touch with the admins over there. We'll see if there was really a virus on one of the Google servers.  
Wednesday - Mar 24th 2010 - 11.43 am (+0100) - Switzerland - (0 comments)

 

Add a comment

Show form to leave a comment

Comments (newest first):

No comments yet.
Go to Homepage home RSS Feed
About ck about
Linux Howtos how to's
Nagios Plugins nagios plugins
Links links

Valid HTML 4.01 Transitional
Valid CSS!
[Valid RSS]

9480 Days
until Death of Computers
Why?

© 2008-2012 Claudio Kuenzler. site accessible through claudiokuenzler.com and napsty.de. Hosted by Nova Hosting.