Header RSS Feed
 
If you only want to see the articles of a certain category, please click on the desired category below:
ALL Android Backup BSD Database Hacks Hardware Internet Linux Mail MySQL Monitoring Network Personal PHP Proxy Shell Solaris Unix Virtualization VMware Windows Wyse

Google Gears a Virus (Trojan.Downloader-90750) ?
Wednesday - Mar 24th 2010 - by - (1 comments)

Today our Squid proxy server denied the download of GoogleGears.exe saying it found a virus (Trojan.Downloader-90750). At the begin I thought, this must be a false-alert by ClamAV but by doing a refresh of the download site, the download worked and after another refresh the same virus was found again.

Here what the squid logs are saying:

1) Download blocked - Virus found:

1269416489.415 372 internal IP TCP_MISS/200 12879 GET http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? squid.user DIRECT/74.125.79.136 application/x-ms-application

Wed Mar 24 08:28:43 2010 [29891] LOG Redirecting URL to: http://squid. ip/clwarn.cgi?url=http://dl.google.com/tag/s/appguid%3D %7B283EAF47-8817-4c2b-A801-AD1FADFB7BAA%7D%26iid%3D%7BF5B2DDAE- AC72-6B11-E4D9-E2ADF4A58E0B%7D%26lang%3Den%26browser%3D2%26usagestats %3D1%26appname%3DGears%26needsadmin%3DTrue/gears/ GearsSetup.exe&source=internal.IP/-&user=squid.user&virus=stream: +Trojan.Downloader-90750+FOUND

2) Download worked, not blocked, no virus:

1269420614.010 26 127.0.0.1 TCP_MISS/200 379 HEAD http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? - DIRECT/74.125.79.190 application/x-ms-application
1269420614.060 50 127.0.0.1 TCP_MISS/200 12879 GET http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? - DIRECT/74.125.79.190 application/x-ms-application
1269420614.164 182 internal.IP TCP_MISS/200 12879 GET http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? squid.user DIRECT/74.125.79.190 application/x-ms-application

Note the different remote servers of Google: 74.125.79.136 (Virus found), 74.125.79.190 (download without problem).

I tried to contact Google but as everybody knows, it is difficult to get in touch with the admins over there. We'll see if there was really a virus on one of the Google servers.

 

Add a comment

Show form to leave a comment

Comments (newest first):

google virus guy from India wrote on Apr 30th, 2012:
Seems like Google servers also infected with viruses, Not good.


Go to Homepage home
Linux Howtos how to's
Monitoring Plugins monitoring plugins
Links links

Valid HTML 4.01 Transitional
Valid CSS!
[Valid RSS]

6938 Days
until Death of Computers
Why?