Board index FlightGear The FlightGear project

FlightGear Download contains malware

Questions about the FlightGear organisation, website, wiki etc.

FlightGear Download contains malware

Postby Ford.p51 » Wed Sep 29, 2021 5:10 pm

Hello,

The current Flight Gear download is packed with a known Cryptocurrency miner. This is preventing us from updating our older versions of FlightGear, because our organization and many others have safeguards in place to prevent the installation of such malware. Is it possible to update the download without the crypto miner as part of the package?

Thanks for your time.
Ford.p51
 
Posts: 3
Joined: Wed Sep 29, 2021 5:00 pm

Re: FlightGear Download contains malware

Postby wkitty42 » Wed Sep 29, 2021 5:15 pm

i don't know where you are getting your FG from but there is no, absolutely none, crypto currency stuff in it at all...

please provide a link to where you are getting your FG from...
"You get more air close to the ground," said Angalo. "I read that in a book. You get lots of air low down, and not much when you go up."
"Why not?" said Gurder.
"Dunno. It's frightened of heights, I guess."
User avatar
wkitty42
 
Posts: 9146
Joined: Fri Feb 20, 2015 4:46 pm
Location: central NC, USA
Callsign: wk42
Version: git next
OS: Kubuntu 20.04

Re: FlightGear Download contains malware

Postby Ford.p51 » Thu Sep 30, 2021 12:36 am

Flightgear.org and sourceforge.net.

Malware confirmed by IT Security at a Federal government agency
Ford.p51
 
Posts: 3
Joined: Wed Sep 29, 2021 5:00 pm

Re: FlightGear Download contains malware

Postby Parnikkapore » Thu Sep 30, 2021 2:02 am

That's... worrying. VirusTotal link?

Edit: I just downloaded FlightGear-2020.3.11-web.exe and FlightGear-2020.3.11.exe and tested them with ClamAV, both come through with no detections.
There are free alternatives to (almost) every program you encounter. You just have to find them.
Parnikkapore
 
Posts: 929
Joined: Thu Oct 29, 2015 11:16 am
Callsign: HS-FGS
Version: next
OS: Kubuntu

Re: FlightGear Download contains malware

Postby vnts » Thu Sep 30, 2021 6:07 am

Ford.p51 wrote in Wed Sep 29, 2021 5:10 pm:The current Flight Gear download is packed with a known Cryptocurrency miner. This is preventing us from updating our older versions of FlightGear, because our organization and many others have safeguards in place to prevent the installation of such malware. Is it possible to update the download without the crypto miner as part of the package?

Ford.p51 wrote in Thu Sep 30, 2021 12:36 am:Flightgear.org and sourceforge.net.


It looks like a false positive.

Releases are also available at: https://download.flightgear.org/builds/2020.3/ .

Virus Total results are all clean:

FlightGear-2020.3.11-web.exe: sourceforge (link), download.flightgear.org (link)

FlightGear-2020.3.11.exe: download.flightgear.org (link)

2020.3.11 /bin/fgfs.exe : from my Windows install (link)

These download.flightgear.org file urls can be put into virus total (not sure the same trick works for sourceforge, as the url goes to a download page). Sourceforge would also put shared files through malware checkers, and maybe upload to virus total - e.g. the installers already had a virus total entry from a while ago.

I'm not sure how a Windows cryptocurrency miner can get into the official release of opensource software(?) - the installers are created in an automated Jenkins build server (link) and everything should be open/visible.

Do you have a way of confirming this e.g. know of the checker that gives a positive result? It's looks like false positive(?), your IT people should have a look at Virus Total. For a false positive, your IT department should let the developers of the malware checker know. Otherwise you should probably contact the core developers on the fg-devel mailing list.

(Since everything is open, it's also possible for your organisation to build/compile FlightGear yourself - see link.)

Kind regards
vnts
 
Posts: 409
Joined: Thu Apr 02, 2015 1:29 am

Re: FlightGear Download contains malware

Postby V12 » Thu Sep 30, 2021 7:13 pm

Kaspersky - clean
ESET - clean
Fly high, fly fast - fly Concorde !
V12
 
Posts: 2757
Joined: Thu Jan 12, 2017 5:27 pm
Location: LZIB
Callsign: BAWV12

Re: FlightGear Download contains malware

Postby Parnikkapore » Fri Oct 01, 2021 1:58 am

It looks like the URL option on VirusTotal only checks if the URL has been flagged in a "bad link list" and does not download and scan the file.
There are free alternatives to (almost) every program you encounter. You just have to find them.
Parnikkapore
 
Posts: 929
Joined: Thu Oct 29, 2015 11:16 am
Callsign: HS-FGS
Version: next
OS: Kubuntu

Re: FlightGear Download contains malware

Postby vnts » Fri Oct 01, 2021 6:13 am

I see. The web installer FlightGear-2020.3.11-web.exe contains all the Windows binary files (executable & dll), so it should show up there. It's clean. As was the fgfs.exe file. There's a size limit of 650 MB so the larger installer isn't uploadable.

FlightGear-2020.3.11-web.exe manual upload results are all clean: link

Ford.p51's IT department should let the developers of their malware checker know about the false positive (or maybe there's a malware infestation on their systems that inserts a cryptominer, easy enough to upload executable files to Virus Total to have it scanned by the major malware checkers).

Kind regards
vnts
 
Posts: 409
Joined: Thu Apr 02, 2015 1:29 am

Re: FlightGear Download contains malware

Postby Ford.p51 » Fri Oct 01, 2021 10:36 pm

Sorry for my slow response, got busy with other stuff.

I will ask that they provide evidence of the crypto miner - it may be monday before I get anything back from them though.
Ford.p51
 
Posts: 3
Joined: Wed Sep 29, 2021 5:00 pm


Return to The FlightGear project

Who is online

Users browsing this forum: No registered users and 3 guests