Virus or Trojan on archive.palemoon.org ?

About this bulletin board and the Pale Moon website

Moderators: satrow, FranklinDM, Lootyhoof

User avatar
therube
Board Warrior
Board Warrior
Posts: 1052
Joined: 2018-06-08, 17:02

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by therube » 2019-07-11, 00:09

Thank you (sha256) :-).

User avatar
Moonraker
Board Warrior
Board Warrior
Posts: 1016
Joined: 2015-09-30, 23:02
Location: Lincolnshire.UK.

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by Moonraker » 2019-07-11, 08:12

https://www.ghacks.net/2019/07/11/pale- ... nt-4416928

Hornets have already started stinging in this thread sadly.
Xenial puppy linux 32-bit.
Pale moon 28.5.0.

User avatar
New Tobin Paradigm
Off-Topic Sheriff
Off-Topic Sheriff
Posts: 5685
Joined: 2012-10-09, 19:37
Location: Sector 001

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by New Tobin Paradigm » 2019-07-11, 10:25

Well there is nothing that can be done except make damn sure nothing like this happens again. I am not gonna read the comments though.

I am sure we will see it referenced for years to come on every piece of Pale Moon post on ghacks ever.
Image
- The universe is a spheroid region, 705 meters in diameter. -
http://binaryoutcast.com/ | http://thereisonlyxul.org/

User avatar
Night Wing
Knows the dark side
Knows the dark side
Posts: 3954
Joined: 2011-10-03, 10:19
Location: Texas, USA

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by Night Wing » 2019-07-11, 11:14

I have never used the archive server. I've always used the main distribution channels. I also don't use the internal updater to go from an older version of Pale Moon to the newest version of Pale Moon. I always uninstall (in Windows 7) the previous version and then install the newest version. Takes take me all of three minutes of time, but I prefer this method over the internal updater (in Windows 7).

In Windows 7, I'm always using the main distribution channel and in my case the Americas, I also put the previous and newest versions of Pale Moon on three thumb/flash drives in the event if I have to go back to a previous version, I've got it. I use my thumb/flash drives for this instead of the archive server. And I've been using this method since the year 2011.

I do a slightly different method for linux Pale Moon since in my linux Mint (Xfce), my linux Pale Moon is never installed. I run linux Pale Moon from the executable file and I create the linux Pale Moon launcher icon. So in linux Pale Moon the previous version of the linux Pale Moon tarball is saved to those three thumb/flash drives as well.

Would this "hack" of the archive server make me quit using Pale Moon? The simple answer is "No". Speaking just for myself; Pale Moon is easy to customize and I prefer Pale Moon over Chrome, Firefox, Brave, Vivaldi and Opera when it comes to choosing a default browser.

And I will close by saying I'm not a power user in either Linux or Windows 7.
Linux Mint 19.2 (Tina) Xfce 64 Bit (Default Distribution OS) with 64 Bit linux Pale Moon
Windows 7 Home Premium & Ultimate SP1, 64 Bit (Backup OS) with 32 Bit windows Pale Moon

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24242
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by Moonchild » 2019-07-11, 12:04

I'm wearing my scale mail suit today and have made sure to seal all obvious hornet-sized openings.

Of course the fanbois are trying to make more of a stink out of it than it should be. And of course they will continue to reference it because oh noes, we're not perfect. Heck, the reason this happened to begin with is not even because we did anything wrong, but because an assumed-safe environment provided by a third party turned out not to be.

I'll draw an analogy for all the people who missed the details of the situation:
Compare it to living in an apartment building. You assume your apartment is safe because the door locks, and you always make sure to lock it and keep the key safely in your pocket. The building has a more secure entrance with a door that can't possibly be breached/picked open.
Now imagine having a break-in from either one of your fellow tenants because the lock on your apartment door is busted or crappy, or the landlord who just lets himself in with the master key. Whose fault would that be? Yours or the landlord's (in both cases)?
To continue the analogy: I've moved out of the building as a result, and will move to a building where I have known and trusted the landlord for many years.
City of Heroes public server: https://www.moonshard.org/ -- Vote for it on cohservers.com

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

User avatar
therube
Board Warrior
Board Warrior
Posts: 1052
Joined: 2018-06-08, 17:02

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by therube » 2019-07-11, 12:05

Hornets have already started stinging in this thread sadly.
The article was very well written & balanced.

Likewise, I too will simply ignore the comments.

User avatar
Isengrim
Keeps coming back
Keeps coming back
Posts: 921
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by Isengrim » 2019-07-11, 13:29

Moonchild wrote:
2019-07-11, 12:04
Heck, the reason this happened to begin with is not even because we did anything wrong, but because an assumed-safe environment provided by a third party turned out not to be.
The only other thing I can think of is using a Windows server. ;) (Honestly though, plenty of people use Windows servers connected to the internet without a problem, so I doubt that the choice of OS was a factor here.)

Who was the previous VPS provider for the archive server?
Linux Mint 19.2 Cinnamon (64-bit), Windows 7 (64-bit), Windows 10 build 1803 (64-bit)
JavaScript is not Java
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24242
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by Moonchild » 2019-07-11, 13:47

Isengrim wrote:
2019-07-11, 13:29
Who was the previous VPS provider for the archive server?
I already stated that in my report: Frantech/BuyVM
City of Heroes public server: https://www.moonshard.org/ -- Vote for it on cohservers.com

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

User avatar
Tharthan
Fanatic
Fanatic
Posts: 232
Joined: 2019-05-20, 20:07
Location: New England

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by Tharthan » 2019-07-11, 18:05

@Moonchild:

So, in other words, sometimes your flat falls flat?

:D

coffeebreak
Board Warrior
Board Warrior
Posts: 1771
Joined: 2015-09-26, 04:51
Location: U.S.

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by coffeebreak » 2019-07-11, 21:15

Moonchild, thank you for providing the list of hashes, and thanks to therube for requesting them.

Would you consider adding a link to the list on pastebin to the Data breach post-mortem, under "How do I verify my downloaded files are clean?" - that's where people who don't already know the location of the list would most likely look for such information.

Update: It seems the link has been added. Thank you, Moonchild.

User avatar
Herb_
Moongazer
Moongazer
Posts: 11
Joined: 2019-02-13, 07:05

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by Herb_ » 2019-07-12, 06:47

Thinking about the infection date in 12.17 it came to my mind that I've downloaded 14 of the portable .exe's on the hash list end of March this year!
I've definitely worked with 7 of them within April several days.
I have win10 with active defender, there was never any occurrence nor with malwarebytes monthly scans since then.

All this leads me to think, the timestamp was manipulated as well and the infection was actually later than March this year.

Does all this make sense?
web 2.0, industry 3.0 - rubbish, Automobile 5.0 rocks - Mustang feif lidäähh, goil :mrgreen:

User avatar
FranklinDM
Add-ons Team
Add-ons Team
Posts: 182
Joined: 2017-01-14, 02:40
Location: Manila, Philippines
Contact:

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by FranklinDM » 2019-07-12, 09:47

Herb_ wrote:
2019-07-12, 06:47
All this leads me to think, the timestamp was manipulated as well and the infection was actually later than March this year.
I also have the same suspicion as yours. I downloaded a few older portables last year while preserving the modified time from the server:

Code: Select all

Palemoon-Portable-20.0.1.exe, modified: 08/01/2015 11:08:50 AM, downloaded: 11/19/2018, 8:49:37 PM
Palemoon-Portable-26.5.0.win32.exe, modified: 09/28/2016 ‏‎12:01:28 PM, downloaded: 09/05/2018 4:44:52 PM
Palemoon-Portable-27.5.0.win32.exe, modified: 09/30/2017 2:29:10 PM, downloaded: 08/26/2018 7:40:33 PM
The hashes provided match the ones I've got from these portables. My timestamps might be in (UTC+08:00).

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24242
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by Moonchild » 2019-07-12, 10:47

Thanks for that. I'll update the report accordingly.
City of Heroes public server: https://www.moonshard.org/ -- Vote for it on cohservers.com

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

User avatar
Isengrim
Keeps coming back
Keeps coming back
Posts: 921
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by Isengrim » 2019-07-12, 12:35

Wow, that's much better news than previously. Thanks for the update!

Edit: I commented about the update on the ghacks article about the hack. Hopefully it got submitted correctly and Martin updates the article. It probably won't shut up the comment hyenas, though.
Linux Mint 19.2 Cinnamon (64-bit), Windows 7 (64-bit), Windows 10 build 1803 (64-bit)
JavaScript is not Java
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

User avatar
F22 Simpilot
Lunatic
Lunatic
Posts: 279
Joined: 2019-01-06, 07:59
Location: From RLG fly heading 053 intercept 315 DVV look for the SAM

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by F22 Simpilot » 2019-07-12, 14:12

This is exactly why I check all hashes if provided for a download and then scan it at Virus Total.

Should have rolled AWS S3. But it's your ship.
If you're that smart and act like a dork, then you're not that smart after all. :geek:

User avatar
F22 Simpilot
Lunatic
Lunatic
Posts: 279
Joined: 2019-01-06, 07:59
Location: From RLG fly heading 053 intercept 315 DVV look for the SAM

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by F22 Simpilot » 2019-07-12, 14:13

What are the chances the main update server that the built-in update facility in the browser its self gets infected next?
If you're that smart and act like a dork, then you're not that smart after all. :geek:

User avatar
New Tobin Paradigm
Off-Topic Sheriff
Off-Topic Sheriff
Posts: 5685
Joined: 2012-10-09, 19:37
Location: Sector 001

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by New Tobin Paradigm » 2019-07-12, 14:25

Unless it is top down as in someone controlling the node or even higher as in the datacenter its self.. None. They are secure linux servers. This kind of thing that happened required a specific set of circumstances and events that shall not be allowed to happen again.

If there was a lesson to be leared, and I am not saying there is, rest assured it was learned very well.
Last edited by New Tobin Paradigm on 2019-07-12, 14:28, edited 2 times in total.
Image
- The universe is a spheroid region, 705 meters in diameter. -
http://binaryoutcast.com/ | http://thereisonlyxul.org/

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24242
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by Moonchild » 2019-07-12, 14:26

F22 Simpilot wrote:
2019-07-12, 14:12
Should have rolled AWS S3. But it's your ship.
I'm pretty sure I already explained why not. Do you have some vested interest in Amazon getting money from us on a volume-based service that can be abused in other ways?
F22 Simpilot wrote:
2019-07-12, 14:13
What are the chances the main update server that the built-in update facility in the browser its self gets infected next?
Pretty much zero.
Tell me though... are you now having trust issues with everything we do all of a sudden? Because it seems like you're blowing this way out of proportion.
City of Heroes public server: https://www.moonshard.org/ -- Vote for it on cohservers.com

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

User avatar
Tharthan
Fanatic
Fanatic
Posts: 232
Joined: 2019-05-20, 20:07
Location: New England

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by Tharthan » 2019-07-13, 00:20

F22 Simpilot wrote:
2019-07-12, 14:12
Should have rolled AWS S3. But it's your ship.
Moonchild wrote:
2019-07-12, 14:26
Do you have some vested interest in Amazon getting money from us on a volume-based service that can be abused in other ways?
Image ?
Not serious, of course.

User avatar
mintoyatsu
Moongazer
Moongazer
Posts: 12
Joined: 2019-03-02, 08:44

Re: Virus or Trojan on archive.palemoon.org ?

Unread post by mintoyatsu » 2019-07-13, 00:43

A big thank you to everyone that has worked to get this resolved... I was not personally affected since I did not download old versions off the archive server, but a swift response nonetheless.

Post Reply