No, but the correct download has a valid digital signature.Are there hash strings for the authentic files posted somewhere?
I ran the bad one as well initially. While it seemed to finish the install, Windows Defender did pop up that it blocked something (and I got the notification there was a new version again a bit after that so I think it actually stopped it). Defender would block any download of the bad file after that. Flushing my DNS didn't seem to get rid of the bad IP but after rebooting my cable modem, router and computer everything seems to be OK now. Routes to the correct IP and download file is the normal download with the exe named with the version number.
Did it ask for elevation (admin rights)? If yes, did you grant them? (There should have been some warning about an unknown publisher, etc.)Nothing seemed ot block when I ran it. However there was no normal install completion either. it just terminated.
the question is WHAT did it do while it was running before it terminated.
This PC is my main PC - trust me that a security breach on this one would be a very bad thing.
I still can't get anything to pick up a hit on the known bad download file.
-W
Better change your banking passwords, son.Yes it did - and yes I did.
-W
It can be stopped and it will. No, I do not think they hacked RedFox, they hacked the host.Did they hack Redfox to cause the re-direct ??
Or did they hack some DNS server site(s) ??
If the latter - how can Redfox actually stop it?
-W
How can they stop it? Well Ivan already contacted the host where the bad file got hosted. The server does no longer respond to a ping command so it looks like they took it down.
I guess that's an impossibility. You can't take action until something happens. But we all hope this never happens again.
Verstuurd vanaf mijn Nexus 7 met Tapatalk