This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

setup.exe hijacked?


I've just tried downloading setup.exe from www.cygwin.com, only to find that it crashes when run on my WinXP x64 desktop. 

Verifying against the setup.exe.sig signature I see the following:

> gpg --verify setup.exe.sig setup.exe
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Signature made Tue Jun 16 03:50:01 2009 GMTDT using DSA key ID 676041BA
gpg: BAD signature from "Cygwin <cygwin@cygwin.com>

Running a diff on the "strings" output of the new file vs. a "known good" version of setup.exe, I see (amongst garbage) the following:

> http://lcontent.ebuddy.com/web_banners/invocation.html?z=575
> HTTP/1.1 200 OK
> Vary: Accept-Encoding
> Content-Type: text/html
> ETag: "-8517198137727078324"
> Accept-Ranges: bytes
> Last-Modified: Fri, 17 Apr 2009 07:25:16 GMT
> Content-Length: 1765
> Date: Thu, 30 Jul 2009 13:44:32 GMT
> Server: lighttpd/1.4.13
> Connection: close
> <html><head><style>
> BODY{margin: 0 0 0 0;border:0;overflow:hidden;background:#e1eaf3;}
> </style>
> <script>
> function get_url_param(name) { 
>     name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]"); 
>     var regexS = "[\\?&]"+name+"=([^&#]*)"; 
>     var regex = new RegExp( regexS ); 
>     var results = regex.exec( window.location.href ); 
>     if( results == null )    return ""; 
>     else return results[1];
> function init(){
>     window.scroll(0, 1000000);
> document.domain = "ebuddy.com";
> </script></head><body onload="init()"><center><script type='text/javascript'>
> <!--
>    var tarid = get_url_param('t');
>    var exclude = get_url_param('e');
>    var zoneid = get_url_param('z');
>    var r = get_url_param('r');
>    var m3_u = (location.protocol=='https:'?'https://wad.adbasket.net/ajs.php':'http://wad.adbasket.net/ajs.php');
>    var m3_r = Math.floor(Math.random()*99999999999);
>    if (!document.MAX_used) document.MAX_used = ',';
>    document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
>    document.write ("?zoneid=" + zoneid);
>    document.write ("&TARID=" + tarid);   
>    document.write ("&exclude=" + exclude);
>    document.write ('&cb=' + m3_r);
>    document.write('&r=' + r);
>    if (document.MAX_used != ',') document.write ("&exclude=" + document.MAX_used);
>    document.write (document.charset ? '&charset='+document.charset : (document.characterSet ? '&charset='+document.characterSet : ''));
>    document.write ("&loc=" + escape(window.location));
>    if (document.referrer) document.write ("&referer=" + escape(document.referrer));
>    if (document.context) document.write ("&context=" + escape(document.context));
>    if (document.mmm_fo) document.write ("&mmm_fo=1");
>    document.write ("'><\/scr"+"ipt>");
> //--></script></center></body></html>

Any thoughts?

Cheers,

Mike


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]