|
YT7MPB > ALL 20.02.23 15:31l 96 Lines 3080 Bytes #999 (0) @ WW
BID : 59188_YT7MPB
Read: GUEST
Subj: Re: Virus in programming software?
Path: IW8PGT<I3XTY<I0OJJ<N6RME<YT7MPB
Sent: 230220/1428Z 59188@YT7MPB.#NSD.SRB.EU LinBPQ6.0.23
On Thu, 16 Feb 23 20:53:00 Z
PE1RRR wrote:
> R:230216/2055Z @:GB7CIP.#32.GBR.EURO #:40716 [Caterham Surrey GBR]
> R:230216/2055Z 41579@GB7YEW.#79.GBR.EURO LinBPQ6.0.18
> R:230216/2055Z 38187@W0ARP.#NCO.CO.USA.NOAM LinBPQ6.0.23
> R:230216/2054Z 4637@N3HYM.MD.USA.NOAM BPQ6.0.23
> R:230216/2054Z 49562@IV3BVK.IFVG.ITA.EU LinBPQ6.0.23
> R:230216/2053Z @:PE1RRR.#NBW.NLD.EURO #:9500 [Rijen] $:9500-PE1RRR
>
> From: PE1RRR@PE1RRR.#NBW.NLD.EURO
> To : ALL@WW
>
>
> Wow Misko!
>
> I would never disable AV software if it was already replicating on
> the thumbdrive. That is massively suspicious. Keep the file for
> reporting purposes, you know the process. Maybe it is possible to
> send the software to an analyser that runs the virus in a sandbox to
> find out what it does.
>
> "file forensics sandbox" google keywords.
>
> https://www.joesandbox.com/#windows
>
> Maybe possible online?
>
> 73 GL
> Red
>
>
> On Thu, 16 Feb 2023 17:40:00 +0100
> YT7MPB (Misko) <YT7MPB@YT7MPB.#NSD.SRB.EU> wrote:
>
> > Path: !W9GM!N3HYM!YT7MPB!
> >
> >
> > Hi all,
> >
> > I have recently asked the Chinese company Chierda (the producer of
> > handheld radio stations) to send me their programming software so I
> > could adapt some of their products to our domestic radio
> > regulations. (As the software was not readily available trough
> > their website, I asked them for a link to it.)
> >
> > In response I was instructed to download the software
> > through this link: https://we.tl/t-oZVSyiE6RJ=20
> >
> > (As you might have noticed, I repeat my mail of Date: Sun, 12 Feb 23
> > 13:47:20 Z and noticed that the questioned file is not there
> > anymore.)
> >
> > After getting the .rar archive and opening it, I was warned by the
> > antivirus protection that the package was infected by a malicious
> > content. In the same time, I noticed that the thumb drive I was
> > using for download started to be filled with short .pif and .exe
> > files generated every 3-5 seconds. Obviously something was
> > replicating there.
> >
> > I managed to remove the nasty payload from both the thumb drive and
> > an another one that I used as a clean media for control. Then I
> > contacted Chierda again and complained about the incident. They
> > responded:
> >
> > Uh it's normal, pls turn off all antivirus software and try
> > agian :D
> >
> > It makes me wonder if you had similar experience with programming
> > software (or any other software) provided by electronics
> > manufacturers. And your opinion about turning off the antivirus
> > protection to solve issues with factory-made software.
> >
> > --
> > 73 de Misko YT7MPB@YU7BPQ.#NSD.SRB.EU
> >
> >
>
>
> --
> PE1RRR <PE1RRR@PE1RRR.#NBW.NLD.EURO>
>
>
>
Unfortunately (or fortunately) I removed that programming software so I
do not posses it anymore and cannot test it. However, I would suggest
the Chierda company to post the software on their website because if it
is a legitimate software (as they say), it shall be publicly available
for the users of their products.
--
73 de Misko YT7MPB@YU7BPQ.#NSD.SRB.EU
Read previous mail | Read next mail
| |