Update: Pidgin 2.10.7

Discussion in 'other security issues & news' started by ronjor, Feb 13, 2013.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    https://developer.pidgin.im/wiki/ChangeLog

    http://www.pidgin.im/
     
  2. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Good lookin out. None of those fixes apply to me personally, but I know someone it does to (public Wifi), and I'll get the word out to them.

    Edit: After further review there are in fact Windows specific patches too... so I will upgrade actually. I was thinking about doing a fresh reinstall anyway since I recently plucked (bad pun intended) out Pidgin-Encryption, and upgraded OTR. But was too lazy to do it the nice & thorough way. Now I will.
     
    Last edited: Feb 15, 2013
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Use caution:
    Ikarus - Trojan.Win32.Spy
    Malwarebytes -Trojan.Backdoor.MRX
    Might be FP of course, but usually they're generic detections.
     
  4. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    When I DL'd it only 1 engine from VT Hash Check had a detection out of like 45... and it was a lesser known one. None of the major vendors detected it. So I just figured FP... as almost everything I DL has at least 1 vendor flag it. And like as with this case it's usually something I've never even heard of.

    If I'd have seen MBAM flag it that would've caused some trepidation... but it didn't for me. Now I'm gonna shell scan it again with VT Hash Check to see if it's changed...

    Nope, MBAM doesn't... but now 3 things (out of 44) do: TrendMicro-HouseCall, CAT-QuickHeal, and Ikarus. Still none of the major players do. And the way I see it the chances of things like Bitdefender, Kaspersky, Avast, Avira, MBAM, Emsisoft, FSecure, ESET, etc... ALL airballing on it are very remote. Odds are heavily that it's a FP. This is an app that definitely exhibits behavior that could be mistaken for malware. But I trust it.

    Not to mention that if it were trying to do something shady my Paranoid D+ would be screaming bloody murder... but it isn't. It's not doing anything it shouldn't be doing. But I do have it in a restricted sandbox just the same, and very well locked down with D+ (everything blocked except SBIE rpc service & needed file/folders, everything enabled in "Protection Settings")... because I don't completely trust anything.

    But definitely good for you to point this out.
     
    Last edited: Feb 15, 2013
  5. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    It seems TrendMicro-HouseCall doesn't like the OTR plugin either. It's the only vendor out of 42 that does flag it though.

    I don't think this is an AV I'd be putting on my box personally... it seems very trigger happy.
     
    Last edited: Feb 15, 2013
  6. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Regarding the MBAM detection... there is a possible explanation for it in the "other malware" section titled MBAM FP's, or something like that. It seems it's FP'ing installer/uninstallers habitually. Or at least was. I have a feeling it was remedied since I just ran that scan with VT Hash Check and it's no longer detecting it.
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    At the time it was also detected by MBAM on Virustotal, but that can indeed be explained by the MBAM FP incident. I just scanned it with installed MBAM with the latest database and it was not detected. The CAT-Quickheal detection on VT is gone now as well, so it seems the file is safe.
     
  8. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I just tried it again and Ikarus & CAT are the only 2 that flag it. And now CAT lists it just as "Suspicious DNA Scan"... which is understandable. A secure IM client does contain some things that would seem suspicious to heuristics. Ikarus detects it as Trojan.Win32.spy though, which is a FP.

    I scanned the old Pidgin Installer too out of curiosity (2.10.6)... and CAT is the only thing that flags that one, again as "Suspicious DNA Scan". I have no problem with that and it's actually accurately pegged. Seems like CAT may possess a thorough heuristics engine? Never heard of it before but I notice it flags a lot of things. As long as you can ascertain yourself which are FP's and to leave alone that's a good thing, as it will find bad stuff that other scanners might miss in the process.

    I'm gonna look into this product... see if maybe there's a free/on demand version.
     
Loading...
Thread Status:
Not open for further replies.