NEW INFECTED SKINS ARE STILL BEING UPLOADED, BE CAREFUL!
AND IT'S NOT JUST THE RAINMETER GALLERY THAT IS GETTING INFECTED
You can test each download for a virus by:
- Right-click 'Download File', choose 'Copy Link Location'
- Go to VirusTotal at [link]
- Paste the link location in the 'Search Bar' and press 'Submit Url'
- Click on 'View downloaded file analysis'
- The results are 0 out of 40 and if there are viruses, they are listed in red in the Results column
- This service is free
We will be still monitoring to make sure all the infected skins are found and pulled and will keep watch for new ones. We've found out that it isn't just the Rainmeter gallery that was attacked. Comment here or at the blog if you have any questions.
READ OUR POST AT THE RAINMETER GROUP [link]
WARNING - DON'T DOWNLOAD THESE INFECTED SKINS!
We at the Rainmeter Group [link]
and the Rainmeter Forums [link]
have discovered around 25 deviations so far that have been uploaded this week into the Rainmeter Gallery.
The above screenshot shows the skins (red squares) that are infected with malware - trojans, worms etc as well as stealth keyloggers. A number of us have reported them to dA, and hopefully they will be pulled soon. A member of our group, Varelse, has done extensive work finding them, testing them, doing virus scans, reporting them, creating a blog and keeping it updated, answering questions, etc etc.
I've posted this screenshot to warn people of what's going on in the Rainmeter Gallery - some lowlife is having his jolly's at your expense! As of last night there was almost 3,500 downloads. Today alone, there have been eight more infected skins uploaded, I haven't checked the downloads on them yet.
We first thought we were just finding copies of skins that were created by other people. The screenshots were exactly the same as the originals, even the descriptions were the same as the originals. Then when we looked further, we discovered that they were full of malware!
What we have noticed about all these uploads:
- the person is 'new' to dA (I think it's the same person just creating new personas)
- their profile page is bare, nothing personal
- their galleries only have 1 or a couple skins (all infected)
- their comments on the deviation pages have been disabled or the comments have been hidden
We will continue to monitor and report on this situation. We have a blog posting on our profile page [link]
where you can go to get the
latest updates. On the blog, we are posting links for the infected skin, the original authors skin, and the virus report we get from VirusTotal [link]
If you want to help us out, you can post the same info on any we might have missed. You can also report what you find to dA by including all three bits of information, but we were told that they prefer for the original author to report it, so you could let the original author know about it.
Hopefully, everybody has antivirus programs that they keep updated, right? I always thought (duh) that skins that I downloaded here at dA were safe, I figured that viruses were caught in the uploading process - NOT!
If you have any questions, just ask.