kicad-developers team mailing list archive

Thread
Date

Re: ransomware locky detected on version 4.0.4 and 4.0.3

To: Paolo Barbato <paolo.barbato@xxxxxxxxxx>, jean-pierre.charras@xxxxxxxxxxxxxxxxx, dick@xxxxxxxxxxx, KiCad Developers <kicad-developers@xxxxxxxxxxxxxxxxxxx>
From: Wayne Stambaugh <stambaughw@xxxxxxxxx>
Date: Thu, 1 Dec 2016 10:37:44 -0500
In-reply-to: <109B0809-390F-4174-AC6E-C1C48865C0C7@igi.cnr.it>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.0

Paolo,

This might be a false positive.  We've seen this in the past.  Would one
of our windows package devs please verify the windows installer binaries
on the kicad download page are still valid?

In the future, please post your questions to the developers mailing list.

Cheers,

Wayne

On 12/1/2016 7:56 AM, Paolo Barbato wrote:
> Dear devolopers,
> 
> I’m in charge fro internet security at Consorzio RFX laboratpry.
> 
> We’ve blocked, using ChcekPoint firewall, a download attempt of an
>  internal user of kicad from your official link
> http://kicad-pcb.org/download/windows/ .
> Compromised version are 4.0.4 and 4.0.3  both 64 and 32 bits that seems
> have exploited by locky ransomware.
> 
> 
> 
> Please check, and let me know.
> 
> 
> 
> 
> ------------------------------------------------------------------------------------------------
> Paolo Barbato
> 
> Consorzio RFX
> <https://www.igi.cnr.it>corso Stati Uniti,4                             
>     
> 35127 Padova - Italy                                      
> Network Administrator 
> phone: +39 049 8295097 fax: +39 049 8700718
> ------------------------------------------------------------------------------------------------
>

Follow ups

Re: ransomware locky detected on version 4.0.4 and 4.0.3
From: Nick Østergaard, 2016-12-01