Thursday, January 31, 2013

Popular anti-malware tool Combofix infected with Sality virus

If you are skilled with malware removal on Windows machines, or have watched tutorials before, you might have used something called Combofix. Combofix is a excellent tool for removing more nasty forms of malware, and is best run (and required if I remember) to be ran in safe mode.

In fact, a good man named Matt owns a website called Remove-Malware.com. I recommend you guys check him out and follow this website, especially if you use Windows. While what I just said isn't relevant, his site gave me the heads up to tell you guys about this.

Bleeping Computer put out a post as soon as the news got out, and also pulled the download from their website on the spot. Here's a snippet of what they had to say. You can click the link to read more if you like.
“The minute we heard about this, we pulled the executable so that it is no longer available from BleepingComputer.com. Unfortunately we have no control over other sites that may have mirrored ComboFix without permission, so please do not attempt to download it elsewhere.”
So, after knowing this I hope everyone gives a thought about using Combofix any more, until the issue is solved. Now, how could this happen? Well...I can't confirm this for sure but one way this could have happened is a SQL injection on their file server.

Oh, and for the folks that don't know that much about Sality, it's a really nasty virus. I've seen it first hand, and it's a nasty patch of code.