Today yet again another company has turned over to the dark site. In the recent days we have seen how a harmless and popular company became infested with viruses. Yes we are talking about the makers of Orbit downloader. Well today it is the turn of another company. Baidu antivirus team antivirus monitoring network captured a Passwords-Stealer Trojan,.The Trojans use public tools which provided Nirsoft website ,collect all kinds of sensitive information and passwords.it upload the infomations to the designated place via FTP and Email these two ways. [attachment=53] Well I will have to remove this software from my utilities collection now. Thank god it has been days since I used this software. Here is the news snippet:- http://forum.bav.baidu.com/bbs/topic/100555/1/
What the ... This was one of the company which made awesome products like DNS sniffer and VideoCacheView
I also do not trust the Chinese programs, and they do not even download or install, because it constitutes acknowledgment and have a bad reputation.:(
Are they referring to http://nirsoft.net/ ? They make a lot of password recovery http://nirsoft.net/password_recovery_tools.html They also make a few forensic sniffing types tools that may make some rather nervous. http://nirsoft.net/computer_forensic_software.html Based on their site product offering, it would appear they make a lot of tools designed to crack secure storage, and password vaults... When companies make snooping tech, they better make sure they play it clean or they can really loose big time... I just hope this is just a mistake, or someone embedded one of their password recovery tool within an exploit kit of some sort...
Darn it...I too am a user of BlueScreenView(portable)! Even have the NirSoft Path me though I do not use most of it. I like "LastActivityView". Thanks for the tip:)
Mindless Genius, I think its the same Nirsoft. Jason, even I am a victim. Thankgod have not used this for a looong time.
WTF!!!! Nirsoft?!!! That's because they do all for free! Now if that is true free (but I snoop on you)!
It looks to me that the word Free is beginning to be synonymous with subsidized by the NSA or the PRISM program or some other Cloak and Dagger type agencies... Just think of what the NSA did to the open sourced RSA Encryption group... http://www.wired.com/threatlevel/2013/09/rsa-advisory-nsa-algorithm/ https://www.schneier.com/blog/archives/2013/09/conspiracy_theo_1.html
I took a look at the original post. It's rather unclear what they are taking about. Note they do NOT identify the source of the password stealer, they just mention that the malware makes use of "public tools ... provided [by] Nirsoft." They do NOT say Nirsoft apps now contain malware.
I cannot find anything on this other than the claims made by Baidu.I cannot find anything anywhere that says that Nirsoft is trying to steal passwords. This is Baidu's reputation that should be on the line here for posting information about a Trojan and naming a specific utility provider and not making the statement crystal clear. I agree with Jelson,this is not saying that Nirsoft tools or their website are infected or even that using their products will get you infected.This is merely saying that the password stealing Trojan makes use of public tools such as those that Nirsoft provides.This was not worded very good at all on Baidu forums.It should have been worded something like"The Trojan makes use of public tools like those provided by Nirsoft on their website." This is a very misleading statement by Baidu forums and will cause undo harm to Nirsoft's reputation. Unfortunately for Nirsoft {and probably many other similar providers} they offer freeware utilities that can be used by those with malicious intent. I personally use a few of their utilities without any sort of problems and they provide many very useful programs at no cost. I wouldnt get rid of all my Nirsoft utilities over this but if it makes you feel more comfortable then by all means you should
Now If I remeber right, Baidu had posted another statement in Chineese which said that Nirsoft was engaged in this process. But it seems it has been removed and with effect I have edited the post solely on the basis of English version of events. Now again it may be google translate which could have messed the wordings from Baidu. Well they need to be clear enough.
Very well said, exterminator20. I'll be keeping the Nirsoft utils I use as well. Getting rid of them wouldn't be much different than removing all the knives from my house just because criminals had started using them to rob people.
An excellent analogy! There just isn't any source information to verify if the Trojan actually even made use of a specific Nirsoft utility.Other than the generalized claims made by Baidu.
