Nirsoft caught trying to steal user data via Trojans.

Discussion in 'Blog Articles' started by Bala, Sep 17, 2013.

  1. Bala

    Bala Administrator Staff Member

    Today yet again another company has turned over to the dark site. In the recent days we have seen how a harmless and popular company became infested with viruses. Yes we are talking about the makers of Orbit downloader. 

    Well today it is the turn of another company. Baidu antivirus team antivirus monitoring network captured a Passwords-Stealer Trojan,.The Trojans use public tools which provided Nirsoft website ,collect all kinds of sensitive information and passwords.it upload the infomations to the designated place via FTP and Email these two ways.

    [attachment=53]

    Well I will have to remove this software from my utilities collection now. Thank god it has been days since I used this software. 

    Here is the news snippet:- http://forum.bav.baidu.com/bbs/topic/100555/1/
     
  2. Google Adsense

  3. akiratoriyama

    akiratoriyama Moderator

    What the ...
    This was one of the company which made awesome products like DNS sniffer and VideoCacheView
     
  4. KelvinW4

    KelvinW4 Board Enthusiast

    Once there is a bad reputation, it will stick for a long time....
     
  5. jerzy6012.50

    jerzy6012.50 Valued Member Known Member

    I also do not trust the Chinese programs, and they do not even download or install, because it constitutes acknowledgment and have a bad reputation.:(
     
  6. guardian

    guardian Administrator Staff Member

    yeah and runasdate :p
     
  7. Bala

    Bala Administrator Staff Member

    So true. This is gonna stick around. Even I dont trust Chineese programs.
     
  8. grr

    grr Board Enthusiast Silver Member Known Member

    is it really true and supported byu other AV vendors?:-/

    :angry:
     
  9. Bala

    Bala Administrator Staff Member

    I think Avira confirmed this but unsure. Will check and tell.
     
  10. Bala

    Bala Administrator Staff Member

    Yeah I used their Blue Screen Viewer extensively. Was a nifty little tool. We cant help it.
     
  11. MindlessGenius

    MindlessGenius Member Developers

    Are they referring to http://nirsoft.net/ ?
    They make a lot of password recovery
    http://nirsoft.net/password_recovery_tools.html

    They also make a few forensic sniffing types tools that may make some rather nervous.
    http://nirsoft.net/computer_forensic_software.html

    Based on their site product offering, it would appear they make a lot of tools designed to crack secure storage, and password vaults...
    When companies make snooping tech, they better make sure they play it clean or they can really loose big time...

    I just hope this is just a mistake, or someone embedded one of their password recovery tool within an exploit kit of some sort...
     
  12. jasonX

    jasonX Giveaways Moderator Staff Member

    Darn it...I too am a user of BlueScreenView(portable)! Even have the NirSoft Path me though I do not use most of it. I like "LastActivityView". Thanks for the tip:)
     
  13. Bala

    Bala Administrator Staff Member

    Mindless Genius, I think its the same Nirsoft. 

    Jason, even I am a victim. Thankgod have not used this for a looong time.
     
  14. Raul90

    Raul90 Valued TBT Member Known Member

    WTF!!!! Nirsoft?!!! That's because they do all for free! Now if that is true free (but I snoop on you)!
     
  15. Bala

    Bala Administrator Staff Member

    And this is exactly what we should not do. Install whatever we see.

    [attachment=54]
     
  16. MindlessGenius

    MindlessGenius Member Developers

    It looks to me that the word Free is beginning to be synonymous with subsidized by the NSA or the PRISM program or some other Cloak and Dagger type agencies...

    Just think of what the NSA did to the open sourced RSA Encryption group...
    http://www.wired.com/threatlevel/2013/09/rsa-advisory-nsa-algorithm/
    https://www.schneier.com/blog/archives/2013/09/conspiracy_theo_1.html
     
  17. Bala

    Bala Administrator Staff Member

    And thats what I like about the Canadian. I can never come up with such an apt description.
     
  18. jelson

    jelson Junior Member

    I took a look at the original post.

    It's rather unclear what they are taking about.


    Note they do NOT identify the source of the password stealer, they just mention that the malware makes use of "public tools ... provided [by] Nirsoft."

    They do NOT say Nirsoft apps now contain malware.
     
  19. Bala

    Bala Administrator Staff Member

    That was the initial statement made by them.
     
  20. exterminator20

    exterminator20 Initiat3 Known Member

    I cannot find anything on this other than the claims made by Baidu.I cannot find anything anywhere that says that Nirsoft is trying to steal passwords. This is Baidu's reputation that should be on the line here for posting information about a Trojan and naming a specific utility provider and not making the statement crystal clear.

    I agree with Jelson,this is not saying that Nirsoft tools or their website are infected or even that using their products will get you infected.This is merely saying that the password stealing Trojan makes use of public tools such as those that Nirsoft provides.This was not worded very good at all on Baidu forums.It should have been worded something like"The Trojan makes use of public tools like those provided by Nirsoft on their website."

    This is a very misleading statement by Baidu forums and will cause undo harm to Nirsoft's reputation.

    Unfortunately for Nirsoft {and probably many other similar providers} they offer freeware utilities that can be used by those with malicious intent.

    I personally use a few of their utilities without any sort of problems and they provide many very useful programs at no cost.

    I wouldnt get rid of all my Nirsoft utilities over this but if it makes you feel more comfortable then by all means you should
     
  21. Bala

    Bala Administrator Staff Member

    Now If I remeber right, Baidu had posted another statement in Chineese which said that Nirsoft was engaged in this process. But it seems it has been removed and with effect I have edited the post solely on the basis of English version of events. Now again it may be google translate which could have messed the wordings from Baidu. Well they need to be clear enough.
     
  22. jelson

    jelson Junior Member

    Very well said, exterminator20.

    I'll be keeping the Nirsoft utils I use as well.

    Getting rid of them wouldn't be much different than removing all the knives from my house just because criminals had started using them to rob people.
     
  23. exterminator20

    exterminator20 Initiat3 Known Member

    An excellent analogy!

    There just isn't any source information to verify if the Trojan actually even made use of a specific Nirsoft utility.Other than the generalized claims made by Baidu.
     
  24. grr

    grr Board Enthusiast Silver Member Known Member

    ok, now close the thread.

    :cowboypistol:
     

Share This Page