You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openoffice.apache.org by TJ Frazier <tj...@cfl.rr.com> on 2011/11/28 13:23:33 UTC
Piracy - Fwd: [documentation-dev] look this please
Anybody know who pursues pirates like this? --/tj/
-------- Original Message --------
Subject: [documentation-dev] look this please
Date: Mon, 28 Nov 2011 12:31:43 +0100
From: Rafael Forrer <ra...@gmail.com>
Reply-To: dev@documentation.openoffice.org
To: dev@documentation.openoffice.org
Hello
This is a Link from a Faked OpenOffice Download Site, help us to
terminate this Site please....
http://galleries.secure-softwaremanager.com/82449ac2b9/854191c9b511
Thanks
Rafael Forrer
Re: Piracy - Fwd: [documentation-dev] look this please
Posted by Rob Weir <ro...@apache.org>.
On Mon, Nov 28, 2011 at 12:19 PM, Dennis E. Hamilton
<de...@acm.org> wrote:
> I agree that "pirate" is the wrong term.
>
> The button on the page linked in the complaint downloads a file of only 248kB
> named OpenOfficeSetup.exe. It is not exactly an OO.o download.
>
> It has a digital signature in the name of appbundler.com and it checks as a
> Verisign Class 3 Code Signing 2010 CA cert. A quick check with Microsoft
> Security Essentials does not detect the file as malware. It has the usual
> installer icon.
>
> Using Windows XP SP3 in a VM, I ran the program in the Windows XP Run As ...
> restricted-privilege mode. I was rewarded with the attached message.
>
> Since the digital signature checks OK on the file, the message itself is
> suspect.
>
> A quick web search on "appbundler.com" reveals an extensive reputation for
> distributing adware.
>
> Using Jotti's malware scan, <http://virusscan.jotti.org/en>, there were 12 out
> of 20 detections of malware. The indications were for
>
> Adware.Screensave.e
> ADWARE/Adware.Gen
> Gen:Variant.Adware.Hotbar.2
>
Cool. Thanks for giving that a try. This does not look like the
proper use of the trademarks, any more than adding sand to a Hershey
bar and then giving it away to unsuspecting children while calling it
a Hershey bar would be acceptable.
I recall seeing the same download site linked to
> and Adware screensavers with various detection names. Not sure how reliable
> any of that is.
>
> - Dennis
>
>
>
> - Dennis
>
> -----Original Message-----
> From: Rob Weir [mailto:robweir@apache.org]
> Sent: Monday, November 28, 2011 04:32
> To: ooo-dev@incubator.apache.org
> Subject: Re: Piracy - Fwd: [documentation-dev] look this please
>
> On Mon, Nov 28, 2011 at 7:23 AM, TJ Frazier <tj...@cfl.rr.com> wrote:
>> Anybody know who pursues pirates like this? --/tj/
>>
>
> In what sense is this "faked"? OOo is open source, so redistributing
> copies of it is permitted.
>
> What would be bad is if someone created a modified version of OOo and
> then confused users by calling it "OpenOffice.org". There was an
> organization that was rebuilding OOo installs and bundling in all
> sorts of bloatware. The LGPL license allows this, but the use of the
> OOo trademark would be a problem, Do we know if this site is doing
> that? Anyone have a Windows machine they can "sacrifice" to see what
> this software really is?
>
> -Rob
>
>> -------- Original Message --------
>> Subject: [documentation-dev] look this please
>> Date: Mon, 28 Nov 2011 12:31:43 +0100
>> From: Rafael Forrer <ra...@gmail.com>
>> Reply-To: dev@documentation.openoffice.org
>> To: dev@documentation.openoffice.org
>>
>>
>>
>> Hello
>>
>>
>> This is a Link from a Faked OpenOffice Download Site, help us to
>> terminate this Site please....
>>
>> http://galleries.secure-softwaremanager.com/82449ac2b9/854191c9b511
>>
>> Thanks
>>
>> Rafael Forrer
>>
>>
>
RE: Piracy - Fwd: [documentation-dev] look this please
Posted by "Dennis E. Hamilton" <de...@acm.org>.
I agree that "pirate" is the wrong term.
The button on the page linked in the complaint downloads a file of only 248kB
named OpenOfficeSetup.exe. It is not exactly an OO.o download.
It has a digital signature in the name of appbundler.com and it checks as a
Verisign Class 3 Code Signing 2010 CA cert. A quick check with Microsoft
Security Essentials does not detect the file as malware. It has the usual
installer icon.
Using Windows XP SP3 in a VM, I ran the program in the Windows XP Run As ...
restricted-privilege mode. I was rewarded with the attached message.
Since the digital signature checks OK on the file, the message itself is
suspect.
A quick web search on "appbundler.com" reveals an extensive reputation for
distributing adware.
Using Jotti's malware scan, <http://virusscan.jotti.org/en>, there were 12 out
of 20 detections of malware. The indications were for
Adware.Screensave.e
ADWARE/Adware.Gen
Gen:Variant.Adware.Hotbar.2
and Adware screensavers with various detection names. Not sure how reliable
any of that is.
- Dennis
- Dennis
-----Original Message-----
From: Rob Weir [mailto:robweir@apache.org]
Sent: Monday, November 28, 2011 04:32
To: ooo-dev@incubator.apache.org
Subject: Re: Piracy - Fwd: [documentation-dev] look this please
On Mon, Nov 28, 2011 at 7:23 AM, TJ Frazier <tj...@cfl.rr.com> wrote:
> Anybody know who pursues pirates like this? --/tj/
>
In what sense is this "faked"? OOo is open source, so redistributing
copies of it is permitted.
What would be bad is if someone created a modified version of OOo and
then confused users by calling it "OpenOffice.org". There was an
organization that was rebuilding OOo installs and bundling in all
sorts of bloatware. The LGPL license allows this, but the use of the
OOo trademark would be a problem, Do we know if this site is doing
that? Anyone have a Windows machine they can "sacrifice" to see what
this software really is?
-Rob
> -------- Original Message --------
> Subject: [documentation-dev] look this please
> Date: Mon, 28 Nov 2011 12:31:43 +0100
> From: Rafael Forrer <ra...@gmail.com>
> Reply-To: dev@documentation.openoffice.org
> To: dev@documentation.openoffice.org
>
>
>
> Hello
>
>
> This is a Link from a Faked OpenOffice Download Site, help us to
> terminate this Site please....
>
> http://galleries.secure-softwaremanager.com/82449ac2b9/854191c9b511
>
> Thanks
>
> Rafael Forrer
>
>
Re: Piracy - Fwd: [documentation-dev] look this please
Posted by Rob Weir <ro...@apache.org>.
On Mon, Nov 28, 2011 at 7:23 AM, TJ Frazier <tj...@cfl.rr.com> wrote:
> Anybody know who pursues pirates like this? --/tj/
>
In what sense is this "faked"? OOo is open source, so redistributing
copies of it is permitted.
What would be bad is if someone created a modified version of OOo and
then confused users by calling it "OpenOffice.org". There was an
organization that was rebuilding OOo installs and bundling in all
sorts of bloatware. The LGPL license allows this, but the use of the
OOo trademark would be a problem, Do we know if this site is doing
that? Anyone have a Windows machine they can "sacrifice" to see what
this software really is?
-Rob
> -------- Original Message --------
> Subject: [documentation-dev] look this please
> Date: Mon, 28 Nov 2011 12:31:43 +0100
> From: Rafael Forrer <ra...@gmail.com>
> Reply-To: dev@documentation.openoffice.org
> To: dev@documentation.openoffice.org
>
>
>
> Hello
>
>
> This is a Link from a Faked OpenOffice Download Site, help us to
> terminate this Site please....
>
> http://galleries.secure-softwaremanager.com/82449ac2b9/854191c9b511
>
> Thanks
>
> Rafael Forrer
>
>
Re: Piracy - Fwd: [documentation-dev] look this please
Posted by Rob Weir <ro...@apache.org>.
On Mon, Nov 28, 2011 at 7:23 AM, TJ Frazier <tj...@cfl.rr.com> wrote:
> Anybody know who pursues pirates like this? --/tj/
>
> -------- Original Message --------
> Subject: [documentation-dev] look this please
> Date: Mon, 28 Nov 2011 12:31:43 +0100
> From: Rafael Forrer <ra...@gmail.com>
> Reply-To: dev@documentation.openoffice.org
> To: dev@documentation.openoffice.org
>
>
>
> Hello
>
>
> This is a Link from a Faked OpenOffice Download Site, help us to
> terminate this Site please....
>
> http://galleries.secure-softwaremanager.com/82449ac2b9/854191c9b511
>
Found a variant of this URL:
http://galleries.secure-softwaremanager.com/82469bc3bc/854191c9b918/?affid=1343
This version was the main link promoted by a "Download OpenOffice"
Facebook page that was around for a while, but is now gone ;-)
I've seen similar links sent as spam via Twitter.
Note the "affid" parameter in the URL. This suggests that not only is
someone creating adulterated version of OpenOffice bloated with
adware, but they are promoting this via a network of affiliates. This
is like the Hydra with the hundred heads.
-Rob
> Thanks
>
> Rafael Forrer
>