High profile site scares users
We come across a plenty of malware reports every day. Sometimes we have to deal with some special cases, where a respected vendor is involved. This time it was the Dell driver download site.
Download siteThe "Download file" link leads to this unexpected screen (our user complained about a false positive):
What a surprise?!Well, being an average user, I'd be somehow confused as well. But I know where to look, when it comes to Sality. First of all - the file is supposed to be signed with a digital certificate (according to PE header), but there's no valid signature (even the Digital signature tab in the file properties dialog does not appear):
No digital signatureOn the other hand, what we can easily find in the file is an evident sign of Sality presence:
Traces of SalityThe highlighted section has been added by Sality. Fortunately, it has not been filled up with a vital Sality body (it seems to be either wrongly infected or wrongly disinfected), thus the file is not dangerous, but it's definitely something what no one expects at a site with such reputation. Now it is up to Dell, I think that they don't want to distribute this particular file anymore :-).
1988 - 2024 Copyright © Avast Software s.r.o. | Sitemap Privacy policy