Author Topic: Arduino malware? (Read 4163 times)

FrankBuss · « **on:** January 31, 2016, 05:28:27 am »

I just tried to download the latest Arduino IDE from here and my virus scanner says it is a malware website:

I guess it is a false posivite and I should buy a better virus scanner, but just want to ask if someone can verify it before I install the IDE.

Muxr · « **Reply #1 on:** January 31, 2016, 05:32:23 am »

Check the https certificate. Go to the https:// version of the site and click on the little lock icon:

If it's false positive, my guess it's being thrown off by the .cc domain. A lot of malware/phishing sites run on that TLD.

FrankBuss · « **Reply #2 on:** January 31, 2016, 05:36:57 am »

A correct SSL certificate doesn't mean that the site was not hacked. But looks like it is all ok, the setup program shows Arduino LLC as the verified publisher. So unless someone stole the signature key, it is no malware.

Muxr · « **Reply #3 on:** January 31, 2016, 05:41:47 am »

Quote from: FrankBuss on January 31, 2016, 05:36:57 am

A correct SSL certificate doesn't mean that the site was not hacked. But looks like it is all ok, the setup program shows Arduino LLC as the verified publisher. So unless someone stole the signature key, it is no malware.

It's the only means of verification you have that the site you're visiting is authentic. Sure someone could steal their cert, or hack their website, but at least you're verifying that whatever server you're connected to has the certificate that was only issued to them.

It at leasts makes you safe from DNS cache poisoning and some other attack vectors.

rs20 · « **Reply #4 on:** January 31, 2016, 05:47:33 am »

Perhaps FTDI coaxed Avira into marking Arduino as a virus to prevent counterfeit FT232s from being used?

bitwelder · « **Reply #5 on:** January 31, 2016, 12:13:45 pm »

I tried to download the file and send it to Virustotal...
Most antiviruses report it as clean, including Avira.
Only one (to me unknown) AV named Zillya suspects there is a Dropper.Injector.Win32.74653
Results here: https://www.virustotal.com/en/file/7d5703f991a0b2cd79aeb990ef5ac7a2af1f9a9a9e432b5bdd466b1ac0ac5674/analysis/1454242141/

janoc · « **Reply #6 on:** February 01, 2016, 02:02:23 pm »

Quote from: rs20 on January 31, 2016, 05:47:33 am

Perhaps FTDI coaxed Avira into marking Arduino as a virus to prevent counterfeit FT232s from being used?

Genuine Arduinos don't use FTDI chips since a few years ago, they use ATMega16u2 and such as the USB to UART converters.

I think only the first ones up to Diecimillia used an FTDI, then they have changed it from Uno onwards. Not sure why (one less supplier?), but as a side effect it has also allowed to build HID devices with Arduinos, which wasn't possible with FTDI before.

newbrain · « **Reply #7 on:** February 01, 2016, 06:44:31 pm »

Well, I think Avira is not completely wrong here...the Arduino IDE is actually malware.
Not for your PC, but for your sanity.

Jeroen3 · « **Reply #8 on:** February 01, 2016, 08:30:05 pm »

Well, when launching the app: Java(TM) Platform SE binary.
Seems like Avira is 100% right this time.


EEVblog Main Site	EEVblog on Youtube	EEVblog on Twitter	EEVblog on Facebook	EEVblog on Odysee

EEVblog Electronics Community Forum

Author Topic: Arduino malware? (Read 4163 times)

FrankBuss

Arduino malware?

Muxr

Re: Arduino malware?

FrankBuss

Re: Arduino malware?

Muxr

Re: Arduino malware?

rs20

Re: Arduino malware?

bitwelder

Re: Arduino malware?

janoc

Re: Arduino malware?

newbrain

Re: Arduino malware?

Jeroen3

Re: Arduino malware?

Share me