This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Attack against Cygwin?

From: Cliff Hones <cliff at hones dot org dot uk>
To: cygwin at cygwin dot com
Date: Thu, 16 Aug 2007 14:09:31 +0100
Subject: Re: Attack against Cygwin?
References: <000301c7e003$d091d390$2f01a8c0@yourvs85n1xobx>

Martha Adams wrote:
> Hi, I'm a Cygwin user for some time past; and I check
> my machine frequently using Grisoft AVG Free.  On Aug 10 my AVG found
> something called Obfustat.GCD
> (not Obfustated.GCD) which it said had infested
> several files with particular focus on Cygwin.  I have
> Googled on 'Obfustat.GCD' and today one hit came
> up:
> minkara.carview.co.jp/userid/299856/blog/5808766/
> 
> which is in Japanese but Google does a translation
> of sorts.  This apparently was posted Aug 8, and the
> writer mentions Cygwin.
> 
> On Aug 9 my AVG found 'Win32/Polycrypt' as seven
> or so *.dll files including Byte\Byte.dll, CN\CN.dll, and
> EBCDIC\EBCDIC.dll.
> 
> Two attacks in two days, gets my attention.  Does it
> deserve yours, and a general warning?

No - they are almost certainly false positives, and it has already
been noted here.

AVG was reporting Polycrypt and/or Obfustat on various Cygwin files from
Aug 8th to Aug 13th, but the current virus data files seem ok.

-- Cliff

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- Attack against Cygwin?
  - From: Martha Adams

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]