Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Hacker compromises Fosshub to distribute MBR-hijacking malware (softpedia.com)
9 points by PascLeRasc on Aug 3, 2016 | hide | past | favorite | 5 comments


The payload reminds me of '90s-era malware: more intent on just trashing up the system than with gaining any sort of profit. Wiping random people's MBRs isn't exactly nice, but considering that's all it really does, it's a far cry from what most malware seems to be concerned with doing nowadays.


I find it interesting that the FossHub homepage still says

  No adware, No spyware, No bundles, No malware, Fast downloads, Free services and a single ad.


I think many website operators do not see a problem with lying when it helps them getting more pageviews, signups or money.

In September 2015, Imgur distributed malicious JavaScript that targeted users of 8chan. Imgur fixed the vulnerability, but still displayed the following message when JavaScript was turned off:

> JavaScript is disabled in your browser, which doesn't make for a very good experience on Imgur. We encourage you to either enable JavaScript or whitelist Imgur.com. We would never do anything bad or malicious with our JavaScript, and if you ever run into any problems then feel free to contact us.


Wow, I had never heard about that. It will be interesting to see how long it takes FossHub to make some sort of statement addressing this incident.


The audacity team has a blog post regarding the incident: http://www.audacityteam.org/compromised-download-partner/




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: