BAT.CMDFlood - Possible Spyware

[burke]

Has anyone run across this spyware or whatever it is in TeXLive 2011? BAT.CMDFlood

It was found (on two different machines) using ClamXav:

/usr/local/texlive/2011/texmf-dist/context/data/scite/cont-pe-scite.properties: BAT.CMDFlood FOUND
ERROR: Can't unlink '/usr/local/texlive/2011/texmf-dist/context/data/scite/cont-pe-scite.properties': Permission denied

To elaborate: It is also in the 2010 distribution but not 2009.

[gefion777]

Found BAT.CMDFlood today on my Mac using ClamXav. Viewed the file in a terminal window using the "More" command. At the beginning the file looks similar to the english version (cont-en-scite.properties). Later strange non-latin characters and several Unicode U+200C characters (zero-width non-joiner) show up.

Seems to be either a corrupted or a hijacked language file.

Decided to delete it using a sudo rm cont-pe-scite.properties command.

[justdeath]

This is written in Persian language.
The filename is: cont-pe-scite.properties
Obviously pe is short from Persian.

http://translate.google.com/#fa|en|
The language is also known as Farsi, that is why google says fa.

You can translate some strings to see for yourself.

Nikolay