LaTeX forum ⇒ TeX Live and MacTeXBAT.CMDFlood - Possible Spyware

Information and discussion about TeX Live distribution for all platforms (Windows, Linux, Mac OS X) and the related MacTeX: installing, updating, configuring
burke
Posts: 1
Joined: Sat Aug 27, 2011 9:48 pm

BAT.CMDFlood - Possible Spyware

Postby burke » Sat Aug 27, 2011 9:59 pm

Has anyone run across this spyware or whatever it is in TeXLive 2011? BAT.CMDFlood

It was found (on two different machines) using ClamXav:
/usr/local/texlive/2011/texmf-dist/context/data/scite/cont-pe-scite.properties: BAT.CMDFlood FOUND
ERROR: Can't unlink '/usr/local/texlive/2011/texmf-dist/context/data/scite/cont-pe-scite.properties': Permission denied

To elaborate: It is also in the 2010 distribution but not 2009.

Link:
BBcode:
HTML:
Hide post links
Show post links

gefion777
Posts: 1
Joined: Thu Sep 15, 2011 6:28 am

Postby gefion777 » Thu Sep 15, 2011 6:43 am

Found BAT.CMDFlood today on my Mac using ClamXav. Viewed the file in a terminal window using the "More" command. At the beginning the file looks similar to the english version (cont-en-scite.properties). Later strange non-latin characters and several Unicode U+200C characters (zero-width non-joiner) show up.

Seems to be either a corrupted or a hijacked language file.

Decided to delete it using a sudo rm cont-pe-scite.properties command.

Link:
BBcode:
HTML:
Hide post links
Show post links

User avatar
justdeath
Posts: 69
Joined: Mon Sep 05, 2011 10:27 am

Postby justdeath » Mon Sep 19, 2011 7:09 pm

This is written in Persian language.
The filename is: cont-pe-scite.properties
Obviously pe is short from Persian.

http://translate.google.com/#fa|en|
The language is also known as Farsi, that is why google says fa.

You can translate some strings to see for yourself.

Nikolay

Link:
BBcode:
HTML:
Hide post links
Show post links


Return to “TeX Live and MacTeX”

Who is online

Users browsing this forum: No registered users and 1 guest