It is currently January 20th, 2019, 12:12 pm

New malware threat on deviantART

Release announcements and important news from the developers.
User avatar
jsmorley
Developer
Posts: 18663
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

New malware threat on deviantART

jsmorley » July 19th, 2011, 2:40 pm

There is a user who is currently uploading what look like Rainmeter skins, but which contain an archive (.rar) with only a .pif (Program Information File) file inside it. This is a not malware. This is not a virus.

THIS IS A PROGRAM WHICH WHEN RUN WILL JUST DESTROY YOUR SYSTEM PARTITION ON YOUR HARD DRIVE AND REBOOT.

IF YOU RUN ONE OF THESE .PIF FILES PRETENDING TO BE A RAINMETER SKIN, YOU WILL BE RECOVERING FROM A BACKUP (HOPEFULLY YOU HAVE A NIGHTLY BACKUP) OR REINSTALLING WINDOWS FROM SCRATCH.

The user is danieloo12

Please, please be cautious when downloading skins from anywhere. Rainmeter skins SHOULD NEVER, EVER be a .exe or .pif file that you are asked to "run" to install the skin. Rainmeter skins are installed by either running a file in the .rmskin format, or manually installed by copying .ini and other files into your \Skins folder.
User avatar
jsmorley
Developer
Posts: 18663
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: New malware threat on deviantART

jsmorley » July 19th, 2011, 4:15 pm

I have sent the following to chix0r at deviantART, she is the leader of the support team that deals with reports on submissions there.

===============
Hey there,

We are again having enormous problems in the Rainmeter area with fake submissions that really contain .exe or .pif or other file formats that when run do damage to our user's computers.

These are quite often files that are not detected by antivirus applications and are not being stopped by your "scanning" on submissions you guys put in place.

We are once again at a point where we have been repeatedly reporting submissions, and weeks and weeks go by and absolutely nothing is done. The submissions are not deleted, there is no response of any kind from your team.

The current bunch uploaded are particularly bad, as they are in the .pif (Program Information File) format, are not detected by an antivirus, and when run just destroy the user's boot sector and system partition and reboot. The user has no alternative but to restore from a backup or start over with a reinstall of Windows.

I'm sorry to beat this horse, but it is beyond clear that your team is overwhelmed and unable to deal with this in anything approaching a timely fashion. It's not days, or even weeks before a report is dealt with, it's NEVER.

We need a better solution. There MUST be some way to allow local moderation of a particular area like Rainmeter, where what is submitted is not an image, but often can contain an executable. I can't understand why stubbornly sticking to a broken process can be allowed to destroy the usefulness of this site.

Could I get from you the names of the folks who you report to in the organization, as I think it is now time to escalate this issue so we can get some different visibility. I think you have been personally very responsive and you and your team are no doubt doing the very best you can, but it is within a system of dealing with this serious issue that is just completely broken and ineffective.

Thanks,

Jeff
==============

I await some response.
User avatar
karmat
Posts: 358
Joined: July 7th, 2009, 11:10 pm
Location: Canada

Re: New malware threat on deviantART

karmat » July 21st, 2011, 3:29 am

Well hopefully you'll get a response! I sent her (and OtisBee) the following on July 1st and they haven't even read it, nevermind answer it. Top of the food chain there is CEO http://spyed.deviantart.com/ - I think you should contact him.

I also included a complete list (at that time) of the bad skins with my note...

Fiona, I'm including information below on all the infected skins that are currently in the Rainmeter Gallery below.

If dA is using an antivirus scanner on uploads, it's not picking up everything.

All these skins have been reported by myself and probably other people in the Rainmeter community. I have not received any replies to my malware reports and some of them are a couple weeks old.

On these deviations there have been 3614 downloads so far!

I'm a fairly new moderator over at Customize.org and they had been hit so hard by this type of malware in all their galleries that they've closed off uploads to everything but images. They are trying to find a scanner that works effectively and are just having us clean out the galleries as best we can. These submissions started in March and April (dA's started in April). The type of infected submissions they were getting are the same as here - where someone would rip a skin and the preview, slip in an infected file or just an .exe file and upload it to unsuspecting members.

I know you've said it again and again why experienced gallery moderators can't be volunteers but I still don't see why. Customize.org allows us to delete submissions and ban people who are either plagarizing or spamming or submitting malware - why can't dA? You can always take away their ability if they abuse it.

Could you please take care of these ones, some don't show up on VirusTotal, but if you open the Zip file like I did, you'd see that they have a *.exe file - which is NOT how rainmeter skins are packaged. They should be banned as well - they are not members of the dA community or skinners, they are here only to upload malware.
User avatar
jsmorley
Developer
Posts: 18663
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: New malware threat on deviantART

jsmorley » July 22nd, 2011, 12:17 pm

I have now posted on Fiona's public profile, with a copy of the message I sent as a PM. She has responded to others who have posted there since my PM, and certainly since your message of a couple of weeks ago, so I am going to see if I can shame her into a response by going public with both the issue and the lack of response.

I'll see what happens, and if there is still no response in a day or two, I will take it up a notch.
FlyingHyrax
Posts: 251
Joined: July 1st, 2011, 1:32 am
Location: US

Re: New malware threat on deviantART

FlyingHyrax » July 22nd, 2011, 4:22 pm

jsmorley wrote: I'll see what happens, and if there is still no response in a day or two, I will take it up a notch.
*epic drumroll*

Though in all seriousness, this is serious. This saga is starting to get ridiculous. I too don't understand why Group mods can't be allowed more moderating power. Before all this malware happened, I never know that you guys didn't have it!

Though, DeviantArt wasn't built for these types of submissions. (Was it?) Customize.org was, which might explain some of the differences?
Flying Hyrax on DeviantArt
User avatar
jsmorley
Developer
Posts: 18663
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: New malware threat on deviantART

jsmorley » July 22nd, 2011, 4:31 pm

Though, DeviantArt wasn't built for these types of submissions. (Was it?) Customize.org was, which might explain some of the differences?

That is a good point, and one that I have long considered. They started out as a site to upload "art", and moderation would only turn into wars about "what is art", "this was stolen / derived from some other work", "this is porn, hate speech, etc." and they seem to have decided early on that they were better off to centralize these decisions with paid staff, and have firm rules and processes. An area like Rainmeter is almost not a good fit with where they evolved from and where they are now, so I can understand that they are having a hard time wrapping their heads around it, and even if they agreed, it has been indicated to me that their software doesn't support it today. Giving the ability to someone to delete submissions and / or ban users is an "all or nothing" proposition, not something they can easily "fence off" today to a particular area or level of "capabilities". If you are given that particular ticket you get to "ride all the rides".

This conversation with them will continue, and I'm hoping we can make some progress. As I have said before though, nothing is ever going to remove the need for users not to be imbeciles. I'm astounded that folks still download those submissions even with all the warnings I post and when possible put as comments right on the submission.
User avatar
jsmorley
Developer
Posts: 18663
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: New malware threat on deviantART

jsmorley » July 22nd, 2011, 4:47 pm

Karmat,

I heard back from Fiona:

==================
Jeff,
I know you sent me a message, but I haven't opened it yet because I have other high priority projects on the go right now.

I can't keep queue skipping the rainmeter stuff, it's unfair on the rest of the community. We've got 3 members of CEA out at Comic-Con this week and we're having to make decisions which mean that people are fighting over priorities. I know to you it's a big deal, but the numbers reporting issues with rainmeter are so low compared to things such as inappropriate content, underage nudity and harassment by other individuals that it's an obvious decision to make.

I'm going to have to ask you to show some patience in dealing with this matter because we're in the process of bringing in 2 new CEA people who will undertake these reports as part of their training.
==================

I have responded:

==================
Thanks for the response Fiona. I think I would really prefer to get some escalation contacts at this point. We have been very patient in our view, but other than when you in fact "queue jump" us, which we know is unfair, NOTHING is ever done. I need to raise the visibility of this so we can once and for all find out if even being involved with this site makes sense going forward. Having malware posted that can destroy a user's computer and doing absolutely nothing about it for months on end just can't be the long term answer. We need some kind of local moderation ability, even if that means working with your folks on a change to some software to support it, and a change of thinking about "centralizing" all decisions in an area like Rainmeter.

Who would be best for me to talk to in order to further this dialog?

Jeff
==================
User avatar
karmat
Posts: 358
Joined: July 7th, 2009, 11:10 pm
Location: Canada

Re: New malware threat on deviantART

karmat » July 22nd, 2011, 6:07 pm

So, same response as last time. And you can tell this is nowhere on their radar. She definitely is pissing me off. She tries to throw it back in our lap that we're a bunch of whinies looking for favours and misses the point altogether - people's systems are getting screwed and will continue to get screwed until they get their house in order. No care for their members or reputation!
User avatar
jsmorley
Developer
Posts: 18663
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: New malware threat on deviantART

jsmorley » July 22nd, 2011, 6:23 pm

Karmat, re: latest response from her and our replies... LOL...
User avatar
karmat
Posts: 358
Joined: July 7th, 2009, 11:10 pm
Location: Canada

Re: New malware threat on deviantART

karmat » July 26th, 2011, 9:34 pm

dA has set their new 'Community Volunteer' project in motion - so one of us will definitely never ever be a moderator for the rm gallery... http://moonbeam13.deviantart.com/journal/Presenting-Community-Volunteers-244050446