i2p.www/i2p2www/blog/2014/02/16/i2pbrowser-malware.rst

{% trans -%}
=========================
Malware at i2pbrowser.net
=========================
{%- endtrans %}
.. meta::
   :date: 2014-02-16
   :excerpt: {% trans %}The site i2pbrowser.net is a fake I2P website mirror serving up malware for Windows.{% endtrans %}

{% trans -%}
We have recently been made aware of the existence of i2pbrowser.net. This
website copies our homepage and download page, and attempts to trick users into
downloading Windows malware.
{%- endtrans %}

{% trans -%}
There are several indicators that point to i2pbrowser.net being a malware site:
{%- endtrans %}

- {% trans %}The domain was registered on February 10th, 2014.{% endtrans %}
- {% trans %}The download URLs for Windows, Mac OSX, Linux, Android etc. all link to the same .exe file.{% endtrans %}
- {% trans %}The .exe is only 741 KB; the official Windows installer for I2P is 13 MB.{% endtrans %}

{% trans -%}
We have not examined the malware ourselves, but it does not appear to be very
sophisticated; it is not integrated into or bundled with the I2P software.
Information security expert `Lance James`_ posted `a tweet`_ labelling it as
"a standard dark comet rat".
{%- endtrans %}

{% trans -%}
Spread the word. The only official download locations for I2P are linked on our
`download page`_. All I2P download packages are GPG-signed by the
`release signing key`_.
{%- endtrans %}

.. _`Lance James`: https://twitter.com/lancejssc
.. _{% trans %}`a tweet`{% endtrans %}: https://twitter.com/lancejssc/status/434768667310821377
.. _{% trans %}`download page`{% endtrans %}: {{ get_url('downloads_list') }}
.. _{% trans %}`release signing key`{% endtrans %}: {{ site_url('get-involved/develop/release-signing-key') }}
Tag latest blog post 2014-02-17 21:37:59 +00:00			`{% trans -%}`
Draft blog post about malware site 2014-02-16 00:48:10 +00:00			`=========================`
			`Malware at i2pbrowser.net`
			`=========================`
Tag latest blog post 2014-02-17 21:37:59 +00:00			`{%- endtrans %}`
Draft blog post about malware site 2014-02-16 00:48:10 +00:00			`.. meta::`
			`:date: 2014-02-16`
Tag latest blog post 2014-02-17 21:37:59 +00:00			`:excerpt: {% trans %}The site i2pbrowser.net is a fake I2P website mirror serving up malware for Windows.{% endtrans %}`
Draft blog post about malware site 2014-02-16 00:48:10 +00:00
Tag latest blog post 2014-02-17 21:37:59 +00:00			`{% trans -%}`
Draft blog post about malware site 2014-02-16 00:48:10 +00:00			`We have recently been made aware of the existence of i2pbrowser.net. This`
			`website copies our homepage and download page, and attempts to trick users into`
			`downloading Windows malware.`
Tag latest blog post 2014-02-17 21:37:59 +00:00			`{%- endtrans %}`
Draft blog post about malware site 2014-02-16 00:48:10 +00:00
Tag latest blog post 2014-02-17 21:37:59 +00:00			`{% trans -%}`
Draft blog post about malware site 2014-02-16 00:48:10 +00:00			`There are several indicators that point to i2pbrowser.net being a malware site:`
Tag latest blog post 2014-02-17 21:37:59 +00:00			`{%- endtrans %}`
Draft blog post about malware site 2014-02-16 00:48:10 +00:00
Tag latest blog post 2014-02-17 21:37:59 +00:00			`- {% trans %}The domain was registered on February 10th, 2014.{% endtrans %}`
			`- {% trans %}The download URLs for Windows, Mac OSX, Linux, Android etc. all link to the same .exe file.{% endtrans %}`
			`- {% trans %}The .exe is only 741 KB; the official Windows installer for I2P is 13 MB.{% endtrans %}`
Draft blog post about malware site 2014-02-16 00:48:10 +00:00
Tag latest blog post 2014-02-17 21:37:59 +00:00			`{% trans -%}`
Draft blog post about malware site 2014-02-16 00:48:10 +00:00			`We have not examined the malware ourselves, but it does not appear to be very`
			`sophisticated; it is not integrated into or bundled with the I2P software.`
"Information security expert" 2014-02-16 00:51:55 +00:00			Information security expert `Lance James`_ posted `a tweet`_ labelling it as
			`"a standard dark comet rat".`
Tag latest blog post 2014-02-17 21:37:59 +00:00			`{%- endtrans %}`
Draft blog post about malware site 2014-02-16 00:48:10 +00:00
Tag latest blog post 2014-02-17 21:37:59 +00:00			`{% trans -%}`
Spelling fixes (thx strel) 2014-02-19 21:03:06 +00:00			`Spread the word. The only official download locations for I2P are linked on our`
Draft blog post about malware site 2014-02-16 00:48:10 +00:00			`download page`_. All I2P download packages are GPG-signed by the
			`release signing key`_.
Tag latest blog post 2014-02-17 21:37:59 +00:00			`{%- endtrans %}`
Draft blog post about malware site 2014-02-16 00:48:10 +00:00
			.. _`Lance James`: https://twitter.com/lancejssc
Tag latest blog post 2014-02-17 21:37:59 +00:00			.. _{% trans %}`a tweet`{% endtrans %}: https://twitter.com/lancejssc/status/434768667310821377
			.. _{% trans %}`download page`{% endtrans %}: {{ get_url('downloads_list') }}
			.. _{% trans %}`release signing key`{% endtrans %}: {{ site_url('get-involved/develop/release-signing-key') }}