Sign up now! · Forgot password?
RSS/Atom feed identi.ca Twitter

Yay, mainstream! - and trojaned GIMP installers

This discussion is connected to the gimp-developer-list.gnome.org mailing list which is provided by the GIMP developers and not related to gimpusers.com.

This is a read-only list on gimpusers.com so this discussion thread is read-only, too.

1 of 1 message available
Toggle history

Please log in to manage your subscriptions.

Yay, mainstream! - and trojaned GIMP installers Michael Schumacher 09 Aug 22:38
Michael Schumacher
2012-08-09 22:38:16 UTC (over 1 year ago)

Yay, mainstream! - and trojaned GIMP installers

Hi,

recently, we're seeing more and more sign of GIMP becoming mainstream - the availability of several GIMP installers for the Microsoft Windows platforms loaded with trojans is certainly an indication for that.

The most common trojan seems to be InstallIQ. A piece of software that grants the providers of the actual installers plausible deniability because the installers itself is clean, and because the user has to agree to install additional "utilities" during setup.

Case 1:

Step 1: the victim is sent a scam mail pointing to a file at photo-host.net/ (which disguses as a image upload site).

Step 2: the files provided there are .gmp files (huh?)

Step 3: for viewing those files, there's a link to gimphost.com, where the infected installer is located

Case 2:

Another victim or culprit of a related scam seems to be the gimpshop.com site, which used to host a modifed version of GIMP which resembled the Photoshop UI. Either its original author has gone to the Dark Side, or that site has been taken over by a scammer - it is distributing InstallIQ-infected installers.

Advice:

If you see any GIMP installer sites which have a fine print with phrases like

"is distributing a modified installer which is different from the original ones"

or

"InstallIQ"

or

"the installer is compliant with the original software manufacturer's policies"

then do the following:

STAY AWAY FROM THEM!