FRESH

Hacker News

Home

7zip.com Is Serving Malware

177 points by Alifatisk

by Dwedit

1 subcomments

7zip.com has never been the official website of the project. It's been 7-zip.org

by throwaway150

2 subcomments

I tested with the 3 major browsers and all 3 block it as "Suspected Phishing". So looks like the system is working as designed.
Lookalike websites serving malware have always existed. So this isn't exactly news. But the browsers are blocking them like they should.

by mmh0000

0 subcomment

This has been a long-standing problem with 7-Zip.
An article from 2018:
https://www.bleepingcomputer.com/news/security/fake-websites...
And uBlock Origin's "Badware" filter blocks it:
https://github.com/uBlockOrigin/uAssets/blob/master/filters/...

by krypd0h

1 subcomments

The links to the file downloads on 7zip.com all point to 7-zip.org. Example: https://www.7-zip.org/a/7z2501-x64.exe
Did they change it because of the negative publicity (Reddit) and will probably change back soon to the malware links?

by Bender

0 subcomment

The only solutions for the malicious domain would be lawsuits or hactivism. As others have said it is blocked in uBlock by default which everyone should be using at a bare minimum.

by ruicraveiro

1 subcomments

As a Linux user, used to get all of my software either through the distro's repository or Flathub, having to download software from sites when I run Windows makes me feel really queasy.

by usr1106

0 subcomment

It says the code signing cert has been revoked by now.
How does verification work? Only at installation time or will it prevent running the installed files later if installation happened when the cert was still accepted?
Linux user asking out of curiousity...

by tokyobreakfast

3 subcomments

Does the 7-Zip author still refuse to digitally sign or even provide hashes of the official downloads? It's an extremely weird flex, he thinks it's a frivolous waste of time or something.

by wowczarek

0 subcomment

The .com site serving malware aside, it's how people even get to downloading this. PC builder [...], USB stick [...], YouTube tutorial for a new build [...] instructed to download. Makes me wonder, is this how "PC builders" build PCs, or was this a regular user person. Archive managers are such basic software that I'd think surely someone would keep a stash of (trusted) installer files for the basic tools to be installed in a new environment. At least that's what we used to do, like, 25 years ago. Or use choco, winget or whatever. Malware hygiene habits remain almost unchanged - don't click that link.

by bloaf

1 subcomments

I've started using winget to install my apps for exactly this reason. I can't keep track of every url for every piece of software.

by NameNickHN

0 subcomment

I always go through Wikipedia if I want to download software for this exact reason.

by pendingrunner

0 subcomment

I usually check some other reliable source for official web address. Earlier I used Wikipedia. Recently found out Softorage, so using that nowadays.

by high_na_euv

0 subcomment

It doesnt help that many services use a few domain names, bonus points if other ones look like from scam domain examples

by throawayonthe

2 subcomments

i'm increasingly convinced nothing good ever comes from youtube tutorials

0 subcomment

by kevincloudsec

4 subcomments

[dead]

by jas39

2 subcomments

I would not trust any sw from Russia. Could be a vector for the FSB. I'm sure they have thought about it.

by Meneth

2 subcomments

I compared https://7-zip.org/a/7z2600-x64.exe with https://7-zip.com/a/7z2600-x64.exe. They are byte-for-byte identical. If there's malware, it isn't obvious.