Ean Schuessler (ean@brainfood.com) wrote:

My girlfriend downloaded the GIMP windows build referenced off the GIMP.org website and it seems to have a Malware/Adware package called "Sweetpacks" bundled with it.

Please try to figure out where exactly you downloaded gimp for windows, the "official" packages by Jernej Simončič are currently hosted on sourceforge. I am not aware of problems with these builds.

If you donwloaded the packages from somwhere else please tell us where on gimp.org we did reference the package.

Thanks, Simon

simon@budig.de              http://simon.budig.de/

Ean Schuessler writes:

Hi,

My girlfriend downloaded the GIMP windows build referenced off the GIMP.org website and it seems to have a Malware/Adware package called "Sweetpacks" bundled with it. I realize that the Windows version of GIMP is linked with a "hey, this isn't us" kind of disclaimer but the fact that GIMP.org links to it gives the sense that its contents are trustworthy or, at least, not hostile. If there is really no validation of that distribution and it contains these kinds of softwares then it may not be such a good idea to have GIMP.org linking to it.

I guess you're referring to this paragraph from gimp.org/downloads:

GIMP for Windows

The GIMP team doesn't officially provide any Windows installers. You can, however, install GIMP easily using the Windows installers by Jernej Simončič.

Download GIMP 2.8.6 – Installer for Windows XP SP3 or later

which _should_ link to http://gimp-win.sourceforge.net/ ? That page says gimp-2.8.6-setup.exe should have an md5sum of c0e253c5c4124c8b881ca44828839f5e (and I get that too when I download the exe). I don't have a windows to test with, maybe someone else can confirm that md5sum on this list, or maybe you could check if your download has a different md5sum?

(Could it be that someone has registered some similar-looking typo to gimp.org and is serving malware? Or that some already-installed malware is redirecting downloads?)

Kevin Brubeck Unhammer

GPG: 0x766AC60C

Gesendet: Donnerstag, 10. Oktober 2013 um 08:10 Uhr Von: "Ean Schuessler"

My girlfriend downloaded the GIMP windows build referenced off the GIMP.org website and it seems to have a Malware/Adware package called "Sweetpacks" bundled with it.

We found that some people get confused by the ads on the Sourceforge site and click on them instead of wainting for the real downloads. It has become a common practice by malwertizers to emulate those big green download arrows to lure in visitors. This is why ad blockers are no longer an optional add-on, but mandatory.

I realize that the Windows version of GIMP is linked with a "hey, this isn't us" kind of disclaimer but the fact that GIMP.org links to it gives the sense that its contents are trustworthy or, at least, not hostile.

As said above, please try to verify whether this was the actual installer, or one offered via one of the ads. We have agreed to move the installers to the gnome ftp servers to get rid of this problem.

Regards,
Michael
GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD

Hi,

On Thu, Oct 10, 2013 at 8:30 PM, Michael Schumacher wrote:

Gesendet: Donnerstag, 10. Oktober 2013 um 08:10 Uhr Von: "Ean Schuessler"

My girlfriend downloaded the GIMP windows build referenced off the GIMP.org website and it seems to have a Malware/Adware package called "Sweetpacks" bundled with it.

We found that some people get confused by the ads on the Sourceforge site and click on them instead of wainting for the real downloads. It has become a common practice by malwertizers to emulate those big green download arrows to lure in visitors. This is why ad blockers are no longer an optional add-on, but mandatory.

This being said, if this is really what happens, that's still bad. I indeed remember a previous bugzilla report (and maybe even some email discussions), where someone was complaining about what I think was the same issue:
https://bugzilla.gnome.org/show_bug.cgi?id=703834

And as I said on this ticket, I think we should consider backing off from Sourceforge for any official release of GIMP. Sourceforge is one of the first big forge for Free Software, and I am thankful for its history, but it has become clear that it is now a center of completely unfiltered over-advertising and phishing. If I go on any Sourceforge page, I have more blinking ads than actual project text. And the "wait 5 seconds while looking to our ads before download" is completely unacceptable too in my opinion.

Also the disclaimer that the Windows build is half true in my opinion. As the user says, we are still linking it from our main download page, and we are clearly taking the Windows platform more seriously. Jernej is a GIMP committer, and his installer is in the gimp-2-8 branch, we fix bugs for Windows now, and if someone uses Jernej's build, we don't say "sorry, that's not official". So somehow, it is official, in my opinion.

I realize that the Windows version of GIMP is linked with a "hey, this isn't us" kind of disclaimer but the fact that GIMP.org links to it gives the sense that its contents are trustworthy or, at least, not hostile.

As said above, please try to verify whether this was the actual installer, or one offered via one of the ads. We have agreed to move the installers to the gnome ftp servers to get rid of this problem.

Good, that's what I was going to propose, as I already did in the bugzilla report. :-)

Jehan

--
Regards,
Michael
GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD _______________________________________________ gimp-user-list mailing list
List address: gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list

On Thu, 2013-10-10 at 09:30 +0200, Michael Schumacher wrote:

We found that some people get confused by the ads on the Sourceforge site and click on them instead of wainting for the real downloads. It has become a common practice by malwertizers to emulate those big green download arrows to lure in visitors. This is why ad blockers are no longer an optional add-on, but mandatory.

Are these Google ads? If so, report them to Google Adsense. If not, report them to Sourceforge. Let's help fix the problem...

Liam

Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/
Pictures from old books: http://fromoldbooks.org/
Ankh: irc.sorcery.net irc.gnome.org freenode/#xml

On Thu, Oct 10, 2013 at 09:57:47AM -0400, Liam R E Quin wrote:

On Thu, 2013-10-10 at 09:30 +0200, Michael Schumacher wrote:

We found that some people get confused by the ads on the Sourceforge site and click on them instead of wainting for the real downloads. It has become a common practice by malwertizers to emulate those big green download arrows to lure in visitors. This is why ad blockers are no longer an optional add-on, but mandatory.

Are these Google ads? If so, report them to Google Adsense. If not, report them to Sourceforge. Let's help fix the problem...

IMHO the problem may be resolved with a md5sum code and a simple guide (one row command) both really visible on how to check for autenticity.

bye

Marco Ciampa

+--------------------+
| Linux User  #78271 |
| FSFE fellow   #364 |
+--------------------+

On 11.10.2013 17:16, Marco Ciampa wrote:

IMHO the problem may be resolved with a md5sum code and a simple guide (one row command) both really visible on how to check for autenticity.

Do you think a md5 sum and a corresponding command will be of any use to them? And don't you think that malwertizers will pick that up, too, if it became common?

Regards,
Michael
GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD

On Fri, 11 Oct 2013 17:16:43 +0200, Marco Ciampa wrote:

IMHO the problem may be resolved with a md5sum code and a simple guide (one row command) both really visible on how to check for autenticity.

MD5sum is pretty useless on Windows, since you need a 3rd-party program to verify them. The installers are digitally signed, and support for that is built-in - right-click the downloaded installer, choose Properties and check the Digital signatures tab - my name should appear there (if it doesn't, the installer did not come from me, or was altered).

< Jernej Simončič ><><><><>< http://eternallybored.org/ >

Hi,

I'd like to add that this issue also occured similarly for me today on the [GIMP nightly builds site]. At least there were ads for a Windows installer and training. This particular ad might being harmless as long as one knows the backgrounds, but other users could easily be led astray.
Using an adblocker filtered the ad properly out.

Kind regards,

Sven

[GIMP nightly builds site]: http://nightly.darkrefraction.com/gimp/