Skip to main content
Home
The Baheyeldin Dynasty
The journey for wisdom starts with knowledge
  • Home
  • About
  • Site Map
  • Contact

TrendMicro OfficeScan reports a false positive Trojan for Drupal 6.x

  1. Home

By Khalid on 2009/07/09 - 14:15, last updated 2009/07/09 - 18:03

The Drupal security team receives reports of all sorts all the time.

Some of them are false positives by security scanning software.

Today we got a report about a Trojan being detected in Drupal 6.10 and 6.13 by TrendMicro OfficeScan version 10, in the following files:

modules/color/color.install - BQDR_IRCBOT.BZQ
modules/profile/profile-wrapper.tpl.php - TROJ_SWIZZOR.KXV
modules/translation/translation.module - TROJ_FRAUDLO.LL

These files are plain text and valid PHP files.

Long time security team member Bart Jansens was able to verify that indeed the same software does generate those false positives.

Other visitors to Drupal.org have also reported the same issue. One of them has notified TrendMicro of the issue.

We hope that TrendMicro soon issues an update that fixes this false positive.

Contents: 
Drupal
  • Add comment

Comments

rogerpfaff (not verified)

Trend Micro

Thu, 2009/07/09 - 16:47

The scanner reports some more false positives these days. It also reports a Trojan in the latest Adobe Shockwave / Flash player downloads and caused IE7 to crash on our companies website although there is no flashin use.

  • reply

Heine (not verified)

No one gets it right in one

Thu, 2009/07/09 - 16:56

No one gets it right in one try, but Bart's name is Bart Jansens :)

  • reply

Khalid

Fixed

Thu, 2009/07/09 - 18:03

Fixed, thanks.

  • reply

Tash (not verified)

No false report for color.install in Drupal 5 files

Sat, 2009/07/11 - 22:03

Hi, I don't think that all message are false reports.
I've received virus messages as well for all color.install files on my computer. I had a various versions of Drupal installation files stored in my hard drive. Every single color.install returned a virus message.
Here's the thing: the color.install files were NOT plain text anymore, when trying to open them in Dreamweaver they showed just cryptic signs.
At the SAME time that TrendMicro had reported the virus, Spydoctor found 2 trojans in my system that I've been trying hard to get rid of (Backdoor.Ciadoor!sd5 and Delf!ct).
I don't think that this is a false report, but should be taken seriously.

  • reply

Khalid

I just checked

Sat, 2009/07/11 - 22:16

I just downloaded both Drupal 5.19 and 6.13 and checked the color.install. It is a plain text file with valid PHP in it. So, the tarballs that are on drupal.org are clean.

If these files are infected by some other malware on your PC, Drupal has nothing to do with it. Its files are victims, not the source.

  • reply

Anonymous (not verified)

upload.module now also

Tue, 2009/07/14 - 04:39

upload.module now also impacted

  • reply

Alan Domladovac... (not verified)

Today I receive a new alert.

Tue, 2009/07/14 - 08:07

Yesterday I receive an alert on the same files reported in http://drupal.org/node/514448

Today I receive a new alert.

File: modules/book/book.admin.inc
Virus: TROJ_SWIZZOR.KVR

File: modules/poll/poll-results.tpl.php
Virus: TROJ_SWIZZOR.KVC

File: modules/upload/upload.module
Virus: TSPY_MMORPG.NP

Drupal version: 6.13 (latest)

  • reply

Anonymous (not verified)

Trend Micro

Fri, 2009/07/17 - 04:20

I've posted these files to Trend Micro Support a few days Ago
I got a mail from them that with CPR 6.278.02 and above, the problem was fixed I've tested it today and it looks OK for now.

  • reply

Anonymous (not verified)

Fake alert

Sat, 2009/10/10 - 13:51

I received a message in from office scan regarding trojan malware. However performing a scan with "malwarebytes anti-malwares" it says no malware is detected. do you think the message from office scan is a fake alert?

  • reply

CЛACTEHA (not verified)

Прикольно

Fri, 2009/11/06 - 15:40

Без имени и овца баран. :)

  • reply

Current

Pandemic

  • COVID-19
  • Coronavirus

Search

Site map

Contents

  • Family
    • Khalid
    • Ancestry
    • Extended
  • Friends
  • Nokat نكت
  • Writings
    • Cooking
    • Culture
    • Science
    • History
    • Linguistics
    • Media
    • Literature
    • Politics
    • Humor
    • Terrorism
    • Business
    • Philosophy
    • Religion
    • Children
  • Technology
    • Linux
    • Arabization
    • Drupal
      • Association
    • Software
    • Internet
    • Technology in Society
    • Digital Archeology
    • NCR History
    • MidEast Internet
    • Programming
    • Saudi ISPs
    • Miscellaneous
  • Places
    • Canada
      • Weather
    • Egypt
      • Cuisine
      • Alexandria
      • E.G.C.
    • USA
    • Saudi Arabia
  • Interests
    • Astronomy
    • Fishing
    • Photography
    • Snorkeling
    • Nature
    • Photomicroscopy
  • Miscellany

In Depth

  • al-Hakim bi Amr Allah: Fatimid Caliph of Egypt الحاكم بأمر الله
  • Alexandria, Egypt
  • Arabic on the Internet
  • Articles on the history of Muslims and Arabs in the Iberian Peninsula تاريخ المسلمين و العرب في الأند
  • DIY GOTO Telescope Controller With Autoguiding and Periodic Error Correction
  • E.G.C. English Girls College in Alexandria, Egypt
  • Egyptian Cuisine, Food and Recipes مأكولات مصرية
  • George Saliba: Seeking the Origins of Modern Science?
  • Internet Scams and Fraud
  • Mistaken for an Arab or Muslim: Absurdities of being a victim in the War on Terror
  • Mistaken Identity: How some people confuse my site for others
  • One People's Terrorist Is Another People's Freedom Fighter
  • Overview of Google's Technologies
  • Photomicroscopy
  • Pseudoscience: Lots of it around ...
  • Resources for using Google Adsense with Drupal
  • Rockwood Conservation Area, Southern Ontario
  • Selected Symbolic Novels And Movies
  • Snorkeling the Red Sea near Jeddah
  • Updates and Thoughts on the Egyptian Revolution of 2011

Recent Content

Most recent articles on the site.

  • Origin Of COVID-19: Natural Spillover, Lab Leak Or Biological Weapon?
  • Kamal Salibi and the "Israel from Yemen" theory
  • How To Upgrade HomeAssistant Core In A Python Venv Using uv
  • Ancestry - Paternal Side
  • Review of Wait Water Saver For Whole House Humidifiers
more

Most Comments

Most commented on articles ...

  • Another scam via Craigslist: offering more than asking price
  • Warning to female tourists thinking of marrying Egyptians
  • Craigslist classified for used car: Cheque fraud scam
  • Winning the lottery scam email: World Cup South African lottery
  • Email Scam: BMW 5 Series car and lottery winning
more

About Khalid

Various little bits of information ...

  • Khalid Baheyeldin: brief biography
  • Presentations and Talks
  • Youtube Videos
  • GitHub Projects
  • Drupal.org Profile
  • Astrophotography @ Flickr

Sponsored Links

Your Link Ad Here

Tags

Android Mobile Ubuntu Sony OnStep OpenWRT Router Ericsson COVID-19 Rogers Coronavirus Arabic Kubuntu Home Assistant GSM Telescope tablet Spectrum Scam Python 419 Laptop Firefox DIY CPU Conspiracy Comet Balkanization backup App
More

© Copyright 1999-2025 The Baheyeldin Dynasty. All rights reserved.
You can use our content under the Terms of Use.
Please read our privacy policy before you post any information on this site.
All posted articles and comments are copyright by their owner, and reflect their own views and opinions, which may not necessarily be consistent with the views and opinions of the owners of The Baheyeldin Dynasty.

Web site developed by 2bits.com Inc.