On Wednesday, September 5, 2012 at 8:32 AM, Shane Turner wrote:
Our office virus scanner is reporting that http://production.cf.rubygems.org/gems/librex-0.0.68.gem contains a trojan downloader.
I tried to find some contact information for the site, but I didn't see anything that seemed to be useful.
A couple of services list the site as a malware site:
https://www.virustotal.com/url/cacdda702e4890495527b20f4c1db9823d2374abf89cb4c1770929096afcb96d/analysis/
The gem is also flagged by multiple scanners as a problem:
https://www.virustotal.com/file/90369070c2ce1947dcb4e9e7f50b9999243ff276a51b8491a157c94f84b0ebf8/analysis/1346846438/
Our ESET detection report:
Column Name Value
Date Received 2012-09-04 12:01:36
Date Occurred 2012-09-04 12:01:33
Level Warning
Scanner HTTP filter
Object file
Name http://production.cf.rubygems.org/gems/librex-0.0.68.gem
Threat JS/TrojanDownloader.Agent.GJ trojan
Action connection terminated - quarantined
Information Threat was detected upon access to web by the application: C:\Program Files\VirtualBox\VirtualBox.exe.
Details Ready
A little more searching at http://www.urlvoid.com/scan/production.cf.rubygems.org/ finds another problem file origami-1.2.3.gem:
https://www.virustotal.com/file/7009f6acf4da8ec14053f7faa663503d631308746f67e3168da79fdb1362451a/analysis/1346848086/
Thanks,
Shane
Our office virus scanner is reporting that http://production.cf.rubygems.org/gems/librex-0.0.68.gem contains a trojan downloader.
I tried to find some contact information for the site, but I didn't see anything that seemed to be useful.
A little more searching at http://www.urlvoid.com/scan/production.cf.rubygems.org/ finds another problem file origami-1.2.3.gem:
https://www.virustotal.com/file/7009f6acf4da8ec14053f7faa663503d631308746f67e3168da79fdb1362451a/analysis/1346848086/