Receving malware when trying to download node.js v0.12.0 Windows 32-bit installer
46 views
Skip to first unread message
Roman O.
Mar 20, 2015, 1:38:31 PM3/20/15
to nod...@googlegroups.com
I am experiencing a rather strange issue while downloading node.js v0.12.0 Windows 32-bit installer.
Instead of getting the expected installer from here http://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi I am receiving a completely different executable - an installer for Elcomsoft's Advanced EFS Password Recovery (whatever that is) or at least something that tries to look like one.
Both files are exactly the same size but SHA sums obviously don't match.
SSL version of the link - https://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi works as expected. i.e. downloads the correct node.js installer.
I have verified this on three different machines running Fedora, CentOS, and Windows. None of these machines ever exchanged any files or used anything else but the default repos. In fact the windows machine is a 13 years old pc pulled out of storage with a freshly installed OS.
So presumably that dismisses any possibility of rootkits.
It doesn't seems to be due to my router or ISP either. I am getting the wrong executable on two of my neighbours' Wi-Fi networks and at least one of them seems to be using different ISP.
However it doesn't seem to be happening on other ISPs I have tested so far.
Instead of getting the expected installer from here http://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi I am receiving a completely different executable - an installer for Elcomsoft's Advanced EFS Password Recovery (whatever that is) or at least something that tries to look like one.
Both files are exactly the same size but SHA sums obviously don't match.
SSL version of the link - https://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi works as expected. i.e. downloads the correct node.js installer.
I have verified this on three different machines running Fedora, CentOS, and Windows. None of these machines ever exchanged any files or used anything else but the default repos. In fact the windows machine is a 13 years old pc pulled out of storage with a freshly installed OS.
So presumably that dismisses any possibility of rootkits.
It doesn't seems to be due to my router or ISP either. I am getting the wrong executable on two of my neighbours' Wi-Fi networks and at least one of them seems to be using different ISP.
However it doesn't seem to be happening on other ISPs I have tested so far.
The nodejs.org domain on all of the above resolves to the same IP.
It seems that someone else has been having the same issue too: http://www.reddit.com/r/node/comments/2w6okd/nodejs_windows_installer_msi_32_bit_link
It seems that someone else has been having the same issue too: http://www.reddit.com/r/node/comments/2w6okd/nodejs_windows_installer_msi_32_bit_link
Reply all
Reply to author
Forward
0 new messages