Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Virus in "Contact and Calendars App"
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2021-05-09
05:13 AM
2021-05-09
05:13 AM
Virus in "Contact and Calendars App"
There is a virus in the "Contact and Calendars App" - a PHP Backdoor called "Dirtelti.MTG".
Backdoor:PHP/Dirtelti.MTG threat description - Microsoft Security Intelligence
I think that app should be taken down immidiately, as it has been infected.
Filename is "baikal_1.0.2_all.deb" and is located at:
https://apt.readynas.com/packages/readynasos/dists/apps/pool/b/baikal/baikal_1.0.2_all.deb
Message 1 of 3
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2021-05-10
04:08 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2021-05-10
08:46 AM
2021-05-10
08:46 AM
Re: Virus in "Contact and Calendars App"
I already responded to a similar message, but can't find it. It's not unique to ReadyNAS and has likely actually been there for some time, it's just that Windows Defender now looks for it. This is what the PHP web site says about it:
- A few days ago, we have noticed that Windows Defender reports some files in the PHP source and test packages as severe threat, claiming they would constitute a backdoor (e.g. Backdoor:PHP/Dirtelti.MTF). These files are auxiliary test files containing eval statements. Are these files backdoors? That depends on the context, i.e. in this case whether they are accessible via the Web. If they are, because they have been uploaded to the webroot of a publicly available Webserver, for instance, they may pose a serious threat. On the other hand, if they are just used on a local machine for development and testing purpuses, they are not malicious in any way.
I'd classify it as a false alarm.
Message 3 of 3