Virus in "Contact and Calendars App"

SebastianNielse · ‎2021-05-09

There is a virus in the "Contact and Calendars App" - a PHP Backdoor called "Dirtelti.MTG".

Backdoor:PHP/Dirtelti.MTG threat description - Microsoft Security Intelligence

I think that app should be taken down immidiately, as it has been infected.

Filename is "baikal_1.0.2_all.deb" and is located at:

https://apt.readynas.com/packages/readynasos/dists/apps/pool/b/baikal/baikal_1.0.2_all.deb

shot

StephenB · ‎2021-05-10

Looping in mods ( @JohnCM_S and @Marc_V ) just to call this to their attention.

Sandshark · ‎2021-05-10

I already responded to a similar message, but can't find it. It's not unique to ReadyNAS and has likely actually been there for some time, it's just that Windows Defender now looks for it. This is what the PHP web site says about it:

A few days ago, we have noticed that Windows Defender reports some files in the PHP source and test packages as severe threat, claiming they would constitute a backdoor (e.g. Backdoor:PHP/Dirtelti.MTF). These files are auxiliary test files containing eval statements. Are these files backdoors? That depends on the context, i.e. in this case whether they are accessible via the Web. If they are, because they have been uploaded to the webroot of a publicly available Webserver, for instance, they may pose a serious threat. On the other hand, if they are just used on a local machine for development and testing purpuses, they are not malicious in any way.

I'd classify it as a false alarm.

Virus in "Contact and Calendars App"

Virus in "Contact and Calendars App"

Re: Virus in "Contact and Calendars App"

Re: Virus in "Contact and Calendars App"