LaTeX forum ⇒ TeX Live and MacTeXBAT.CMDFlood - Possible Spyware

Information and discussion about TeX Live distribution for all platforms (Windows, Linux, Mac OS X) and the related MacTeX: installing, updating, configuring
burke
Posts: 1
Joined: Sat Aug 27, 2011 9:48 pm

BAT.CMDFlood - Possible Spyware

Postby burke » Sat Aug 27, 2011 9:59 pm

Has anyone run across this spyware or whatever it is in TeXLive 2011? BAT.CMDFlood

It was found (on two different machines) using ClamXav:
/usr/local/texlive/2011/texmf-dist/context/data/scite/cont-pe-scite.properties: BAT.CMDFlood FOUND
ERROR: Can't unlink '/usr/local/texlive/2011/texmf-dist/context/data/scite/cont-pe-scite.properties': Permission denied

To elaborate: It is also in the 2010 distribution but not 2009.

gefion777
Posts: 1
Joined: Thu Sep 15, 2011 6:28 am

Postby gefion777 » Thu Sep 15, 2011 6:43 am

Found BAT.CMDFlood today on my Mac using ClamXav. Viewed the file in a terminal window using the "More" command. At the beginning the file looks similar to the english version (cont-en-scite.properties). Later strange non-latin characters and several Unicode U+200C characters (zero-width non-joiner) show up.

Seems to be either a corrupted or a hijacked language file.

Decided to delete it using a sudo rm cont-pe-scite.properties command.

User avatar
justdeath
Posts: 69
Joined: Mon Sep 05, 2011 10:27 am

Postby justdeath » Mon Sep 19, 2011 7:09 pm

This is written in Persian language.
The filename is: cont-pe-scite.properties
Obviously pe is short from Persian.

http://translate.google.com/#fa|en|
The language is also known as Farsi, that is why google says fa.

You can translate some strings to see for yourself.

Nikolay


Return to “TeX Live and MacTeX”

Who is online

Users browsing this forum: No registered users and 2 guests