Malware in Strawberry Perl v5.10.1.2

[David]

On 2010-07-24 I uninstalled ActiveState Perl and installed Strawberry
Perl v5.10.1.2, largely on the strength of the webpage's implied
indorsement by Larry Wall: "When I'm on Windows, I use Strawberry
Perl." I hope you don't really use this implementation, Larry, because
a couple weeks after the install I got a call from American Express
about several bogus charges to my card--including a $1 charge by a
site called strawberry.com (not strawberryperl.com, the site from
which I downloaded the product). $1 charges seem to be the preferred
method used by scammers to test a card's validity: if the small charge
goes through, these dudes pounce and run it up to the max in an hour
or so. Amex is wise to the trick so they immediately cancelled the
card and sent me a new one with a different number.

I ran ZoneAlarm against the installation and it found bad boys called
Worm.Win32.c* in both xmlcatalog.exe and \bin\dmake.exe. Naturally
when I installed the product I didn't think too much about giving it
'Net access for auto-update purposes, which probably explains how it
was able to grab a credit card number and call home without detection.

*Don't use this product!* I've gone back to ActiveState and I intent
to stay with it.

 

[Uri Guttman]

D> On 2010-07-24 I uninstalled ActiveState Perl and installed Strawberry
D> Perl v5.10.1.2, largely on the strength of the webpage's implied
D> indorsement by Larry Wall: "When I'm on Windows, I use Strawberry
D> Perl." I hope you don't really use this implementation, Larry, because
D> a couple weeks after the install I got a call from American Express
D> about several bogus charges to my card--including a $1 charge by a
D> site called strawberry.com (not strawberryperl.com, the site from
D> which I downloaded the product). $1 charges seem to be the preferred
D> method used by scammers to test a card's validity: if the small charge
D> goes through, these dudes pounce and run it up to the max in an hour
D> or so. Amex is wise to the trick so they immediately cancelled the
D> card and sent me a new one with a different number.

D> I ran ZoneAlarm against the installation and it found bad boys called
D> Worm.Win32.c* in both xmlcatalog.exe and \bin\dmake.exe. Naturally
D> when I installed the product I didn't think too much about giving it
D> 'Net access for auto-update purposes, which probably explains how it
D> was able to grab a credit card number and call home without detection.

D> *Don't use this product!* I've gone back to ActiveState and I intent
D> to stay with it.

this makes no sense. i know the strawberry perl people and they don't
put malware in there. you must have downloaded it from an infected site
or did something else wrong. your issue, not theirs.

uri