AutoHotkey Community

[wtfagain]

Could be a false positive, but reported by F-Secure AND Kaspersky antiviruses on different machines .
Name : Trojan-Downloader.JS.Psyme.le

[Harper]

i ever known this
ahk can´t be so good and not be evil^^

[Guest]

[Phaze]

Scanned with Avast, PC-cillin, and AVG. No problems here. I think you're programs are just over-protective, or misinterpreting something. It's safe. Stop posting these.
_________________

[Superfraggle]

It's a common problem, report it to your AV company as a false positive.
_________________
Steve F AKA Superfraggle

http://r.yuwie.com/superfraggle

[daonlyfreez]

Jotti's malware scan

[sleepwell]

yeah yeah old news, known problem, you should also uninstall your antivirus to avoid these annoying warnings...

[daonlyfreez]

Well, you shouldn't uninstall your AntiVirus (but I guess the previous poster was making an attempt at sarcasm), but you could inform your AntiVirus company of this warning as a probable "false positive".
_________________
(sorry, homesite offline atm)

[ahklerner]

If you read it, it is saying that the trojan is in the JAVASCRIPT of the HOMEPAGE. I am pretty sure this is not about the installer having a virus.....at least this time.

[sleepwell]

Oh well i'll try to help a bit, why not?

Title : AHK Homepage distributes Psyme Trojan
This could indicate us the homepage is infected, not the install/software itself. Who knows? Maybe we should have a look at the sourcecode of the index.html. Or maybe not, i feel a little lazy tonight...

Name of the Trojan : Trojan-Downloader.JS.Psyme.le
JS, JS, JS... What does it stand for, JS... Man, am I tired...

Number of entries for psyme on the forums : 2, including the current topic
The second topic is also from today, huh?

Googling a bit for psyme : virulist.com & sophos.com, interesting stuff
Well I aint gonna do all work for u, see for urself

First shortcut/action in the template script: Open www.autohotkey.com
...In the default browser on Windows, heeheehee thats gettin funny...

Now im almost awake, should i stand up? Well, erff eh, no...
As they said, old known problem... shouldnt give a ****... zzzzzzzzzz

[sleepwell]

Edit : use Firefox with Noscript to call up the homepage, im tellin u guys
Actually nobody with JS activated should access it, I mean I think so...

[Chris]

Thanks for the report; this has been fixed.

Now to search the log files to try to figure out how it got on there. Update: I've found the security hole and plugged it.

To anyone affected by this, I apologize for the problem.

[sleepwell]

Now that was an interesting topic : everybody except for the Site Admin Chris and ahklerner misunderstood/downplayed the threat.
From Guest "way to jump the gun", over Phaze "It's safe. Stop posting these", Superfraggle "It's a common problem" to daonlyfreez oh so useful logs and "probable false positive", a nice journey through the "nothing to see here" country.
This was a trojan you installed on your machine without ur knowledge by just surfing on the homepage or testing the template script. Does it ring now?
Thanks to Chris for removing the security hole (pretty ugly JS script in the HTML code) quickly.

Now to the Lessons/Thoughts/Suppositions/Trivia:

-people having the ability to read/understand what they read are a minority
-Windows users are not security-oriented, even if they have the correct tools they cant make a use of it (message AV -> false positive...), this seems to be clearly history-related (duh, another warning...)
-people have indeed the ability to read and are security-oriented, but they write trojans, so it could be better for them to downplay the threat in the forums of the target
-IE with JS activated by default (it is, or not? dunno) is still the most popular browser.
-AHK is a win-app aimed in my opinion at office/corporate users who do not have the choice to use another OS than Windows and another browser than IE at work and still want to be/get more productive.
-theres been a bit of publicity around AHK in the last days/weeks, i think i saw what on reddit, liveslick and lifehacker with DIRECT LINKS to the homepage

To sum it up:
It would be nice to know for how long the JS script has been waiting for hits on the page, and also to know the average hit-count/day of the homepage. This could help figure the extend of the attack and incite people to take measure on monday morning before all the $ start flowing in the wrong directions.
In the end :
-do not use IE
-do not use JS
-do not use Windows
Good luck

[Chris]

[Guest]

Very irresponsible of you to allow such a thing to happen.
I love autohotkey, but.. really.