Hacked OO 4.1.5

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Hacked OO 4.1.5

Tom Cordle
Don’t know who to direct this to, but I thought someone should be aware of a possible hack of the most recent version of OO (4.1.). A couple of days ago, I downloaded that version from the Apache website, and was pleased to see improvements in the Impress function. After several hours work, I saved an Impress file, and noticed it was identified in the cue in what I assume was Russian for Impress followed by OpenOffice. Strange, I thought.

I had written copy in that file in English, and when I opened the file again, it was translated into Russian. That made me more than a little suspicious, so I corrected the copy back to English, saved the file with a different name, opened it, and same thing – English translated into Russian.

I’m not crazy, nor am I normally paranoid. But since then, I have received three notices from Google of three attempts to sign into my Google email account, all three thankfully unsuccessful. I have to date not observed any other signs of a virus/hacking on any other apps or services.

Needless to say, all this has left me very concerned – concerned enough that I deleted all my recent Impress files and the OO application itself. That currently leaves me without any word processing/presentation application.

Any advice would be greatly appreciated.

Thank you,
Tom Cordle
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Hacked OO 4.1.5

Dave Fisher
Hi -

Do you recall exactly which version? Full file name of the installation file along with its size.

Regards,
Dave

Sent from my iPhone

> On May 22, 2018, at 10:14 PM, Tom Cordle <[hidden email]> wrote:
>
> Don’t know who to direct this to, but I thought someone should be aware of a possible hack of the most recent version of OO (4.1.). A couple of days ago, I downloaded that version from the Apache website, and was pleased to see improvements in the Impress function. After several hours work, I saved an Impress file, and noticed it was identified in the cue in what I assume was Russian for Impress followed by OpenOffice. Strange, I thought.
>
> I had written copy in that file in English, and when I opened the file again, it was translated into Russian. That made me more than a little suspicious, so I corrected the copy back to English, saved the file with a different name, opened it, and same thing – English translated into Russian.
>
> I’m not crazy, nor am I normally paranoid. But since then, I have received three notices from Google of three attempts to sign into my Google email account, all three thankfully unsuccessful. I have to date not observed any other signs of a virus/hacking on any other apps or services.
>
> Needless to say, all this has left me very concerned – concerned enough that I deleted all my recent Impress files and the OO application itself. That currently leaves me without any word processing/presentation application.
>
> Any advice would be greatly appreciated.
>
> Thank you,
> Tom Cordle
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Hacked OO 4.1.5

Tom Cordle
Hi Dave,

Here’s the link as best I am able to determine from my download queue:

https://phoenixnap.dl.sourceforge.net/project/openofficeorg.mirror/4.1.5/binaries/en-US/Apache_OpenOffice_4.1.5_MacOS_x86-64_install_en-US.dmg <https://phoenixnap.dl.sourceforge.net/project/openofficeorg.mirror/4.1.5/binaries/en-US/Apache_OpenOffice_4.1.5_MacOS_x86-64_install_en-US.dmg>

This would have been on or about the end of April. Hope that helps. Thanks for the follow-up.

Tom

> On May 23, 2018, at 12:06 PM, Dave Fisher <[hidden email]> wrote:
>
> Hi -
>
> Do you recall exactly which version? Full file name of the installation file along with its size.
>
> Regards,
> Dave
>
> Sent from my iPhone
>
>> On May 22, 2018, at 10:14 PM, Tom Cordle <[hidden email]> wrote:
>>
>> Don’t know who to direct this to, but I thought someone should be aware of a possible hack of the most recent version of OO (4.1.). A couple of days ago, I downloaded that version from the Apache website, and was pleased to see improvements in the Impress function. After several hours work, I saved an Impress file, and noticed it was identified in the cue in what I assume was Russian for Impress followed by OpenOffice. Strange, I thought.
>>
>> I had written copy in that file in English, and when I opened the file again, it was translated into Russian. That made me more than a little suspicious, so I corrected the copy back to English, saved the file with a different name, opened it, and same thing – English translated into Russian.
>>
>> I’m not crazy, nor am I normally paranoid. But since then, I have received three notices from Google of three attempts to sign into my Google email account, all three thankfully unsuccessful. I have to date not observed any other signs of a virus/hacking on any other apps or services.
>>
>> Needless to say, all this has left me very concerned – concerned enough that I deleted all my recent Impress files and the OO application itself. That currently leaves me without any word processing/presentation application.
>>
>> Any advice would be greatly appreciated.
>>
>> Thank you,
>> Tom Cordle
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Hacked OO 4.1.5

Dave Fisher
Hi Tom,

More inline.

> On May 23, 2018, at 12:10 PM, Tom Cordle <[hidden email]> wrote:
>
> Hi Dave,
>
> Here’s the link as best I am able to determine from my download queue:
>
> https://phoenixnap.dl.sourceforge.net/project/openofficeorg.mirror/4.1.5/binaries/en-US/Apache_OpenOffice_4.1.5_MacOS_x86-64_install_en-US.dmg <https://phoenixnap.dl.sourceforge.net/project/openofficeorg.mirror/4.1.5/binaries/en-US/Apache_OpenOffice_4.1.5_MacOS_x86-64_install_en-US.dmg>
>

I downloaded this and it validates to be the same as what was distributed originally.

> This would have been on or about the end of April. Hope that helps. Thanks for the follow-up.
>

<snip>

>>> On May 22, 2018, at 10:14 PM, Tom Cordle <[hidden email]> wrote:
>>>
>>> Don’t know who to direct this to, but I thought someone should be aware of a possible hack of the most recent version of OO (4.1.). A couple of days ago, I downloaded that version from the Apache website, and was pleased to see improvements in the Impress function. After several hours work, I saved an Impress file, and noticed it was identified in the cue in what I assume was Russian for Impress followed by OpenOffice. Strange, I thought.

Two things to look at:

(1) macOS System Preferences for Language & Region. What is the language?
(2) OpenOffice Preferences - Language Settings - Languages. What is the default language for documents?


>>>
>>> I had written copy in that file in English, and when I opened the file again, it was translated into Russian. That made me more than a little suspicious, so I corrected the copy back to English, saved the file with a different name, opened it, and same thing – English translated into Russian.
>>>
>>> I’m not crazy, nor am I normally paranoid. But since then, I have received three notices from Google of three attempts to sign into my Google email account, all three thankfully unsuccessful. I have to date not observed any other signs of a virus/hacking on any other apps or services.

I think that you should run a virus scan of your system.

Also which version of MacOSX or macOS are you using?


>>>
>>> Needless to say, all this has left me very concerned – concerned enough that I deleted all my recent Impress files and the OO application itself. That currently leaves me without any word processing/presentation application.
>>>
>>> Any advice would be greatly appreciated.

Regards,
Dave


>>>
>>> Thank you,
>>> Tom Cordle
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [hidden email]
>>> For additional commands, e-mail: [hidden email]
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Hacked OO 4.1.5

Tom Cordle
Dave,
Thanks for the follow-up. I am running OSX Yosemite Version 10.10.5 (14F27). I will try downloading OpenOffice 4.1.5 again and see if the problem persists. Also good advice about running a virus scan - do you have a recommendation in that regard; I have no anti-virus on my iMac other than Apple’s built-in protections.
Thanks again,
Tom

> On May 23, 2018, at 9:41 PM, Dave Fisher <[hidden email]> wrote:
>
> Hi Tom,
>
> More inline.
>
>> On May 23, 2018, at 12:10 PM, Tom Cordle <[hidden email]> wrote:
>>
>
>> Hi Dave,
>>
>> Here’s the link as best I am able to determine from my download queue:
>>
>> https://phoenixnap.dl.sourceforge.net/project/openofficeorg.mirror/4.1.5/binaries/en-US/Apache_OpenOffice_4.1.5_MacOS_x86-64_install_en-US.dmg <https://phoenixnap.dl.sourceforge.net/project/openofficeorg.mirror/4.1.5/binaries/en-US/Apache_OpenOffice_4.1.5_MacOS_x86-64_install_en-US.dmg>
>>
>
> I downloaded this and it validates to be the same as what was distributed originally.
>
>> This would have been on or about the end of April. Hope that helps. Thanks for the follow-up.
>>
>
> <snip>
>
>>>> On May 22, 2018, at 10:14 PM, Tom Cordle <[hidden email]> wrote:
>>>>
>>>> Don’t know who to direct this to, but I thought someone should be aware of a possible hack of the most recent version of OO (4.1.). A couple of days ago, I downloaded that version from the Apache website, and was pleased to see improvements in the Impress function. After several hours work, I saved an Impress file, and noticed it was identified in the cue in what I assume was Russian for Impress followed by OpenOffice. Strange, I thought.
>
> Two things to look at:
>
> (1) macOS System Preferences for Language & Region. What is the language?
> (2) OpenOffice Preferences - Language Settings - Languages. What is the default language for documents?
>
>
>>>>
>>>> I had written copy in that file in English, and when I opened the file again, it was translated into Russian. That made me more than a little suspicious, so I corrected the copy back to English, saved the file with a different name, opened it, and same thing – English translated into Russian.
>>>>
>>>> I’m not crazy, nor am I normally paranoid. But since then, I have received three notices from Google of three attempts to sign into my Google email account, all three thankfully unsuccessful. I have to date not observed any other signs of a virus/hacking on any other apps or services.
>
> I think that you should run a virus scan of your system.
>
> Also which version of MacOSX or macOS are you using?
>
>
>>>>
>>>> Needless to say, all this has left me very concerned – concerned enough that I deleted all my recent Impress files and the OO application itself. That currently leaves me without any word processing/presentation application.
>>>>
>>>> Any advice would be greatly appreciated.
>
> Regards,
> Dave
>
>
>>>>
>>>> Thank you,
>>>> Tom Cordle
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [hidden email]
>>>> For additional commands, e-mail: [hidden email]
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [hidden email]
>>> For additional commands, e-mail: [hidden email]
>>>
>>>
>>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Hacked OO 4.1.5

Tom Cordle
In reply to this post by Dave Fisher
Dave and Brian,

Thought it worthwhile to follow up. I downloaded OpenOffice again, and it appears to be working normally. I saved a test Impress file, and it worked as it should. Out of an abundance of caution, I did not retrieve the previous affected/infected Impress files from Trash.

Also of note and appearing to confirm my suspicions is the fact that government has issued warnings about the very sort of thing I suspected:

https://www.nytimes.com/2018/05/27/technology/router-fbi-reboot-malware.html <https://www.nytimes.com/2018/05/27/technology/router-fbi-reboot-malware.html>

Thanks again for your help and advice,
Tom


> On May 23, 2018, at 9:41 PM, Dave Fisher <[hidden email]> wrote:
>
> Hi Tom,
>
> More inline.
>
>> On May 23, 2018, at 12:10 PM, Tom Cordle <[hidden email]> wrote:
>>
>
>> Hi Dave,
>>
>> Here’s the link as best I am able to determine from my download queue:
>>
>> https://phoenixnap.dl.sourceforge.net/project/openofficeorg.mirror/4.1.5/binaries/en-US/Apache_OpenOffice_4.1.5_MacOS_x86-64_install_en-US.dmg <https://phoenixnap.dl.sourceforge.net/project/openofficeorg.mirror/4.1.5/binaries/en-US/Apache_OpenOffice_4.1.5_MacOS_x86-64_install_en-US.dmg>
>>
>
> I downloaded this and it validates to be the same as what was distributed originally.
>
>> This would have been on or about the end of April. Hope that helps. Thanks for the follow-up.
>>
>
> <snip>
>
>>>> On May 22, 2018, at 10:14 PM, Tom Cordle <[hidden email]> wrote:
>>>>
>>>> Don’t know who to direct this to, but I thought someone should be aware of a possible hack of the most recent version of OO (4.1.). A couple of days ago, I downloaded that version from the Apache website, and was pleased to see improvements in the Impress function. After several hours work, I saved an Impress file, and noticed it was identified in the cue in what I assume was Russian for Impress followed by OpenOffice. Strange, I thought.
>
> Two things to look at:
>
> (1) macOS System Preferences for Language & Region. What is the language?
> (2) OpenOffice Preferences - Language Settings - Languages. What is the default language for documents?
>
>
>>>>
>>>> I had written copy in that file in English, and when I opened the file again, it was translated into Russian. That made me more than a little suspicious, so I corrected the copy back to English, saved the file with a different name, opened it, and same thing – English translated into Russian.
>>>>
>>>> I’m not crazy, nor am I normally paranoid. But since then, I have received three notices from Google of three attempts to sign into my Google email account, all three thankfully unsuccessful. I have to date not observed any other signs of a virus/hacking on any other apps or services.
>
> I think that you should run a virus scan of your system.
>
> Also which version of MacOSX or macOS are you using?
>
>
>>>>
>>>> Needless to say, all this has left me very concerned – concerned enough that I deleted all my recent Impress files and the OO application itself. That currently leaves me without any word processing/presentation application.
>>>>
>>>> Any advice would be greatly appreciated.
>
> Regards,
> Dave
>
>
>>>>
>>>> Thank you,
>>>> Tom Cordle
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [hidden email]
>>>> For additional commands, e-mail: [hidden email]
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [hidden email]
>>> For additional commands, e-mail: [hidden email]
>>>
>>>
>>
>