Combofix Infected with Sality

Yesterday it came to my attention that some downloads of Combofix had been infected with Sality malware.   You can read the official post here from Grinler over at bleepingcomputer.  Grinler states that…

“The minute we heard about this, we pulled the executable so that it is no longer available from Unfortunately we have no control over other sites that may have mirrored ComboFix without permission, so please do not attempt to download it elsewhere.”

I don’t really use Combofix that much, but it sure does give me pause about using it now.

, , ,

4 Responses to Combofix Infected with Sality

  1. Sean January 30, 2013 at 9:08 pm #

    That’s pretty nasty. D: How could this have even happened? Was the developer’s computer compromised or something?

    • malwarekilla January 31, 2013 at 3:37 pm #

      Probably one of those SQL injection hacks on their fileserver.

  2. Xystren January 31, 2013 at 12:07 am #

    It is one of those things – just a matter of time. I remember in the late 1980’s/early 1990s WordPerfect being shipped with a virus (Jerusalem B if memory serves me correctly) on disk (5 1/4″) from the factory. It was ironic, because not much more than a week earlier, the computer science experts were stating if you used proper commercial software, you wouldn’t get infected, and could only get infected if you used software or utilities that were downloaded from BBS’s or the likes. I was extremely offended at that statement as I was a BBS sysop.

    It sucks and it creates a loss in confidence – especially with a security/prevention type company. But we all know, this isn’t the first time this has occurred, and certainly will not be the last occurrence either. For those of us that have been doing this for a long while, it is never a case of “if”, but a case of “when” you might get hit.

    Just another example of why we need to review what we preach. Keep those backups up to date, keep your definitions and security updates current, and perhaps review you processes and procedures. Unfortunately it becomes so easy to be complacent, yet this is an excellent example of why we should do that review.

    Regardless, the guys over at do some great work, and provide a great service, much the same way that Matt does here at

    It just shows it can happen to the best of us.


    • jcitizen February 3, 2013 at 2:39 am #

      Kudos to for pointing this out!

Leave a Reply