Guest User

BitTorrent Mac and Spigot adware

a guest
Nov 18th, 2013
1,020
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Last login: Mon Nov 18 12:49:04 on ttys002
  2. [noar]-[mp]-[12:49:36]
  3. [~]$ cd /tmp/
  4. [noar]-[mp]-[12:49:43]
  5. [/tmp]$ openssl dgst -sha256 ~/Downloads/BitTorrent.dmg
  6. SHA256(/Users/noar/Downloads/BitTorrent.dmg)= 265126d82072b3cf917496943b5149c808006cc7b94c9d84b1e2ced88de01bf3
  7. [noar]-[mp]-[12:49:43]
  8. [/tmp]$ hdiutil attach ~/Downloads/BitTorrent.dmg
  9. /dev/disk4 GUID_partition_scheme
  10. /dev/disk4s1 Apple_HFS /Volumes/BitTorrent-30291
  11. [noar]-[mp]-[12:49:44]
  12. [/tmp]$ cat /Volumes/BitTorrent-30291/BitTorrent-Installer.app/Contents/Resources/InstallerPreferences.plist
  13. <?xml version="1.0" encoding="UTF-8"?>
  14. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  15. <plist version="1.0">
  16. <dict>
  17. <key>Window</key>
  18. <dict>
  19. <key>Width</key>
  20. <integer>620</integer>
  21. <key>Height</key>
  22. <integer>450</integer>
  23. </dict>
  24. <key>Environment</key>
  25. <dict/>
  26. <key>Extensions</key>
  27. <array>
  28. <dict>
  29. <key>URL</key>
  30. <string>http://download.mybrowserbar.com/kits/installers/967150/Welcome.zip</string>
  31. <key>Name</key>
  32. <string>Welcome</string>
  33. </dict>
  34. <dict>
  35. <key>URL</key>
  36. <string>http://download.mybrowserbar.com/kits/installers/967150/Offer.zip</string>
  37. <key>Name</key>
  38. <string>Offer</string>
  39. </dict>
  40. <dict>
  41. <key>URL</key>
  42. <string>http://download.mybrowserbar.com/kits/installers/967150/Installation.zip</string>
  43. <key>Name</key>
  44. <string>Installation</string>
  45. </dict>
  46. <dict>
  47. <key>URL</key>
  48. <string>http://download.mybrowserbar.com/kits/installers/967150/Finish.zip</string>
  49. <key>Name</key>
  50. <string>Finish</string>
  51. </dict>
  52. </array>
  53. </dict>
  54. </plist>
  55. [noar]-[mp]-[12:49:44]
  56. [/tmp]$ curl -O http://download.mybrowserbar.com/kits/installers/967150/Installation.zip
  57. % Total % Received % Xferd Average Speed Time Time Time Current
  58. Dload Upload Total Spent Left Speed
  59. 100 71840 100 71840 0 0 68658 0 0:00:01 0:00:01 --:--:-- 78945
  60. [noar]-[mp]-[12:49:46]
  61. [/tmp]$ unzip Installation.zip
  62. Archive: Installation.zip
  63. creating: Installation/
  64. creating: Installation/img/
  65. inflating: Installation/img/bt_bg.jpg
  66. inflating: Installation/img/bt_bg_01.png
  67. inflating: Installation/img/bt_logo.png
  68. inflating: Installation/img/headline.png
  69. inflating: Installation/img/ut_logo.png
  70. inflating: Installation/index.html
  71. inflating: Installation/installer.css
  72. inflating: Installation/script.js
  73. inflating: Installation/styles.css
  74. [noar]-[mp]-[12:49:46]
  75. [/tmp]$ head -n 10 Installation/script.js
  76. /**
  77. *
  78. */
  79.  
  80. var offerDownloadURL = "http://download.mybrowserbar.com/kits/installers/967150/Payload.zip";
  81. var productDownloadURL = "http://download-new.utorrent.com/uuid/ea36d9fa-29b8-4163-9456-c4c2b7b52c6e";
  82. var totalDownloadSize = 0; // will store the total size of all objects to be downloaded
  83. var totalDownloadPercent = 0; // will store that total percent of all downloaded objects
  84.  
  85. var OFFER_WAS_ACCEPTED = 0;
  86. [noar]-[mp]-[12:49:46]
  87. [/tmp]$ curl -O http://download.mybrowserbar.com/kits/installers/967150/Payload.zip
  88. % Total % Received % Xferd Average Speed Time Time Time Current
  89. Dload Upload Total Spent Left Speed
  90. 100 124k 100 124k 0 0 98k 0 0:00:01 0:00:01 --:--:-- 110k
  91. [noar]-[mp]-[12:49:47]
  92. [/tmp]$ unzip Payload.zip
  93. Archive: Payload.zip
  94. creating: Spigot/
  95. inflating: Spigot/browserctl
  96. inflating: Spigot/postinstall.sh
  97. inflating: Spigot/Searchme.chromeextension.crx
  98. extracting: Spigot/Searchme.safariextz
  99. inflating: Spigot/searchme@mybrowserbar.com.xpi
  100. [noar]-[mp]-[12:49:47]
  101. [/tmp]$ codesign -dvvv /Volumes/BitTorrent-30291/BitTorrent-Installer.app/
  102. Executable=/Volumes/BitTorrent-30291/BitTorrent-Installer.app/Contents/MacOS/BitTorrent-Installer
  103. Identifier=com.bittorrent.BitTorrent-Installer
  104. Format=bundle with Mach-O universal (i386 x86_64)
  105. CodeDirectory v=20100 size=744 flags=0x0(none) hashes=30+3 location=embedded
  106. Hash type=sha1 size=20
  107. CDHash=a876d194f2e83f5ce139c255728b4704f3ef18ff
  108. Signature size=8515
  109. Authority=Developer ID Application: BitTorrent, Inc
  110. Authority=Developer ID Certification Authority
  111. Authority=Apple Root CA
  112. Timestamp=1 nov. 2013 10:27:31
  113. Info.plist entries=23
  114. Sealed Resources rules=4 files=7
  115. Internal requirements count=1 size=196
  116. [noar]-[mp]-[12:49:47]
  117. [/tmp]$
RAW Paste Data