Someone on my network in typical non-technically inclined fashion decided to download an an apparent Ubuntu 17.10 ISO from an unofficial source.
Here is the source: https://ubuntu.en.uptodown.com/ubuntu/download
sha256: aaf4ba1809e08f6108f1e410174ebcbd49af5cc4f6493ab3d9 8d0683289bbc6e
This is of course not a match for the actual 17.10, which the sha256 hash is: 1a3d2d32ada795e5df47293745a7479bcb3e4e29d8ee1eaa11 4350b691cf38d3
http://old-releases.ubuntu.com/relea....10/SHA256SUMS
I examined the both ISOs, hashed the contents, and compared them. What I ended up getting is 68 files mismatched.
Code:--( Verifying ubuntu17_10.sha256 )---------------------------------------------- C:\ubuntu-17.10-desktop-amd64\md5sum.txt ERR C:\ubuntu-17.10-desktop-amd64\.disk\casper-uuid-generic ERR C:\ubuntu-17.10-desktop-amd64\.disk\info ERR C:\ubuntu-17.10-desktop-amd64\casper\filesystem.manifest ERR C:\ubuntu-17.10-desktop-amd64\casper\filesystem.manifest-remove ERR C:\ubuntu-17.10-desktop-amd64\casper\filesystem.size ERR C:\ubuntu-17.10-desktop-amd64\casper\filesystem.squashfs ERR C:\ubuntu-17.10-desktop-amd64\casper\filesystem.squashfs.gpg ERR C:\ubuntu-17.10-desktop-amd64\casper\initrd.lz ERR C:\ubuntu-17.10-desktop-amd64\casper\vmlinuz.efi ERR C:\ubuntu-17.10-desktop-amd64\dists\artful\Release ERR C:\ubuntu-17.10-desktop-amd64\dists\artful\Release.gpg ERR C:\ubuntu-17.10-desktop-amd64\isolinux\ast.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\be.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\bg.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\bn.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\boot.cat ERR C:\ubuntu-17.10-desktop-amd64\isolinux\bootlogo ERR C:\ubuntu-17.10-desktop-amd64\isolinux\bs.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\ca.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\cs.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\da.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\de.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\el.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\en.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\eo.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\es.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\et.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\eu.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\f1.txt ERR C:\ubuntu-17.10-desktop-amd64\isolinux\fi.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\fr.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\gl.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\he.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\hu.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\id.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\is.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\isolinux.bin ERR C:\ubuntu-17.10-desktop-amd64\isolinux\it.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\ja.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\ka.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\kk.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\km.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\ko.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\lt.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\lv.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\nb.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\nl.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\nn.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\pl.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\pt.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\pt_BR.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\ro.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\ru.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\si.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\sk.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\sl.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\sq.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\sr.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\sv.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\th.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\tr.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\ug.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\uk.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\vi.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\zh_CN.hlp ERR C:\ubuntu-17.10-desktop-amd64\isolinux\zh_TW.hlp ERR C:\ubuntu-17.10-desktop-amd64\[BOOT]\1-Boot-NoEmul.img ERR -------------------------------------------------------------------------------- Errors Occurred: Errors:68 Miss:0 Success:543 Total:611
I zipped 67 of the mismatched files and scanned them with Virus Total (filesystem.squashfs is too large to scan).
https://www.virustotal.com/#/file/33...63ed/detection
It came back with a hit, but I have no idea what it is or if it's even anything, or how such malware would infect (on the windows PC where it was downloaded, or through the network after booting and installing the suspicious ISO).
I recall that when Ubuntu was installed and I was presented with the interface, it displayed "beta" or something, so maybe the file from UpToDown is mislabeled and is actually an Ubuntu beta? I can't whether or not the hash is associated with a legitimate Ubuntu ISO.
When googling it, I came up with a bug report of Ubuntu's official website offering an ISO file that has the exact same hash as what would be downloaded from UpToDown, which maybe indicates it could have been the beta being incorrectly offered as 17.10?
https://bugs.launchpad.net/ubuntu/+bug/1727288
More discussion I found about the hash mismatch:
https://translate.google.com/transla...p%3Ft%3D182723
So does anybody know what I could potentially be dealing with here?
Adv Reply
Bookmarks