Trojanized, Info-Stealing PuTTY Version Lurking Online
One of the best first steps in setting up a Windows machine is to install PuTTY on it, so you have a highly evolved secure shell at your command. An anonymous reader writes, though, with a note of caution if you're installing PuTTY from a source other than the project's own official page. A malicious version with information-stealing abilities has been found in the wild. According to the article:
Compiled from source, this malicious version is apparently capable of stealing the credentials needed to connect to those servers. "Data that is sent through SSH connections may be sensitive and is often considered a gold mine for a malicious actor. Attackers can ultimately use this sensitive information to get the highest level of privileges on a computer or server, (known as 'root' access) which can give them complete control over the targeted system," the researchers explained.
The Symantec report linked above also shows that (at least for this iteration) the malware version is easy to spot, by hitting the "About" information for the app.
The best first step is to install Steam, because Windows is only used for gaming.
How does it feel to be on the other side of a generalization, timothy?
Get free satoshi (Bitcoin) and Dogecoins
In this particular situation; because at first glance the main download page, site and URL doesn't look "official" at all.
http://www.chiark.greenend.org...
It would be pretty easy to confuse a slightly more modern looking page for the "main download page".
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
That's a good point actually.
greenend.co.uk is the official domain for PuTTY (specifically, www.chiark.greenend.co.uk). Simon Tatham has hosted it there from the start. I'd be more suspicious of putty.org, honestly.
In Soviet Russia, Jesus asks: "What Would You Do?"
I agree however http://www.putty.org/ links to this page and is the first result on google. The second result is this page. As long as scammers can't get their trojanized putty on google's first page I don't think there is much of a risk.
Anyway, why don't you just use an ad-blocker like uBlock or Adblock Edge?
Because SSH is mostly used to talk to Linux servers. Since when has Microsoft ever done anything to make Windows easier to use with other systems?
I can only assume that almost all downloads from the official site are vulnerable to MITM'ing. And, as PuTTY is such a popular tool, it is surely a prime target for that.