Firmware Updater - Malware?

I just got my V6 triggers and went to update the firmware. I downloaded the firmware software from Cactus, and much to my surprise my antivirus (Kaspersky) identified it as containing the AdWare "Eorezo".


What's up?

Comments

  • Additional Info - from Link from Virustotal

  • Noted your problem. I have forwarded to our software team and will report back.

    Thank you for your understanding.
    Antonio Lao
    Brand Manager
    _____________

    To help us better help you, always state the exact firmware version installed on your Cactus device(s), such as: "1.1.013", "NIK.A.001", "v.103", or "A06".

    TTL or HSS not working on Cactus V6 II and V6 IIs? Be sure to check hot shoe connectivity by doing the <CAMERA INFO> check.

    Feel free to suggest an improvement or share product ideas. Contact us directly at info@cactus-image.com.  At Cactus, we listen. 
  • @Orangish ; We tried it on one of our colleague's computer equiped also with Kaspersky and the Updater was donwloaded and installed without any prompts.

    In any case the program is safe to use and without any harm that we could foresee to have.

    Thank you!
    Antonio Lao
    Brand Manager
    _____________

    To help us better help you, always state the exact firmware version installed on your Cactus device(s), such as: "1.1.013", "NIK.A.001", "v.103", or "A06".

    TTL or HSS not working on Cactus V6 II and V6 IIs? Be sure to check hot shoe connectivity by doing the <CAMERA INFO> check.

    Feel free to suggest an improvement or share product ideas. Contact us directly at info@cactus-image.com.  At Cactus, we listen. 
  • FYI, I use Norton and while not noted as malware exactly, it was blocked and automatically uninstalled due to 'low reputation'.  This seems to be because it is almost unused globally, which makes sense given our niche.  

    I had to re-install and force Norton to accept the application via excpetions.  

    However, it would be a good idea to pro-actively reach out to the major vendors as I think this issue will continue to plague you due to the low install rate compared to more mainstream software. 
  • Thanks @JBoot for the suggestion. I have passed the message to our R&D team.
    Antonio Lao
    Brand Manager
    _____________

    To help us better help you, always state the exact firmware version installed on your Cactus device(s), such as: "1.1.013", "NIK.A.001", "v.103", or "A06".

    TTL or HSS not working on Cactus V6 II and V6 IIs? Be sure to check hot shoe connectivity by doing the <CAMERA INFO> check.

    Feel free to suggest an improvement or share product ideas. Contact us directly at info@cactus-image.com.  At Cactus, we listen. 
  • Low Reputation will invariably affect all new programs after they are released, but does not necessarily mean the file is bad, just that you are one of the first people to have seen the file and that it hasn't been observed to exhibit malicious behavior.

    Reputation is based on prevalence of the files, where they are downloaded from, and other factors.
  • Thanks for chiming in, @THoff!  Much appreciated :)
    Antonio Lao
    Brand Manager
    _____________

    To help us better help you, always state the exact firmware version installed on your Cactus device(s), such as: "1.1.013", "NIK.A.001", "v.103", or "A06".

    TTL or HSS not working on Cactus V6 II and V6 IIs? Be sure to check hot shoe connectivity by doing the <CAMERA INFO> check.

    Feel free to suggest an improvement or share product ideas. Contact us directly at info@cactus-image.com.  At Cactus, we listen. 
  • With the release of V6 firmware v3.0.7, most likely we don't use the V6 firmware V2.0.7 (file date Sep 6, 2016) anymore. But for people who still have it, you should be aware of the malware "Heur.AdvML.B" exist in that version of the firmware release. Therefore, you should scan your Windows computer for that particular malware. You can go to Norton webpage
    "https://www.symantec.com/security-center/writeup/2016-051811-2400-99" to get more details.

    I was intended to attached the original downloaded zip file of V6 firmware 2.07 but Cactus website does not allow to attach since it complained the file is too big (2.4MB) to include.

    Therefore, i attached the screenshot that i captured from my Norton Security report when i happened to unzip the zip file as Norton Security quarantine the "setup.exe" file due to detection of the "Heur.AdvML.B" malware in the setup file. See below


  • edited November 9
    1. You appear to be talking about the "Firmware Updater" software itself, not a V6 firmware version. Firmware versions cannot contain viruses that are harmful to a PC/Mac. They are contained in very small files that contain code intended for the processing unit in a V6, which runs different code than PCs/Macs.
    2. The threat name "Heur.AdvML.B" implies that detection was achieved through applying a heuristic. This approach is bound to produce false positives, i.e. sometimes report threats when there aren't any.
    3. Given that the Firmware updater version you refer to has been around for over two years without any reports regarding a virus threat, it seems very unlikely that it actually contains a virus.
    It is a very good idea to be extra careful and ideally Symantec should look at the executable and determine whether it actually contains problematic code, but in this instance I'm inclined to believe that you came across a false alarm.
Sign In or Register to comment.