[gnu.org #1502445] GNU Octave website hacked and links replaced with trojan-containing installer??

[Ian Kelling via RT]

On Mon Mar 02 01:03:47 2020, address@hidden wrote:
> Hi there
> 
> I'm not sure if I'm imagining things here but I am very suspicious:
> 
> Just installed Octave on Windows 10 from
> https://www.gnu.org/software/octave/download.html
> 
> I noticed that Symantec detected the security risk "Trojan.Gen.MBT" in
> a libsqlite library:
> 
> 
> Scan type: Auto-Protect Scan
> 
> Event: Risk Found!
> 
> Security risk detected: Trojan.Gen.MBT
> 
> File: C:\Octave\Octave-5.2.0\mingw64\bin\libsqlite3-0.dll
> 
> Location: C:\Octave\Octave-5.2.0\mingw64\bin
> 
> Computer: LIBPF1FL7FE
> 
> User: SYSTEM
> 
> Action taken: Pending Side Effects Analysis : Access denied Date
> found: Monday, 2 March 2020  1:32:50 PM
> 
> I looked at the installers locations, and they use ftpmirror.gnu.org
> instead of ftp.gnu.org<ftp://ftp.gnu.org>
> 
> I looked at the website ftpmirror.gnu.org and it redirects to
> https://mirror.freedif.org/GNU/
> 
> The website freedif.org looks very dodgy to me.
> 
> Looks like all URLs in the windows download page have been replace
> with this.
> 
> I am imagining things? What is going on here?
> 
> Cheers
> 
> ---
> Stéphane Guillou (he/him) -
>    Technology trainer (Library)
>    UQ Ally Network member | Green Office representative
> The University of Queensland | St Lucia | QLD 4072 Australia
> p: (+61) 7 344 32705 | m: (+61) 4 68 37 37 48 | @:
> address@hidden<mailto:address@hidden>
> 
> Please consider the environment and print this email only if necessary

Sounds like a false positive to me. I suggest checking the
signature of the file you downloaded, there are some basic
instructions in the text at the top of https://ftp.gnu.org

-- 
Ian Kelling | Senior Systems Administrator, Free Software Foundation
GPG Key: B125 F60B 7B28 7FF6 A2B7  DF8F 170A F0E2 9542 95DF
https://fsf.org | https://gnu.org