Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Microsoft Defender detects Trojan:Linux/Multiverze: on ISO [solved]

Ask for help with issues regarding the Installations of the Debian O/S.
Post Reply
Message
Author
newuser
Posts: 7
Joined: 2021-08-26 23:37
Has thanked: 2 times
Been thanked: 1 time

Microsoft Defender detects Trojan:Linux/Multiverze: on ISO [solved]

#1 Post by newuser »

I wanted to try Debian 11 with LXDE on an old PC.

I downloaded the nonfree ISO first, and I analyzed it with Microsoft Defender, which identified it as a serious threat.

Then I have downloaded the version that does not include nonfree, and I analyzed it, and it was identified as a threat as well. 

I think it must be a Microsoft Defender confusion, but when in doubt I thought it would be better to ask.

Do you think there may be a Trojan in the ISOs that has gone unnoticed?

Thanks. :)

Image:
Captura de pantalla 2021-08-26 212134.png
Captura de pantalla 2021-08-26 212134.png (29.97 KiB) Viewed 5677 times
Files:
debian-live-11.0.0-i386-lxde+nonfree
debian-live-11.0.0-i386-lxde

Trojan:Linux/Multiverze:
https://www.microsoft.com/en-us/wdsi/th ... 2147783419
Last edited by newuser on 2022-05-30 18:34, edited 1 time in total.

User avatar
4D696B65
Site admin
Site admin
Posts: 2696
Joined: 2009-06-28 06:09
Been thanked: 85 times

Re: Microsoft Defender detects Trojan:Linux/Multiverze: on ISO

#2 Post by 4D696B65 »

newuser wrote: 2021-08-27 00:25 I think it must be a Microsoft Defender confusion
Me too
newuser wrote: 2021-08-27 00:25 Do you think there may be a Trojan in the ISOs that has gone unnoticed?
No

User avatar
FreewheelinFrank
Global Moderator
Global Moderator
Posts: 2063
Joined: 2010-06-07 16:59
Has thanked: 38 times
Been thanked: 221 times

Re: Microsoft Defender detects Trojan:Linux/Multiverze: on ISO

#3 Post by FreewheelinFrank »

It is undoubtedly what is known as a false positive, where an anti virus program detects an innocent piece of code as malware. You can submit the file to Microsoft for analysis. They will tell you if it is indeed a false positive. You should do this so that Microsoft can update its detections and other users will experience the same worry.

https://www.microsoft.com/en-us/wdsi/filesubmission

You can also submit the files to VirusTotal for analysis by multiple anti virus engines to see which anti virus programs detect the files as malware. In the case of a false positive it is usually one out of many.

https://www.virustotal.com/gui/home/upload

newuser
Posts: 7
Joined: 2021-08-26 23:37
Has thanked: 2 times
Been thanked: 1 time

Re: Microsoft Defender detects Trojan:Linux/Multiverze: on ISO

#4 Post by newuser »

Thanks 😊 I'll try that

trinidad
Posts: 289
Joined: 2016-08-04 14:58
Been thanked: 13 times

Re: Microsoft Defender detects Trojan:Linux/Multiverze: on ISO

#5 Post by trinidad »

Yeah... follow the yellow brick road Dorothy... MSDef identifies any fs with viable hardware and/or network detection not signed by MS or its given OEM partner as a threat, even extending as far as legally obtained firmware. They will laugh at you for submitting a Debian 11 ISO, and reply "don't do that". Jeez Frank.

TC
You can't believe your eyes if your imagination is out of focus.

User avatar
FreewheelinFrank
Global Moderator
Global Moderator
Posts: 2063
Joined: 2010-06-07 16:59
Has thanked: 38 times
Been thanked: 221 times

Re: Microsoft Defender detects Trojan:Linux/Multiverze: on ISO

#6 Post by FreewheelinFrank »

trinidad wrote: 2021-08-27 18:21 Yeah... follow the yellow brick road Dorothy... MSDef identifies any fs with viable hardware and/or network detection not signed by MS or its given OEM partner as a threat, even extending as far as legally obtained firmware. They will laugh at you for submitting a Debian 11 ISO, and reply "don't do that". Jeez Frank.

TC
Challenge accepted.

kedaha
Posts: 3521
Joined: 2008-05-24 12:26
Has thanked: 33 times
Been thanked: 77 times

Re: Microsoft Defender detects Trojan:Linux/Multiverze: on ISO

#7 Post by kedaha »

I don't use Windows but surely the downloaded image can be verified? Do a search for, for example: "Verify a Checksum On Windows."
For example: how-to-verify-a-downloaded-linux-iso-file-wasnt-tampered-with
DebianStable

Code: Select all

$ vrms

No non-free or contrib packages installed on debian!  rms would be proud.

User avatar
FreewheelinFrank
Global Moderator
Global Moderator
Posts: 2063
Joined: 2010-06-07 16:59
Has thanked: 38 times
Been thanked: 221 times

Re: Microsoft Defender detects Trojan:Linux/Multiverze: on ISO

#8 Post by FreewheelinFrank »

I have downloaded the ISO and uploaded the file (livevmlinuz-5.10.0-8-686) to VirusTotal. (I get to play with LXDE later too!)

It is detected as malware by 18 security vendors, mostly using generic or heuristic detection (which says that it resembles or behaves like malware in some way). Microsoft calls it a Trojan. This is not to say it is likely to actually be a Trojan, because heuristic/generic detections are notoriously prone to false positives (and Microsoft's detection is almost certainly wrong).

https://www.virustotal.com/gui/file/91e ... /detection

I have submitted the file to Microsoft for analysis. We will see what they say.

I will also submit the file to the other vendors that have a false positive submission system and see what they say.

User avatar
FreewheelinFrank
Global Moderator
Global Moderator
Posts: 2063
Joined: 2010-06-07 16:59
Has thanked: 38 times
Been thanked: 221 times

Re: Microsoft Defender detects Trojan:Linux/Multiverze: on ISO

#9 Post by FreewheelinFrank »

Microsoft no longer detects the file as malware. Detections at VirusTotal now down to 14. Ad-Aware, cynet and Bitdefender also seem to be on the ball, although Bitdefender Theta (machine learning based, apparently) still detects the file.

User avatar
FreewheelinFrank
Global Moderator
Global Moderator
Posts: 2063
Joined: 2010-06-07 16:59
Has thanked: 38 times
Been thanked: 221 times

Re: Microsoft Defender detects Trojan:Linux/Multiverze: on ISO

#10 Post by FreewheelinFrank »

Down to 7 already. Of the big names, Trend Micro gets the booby prize for tardiness.

newuser
Posts: 7
Joined: 2021-08-26 23:37
Has thanked: 2 times
Been thanked: 1 time

Re: Microsoft Defender detects Trojan:Linux/Multiverze: on ISO [solved]

#11 Post by newuser »

Thanks for the comments, now I'm doing that file submission with the ISO when I have that kind of alert.

Post Reply