[R] trojan with R download
Marc Schwartz
marc_schwartz at me.com
Fri Jul 31 18:01:05 CEST 2015
> On Jul 31, 2015, at 5:55 AM, tom walk <rootswalk at yahoo.co.uk> wrote:
>
>
>
>
> I am working in China for a month and needed to download an earlier version of R in order to use Deseq2 and its requirements. The download got to the last few seconds and hung up. A trojan was found. It could be coincidence that it happened when I was downloading R, or perhaps a man in the middle added a little something. Anyway, I thought you might be interested. You might want to check on this source and others from this server.
>
>
> https://mirrors.ustc.edu.cn/CRAN/bin/windows/base/old/3.0.3/R-3.0.3-win.exe
These things are typically false positives due to overly aggressive filtering.
I downloaded the above file from the same server:
$ md5 R-3.0.3-win.exe
MD5 (R-3.0.3-win.exe) = 446db51e5c188ed2dccbd44dfa5f4aa9
The official MD5 value from the main CRAN server at:
https://cran.r-project.org/bin/windows/base/old/3.0.3/md5sum.txt
is:
446db51e5c188ed2dccbd44dfa5f4aa9 *R-3.0.3-win.exe
So unless that hash value was compromised centrally...which if that is the case, it has been long enough that mirrors would probably reflect that as well.
Presuming you can get to a different server, try it to see what happens.
Regards,
Marc Schwartz
More information about the R-help
mailing list