Possible Malware in Mezzmo mirror site ?

[frogger38]

Today I followed the link from the Mezzmo site to CNET download.com and downloaded mezzmo-setup and installed it for a trial with the intention of purhase if it worked OK. After I had configured it and started scanning my media directories, I received two alerts from McAfee that Mezzmo was attempting to connect to two remote sites which were known to be malicious. These trace to one in Germany and one in USA, but neither of the addresses seem affiliated with Conceiva.

I have completly stopped all services and removed the application and reported it to support via the uninstall reason question.

I don't believe the original file intended to do this but it is possible that the mirror download site that is being used has been hacked and the file changed. This idea may be supported by the HTML errors on the page.
PLEASE BE AWARE of POTENTIAL ISSUES.

If an administrator or moderator one can direct me to a reliable source, I would like to evalute the software and purchase. If the Conceiva staff requires more information they can email me for the details. I should state that I am an IT security professional and assure you this is not a false alert or hoax. I have also seen other reports of an identical issue.

Thanks

Frogger

[Paul]

Thanks for alerting us to this. We will check out CNET's download.com immediately and check if they are adding anything over the top of our installer. We'll report back here once our testing is done.

For a direct download link, you can always get the latest Mezzmo installer from: http://www.conceiva.com/downloads/mezzmo-setup.exe

Mezzmo does not purposefully contact any malicious sites - however whilst you are adding your files into your Mezzmo library or maintaining your Mezzmo library, by default, Mezzmo will download album artwork for your music from internet web sites so that you have great looking artwork when browsing/playing your music on your DLNA device. Mezzmo may contact many sites whilst downloading artwork for your files. I guess it may be possible that some of these sites have been blacklisted by your system protection software (MacAfee). Note: You can turn off getting album artwork from internet web sites in the Options dialog in Mezzmo.

[ftanner]

There was an article a while back about third party download sites adding a "wrapper" around the installation files that they hosted to add additional applications (that were paid for by the additional app companies) to the installation of applications that they hosted.

Download.com was one of the hosting companies that was guilty of that.

http://www.extremetech.com/computing...ut-motivations

[Paul]

We have downloaded 'mezzmo-setup.exe' from CNET download.com and tested it. We could not find anything malicious or wrapped in our Mezzmo installer. So we are confident that CNET is not adding anything to our installer.

We do note that CNET download.com does have a recent policy of wrapping installers from software companies like us with adware. They seem to be doing this for some software product installers and not all at this stage (e.g. not yet the Mezzmo installer). We will monitor this and re-evaluate placing our default download location for 'mezzmo-setup.exe' on CNET download.com.

If you have any further concerns, please let us know and we will help out.

[frogger38]

@Paul, Conceivia staff.
Thanks for getting back so promptly. I have re-download from the link you supplied, and reinstalled, turned off album art work from internet, and I can confirm no alerts from McAfee when scanning media. It is probable that McAfee have blacklisted album artwork sites (not unusual). I think the Mezzmo program looks good, you proably need to review where you get artwork from or set the default installs to opted out, with the ability to opt in.
I accept my PC is borderline spec. requirements, but the application is too processor hungry for me, when transcoding CPU=100%. Even when I stopped all trancoding, stopped the service and closed Mezzmo. The ffmpeg process was still running at 90% and had to be killed manually. I have uninstalled and gone back to a more basic DLNA server, but I'll likely come back when I get an i7 Quad core PC.

[Paul]

Thanks for your feedback & confirmation about no malware in Mezzmo.

With regards transcoding & your underpowered PC, you can use the pre-transcode feature in Mezzmo to transcode your files before streaming so that there is no stuttering, etc. You can schedule your pre-transcoding for a time of day that suits (e.g. overnight). Hope you re-visit Mezzmo again one day