It all started around 2pm on the 29th. One of our developers pointed out that one of our installers didn’t look ‘quite’ right.
A directory which should have simply contained “Product (build).exe” had both that file and one named: “Product (buildE.exe”. “Product (buildE.exe” still had it’s digital signature, where as the one that was properly named didn’t.
Hrm, let’s take a look. Scan the files with Trend Micro’s Office Scan, nothing, scan files with AVG, nothing. Jump on Trend’s website, using house call, still nothing.
Do a quick Google search for Virus software ratings which point to “BitDefender” being the best. Run that and *blam* we have an un-identified Win32/File Injector.
These files so happened to be on the same server as all of our software builds, legacy and what not.