Is softwareupdate.vmware.com serving malware?

Edit: potentially also affection other VMware Product (WorkStation ex.) ‘Check for Updates’ processes.

Today I started my VMware Player I got an Upatre Malware (blogs.technet.com) alert from Microsoft Security Essentials.

kadena

It seems to be part of the Upatre Malware group and usually comes through e-mail, which I never use on my host system. I was immediately triggered to find out the source of this culprit and found a quick fix/temporary solution to null-route the update server until they (VMware) clean their server.

Problem

If you start VMware Player it usually automatically checks for updates. But today a few seconds later Microsoft Security Essentials told me “Win32/Kadena.gen” had been found and quarantined.

Temporary Solution

It’s a quick-fix, temporary solution as you won’t receive updates from VMware anymore while this is in your host file but at least you won’t get infected with malware or get warning from MSE.

Add the following to your host file:

Where is my host file?

Note: This file might be hidden, and required administrator rights to be edited, open a Notepad instance by right clicking ‘Start as Administrator’

Afterwards start a command prompt and type:

Leave a Reply

Your email address will not be published. Required fields are marked *