[Solved] Associated cost or hacked site
[Solved] Associated cost or hacked site
I was under the impression that OO is free to download. I sent my niece this URL (https://www.openoffice.org/download/) and she attempted to download OO to her mac yesterday. Her mac started acting very sluggishly when she opened a .odt file I had sent her so she closed it and revisited it this morning. Then she got a screen demanding credit card information. It sounded like she got hacked or virus'd and I'm trying to figure out if it was because the URL for the download is fake or if it's something else. I approached the web page via links from this URL (https://openoffice.apache.org/index.html) and got what looks like the same URL (https://www.openoffice.org/download/ as I sent her. Please give me an opinion about what is going on.
Last edited by MrProgrammer on Mon Mar 31, 2025 6:27 pm, edited 1 time in total.
Reason: Tagged ✓ [Solved] Linked to pages which describe checksum verification for an OpenOffice file download
Reason: Tagged ✓ [Solved] Linked to pages which describe checksum verification for an OpenOffice file download
OpenOffice 4.1.4 on Windows 10
-
Hagar Delest
- Moderator
- Posts: 33416
- Joined: Sun Oct 07, 2007 9:07 pm
- Location: France
Re: Associated cost or hacked?
Rather weird indeed.
Can she open other files to see if she gets the same kind of dialog asking for credit card information? Or merely create new files from AOO?
There is no such request from AOO. Or maybe she clicked a button for donation. I don't remember if there is one however.
Can she open other files to see if she gets the same kind of dialog asking for credit card information? Or merely create new files from AOO?
There is no such request from AOO. Or maybe she clicked a button for donation. I don't remember if there is one however.
LibreOffice 25.2 on Linux Mint Debian Edition (LMDE Faye) and 24.8 portable on Windows 11.
Re: Associated cost or hacked?
Or perhaps clicked on something on the SourceForge page. To quote myself from another similar topic:
The proper, and only, site to download is https://openoffice.org/download/ This will allow you to select the appropriate version of AOO for your operating system; you will then be redirected to Sourceforge to download the chosen package. DO NOT click on any links on the Sourceforge page, just wait a few moments for the download to automatically begin.
Slackware 15 64 bit
Apache OpenOffice 4.1.15
LibreOffice 25.2.5.2; SlackBuild for 25.2.5 by Eric Hameleers
---------------------
Apache OpenOffice 4.1.15
LibreOffice 25.2.5.2; SlackBuild for 25.2.5 by Eric Hameleers
---------------------
Roses are Red, Violets are Blue]
Unexpected '{' on line 32.-
MrProgrammer
- Moderator
- Posts: 5297
- Joined: Fri Jun 04, 2010 7:57 pm
- Location: Wisconsin, USA
Re: Associated cost or hacked?
We, and perhaps you too, have no idea what she actually did. So we can't know why that happened.
Mac FAQ Q03/A03: How do I install OpenOffice on a Mac?
Mac FAQ Q18/A18: How do I verify the checksum for an installation file on a Mac?
A03 specifically says not to click anything on the SourceForge page. Twice.
A18 allows a Mac user to verify that the downloaded file was created by Apache OpenOffice.
Cleaning a Mac of malware is not an OpenOffice problem. An Apple forum is a better place to look for assistance. As a start, drag recently downloaded files to the trash and drag any recently installed applications there too. Then restart the Mac.
Mr. Programmer
AOO 4.1.7 Build 9800, MacOS 13.7.6, iMac Intel. The locale for any menus or Calc formulas in my posts is English (USA).
AOO 4.1.7 Build 9800, MacOS 13.7.6, iMac Intel. The locale for any menus or Calc formulas in my posts is English (USA).
Re: Associated cost or hacked?
The usual suspects
With the install appearing as a combination of "resource hog" and an "askformoney" scheme, the usual suspects are already mentioned. Links from SourceForge ad banners/popups. They tend to be prominently visible, and tempting to click, often with a blinking attribute to trigger your clickerfinger. It is not rare that those links point to content with some level of malice.
It is of course possible that it is an authentic "please contribute" request, but that is less likely when it is persistent and it makes the computer run significantly slower.
I have also another suspect:
The fairly usual suspect
Young people tend to go places online based on search. Of course they use links if clickable, but when facing a URL-type-in situation, they commonly type only part of it, do a search, and click one of the top results (which often are not places you want to visit; those link targets are at least as likely to lead to malicious content as the sourceforge links mentioned above).
Many of our younger users are not conscious about the difference - online - between "an address" and "a search". (I work with user support in a secondary-level school; I know this.)
Suggestion
So, if the issue remains unresolved: if your niece received the URL on her phone, then proceeded to her Mac to download, she may indeed have downloaded a rogue product (which at best may be uninstalled by dropping the Applications entry in the junk) or some "passenger app" malware may have attached itself (in which case she probably needs some antimalware tool to remove it).
With the install appearing as a combination of "resource hog" and an "askformoney" scheme, the usual suspects are already mentioned. Links from SourceForge ad banners/popups. They tend to be prominently visible, and tempting to click, often with a blinking attribute to trigger your clickerfinger. It is not rare that those links point to content with some level of malice.
It is of course possible that it is an authentic "please contribute" request, but that is less likely when it is persistent and it makes the computer run significantly slower.
I have also another suspect:
The fairly usual suspect
Young people tend to go places online based on search. Of course they use links if clickable, but when facing a URL-type-in situation, they commonly type only part of it, do a search, and click one of the top results (which often are not places you want to visit; those link targets are at least as likely to lead to malicious content as the sourceforge links mentioned above).
Many of our younger users are not conscious about the difference - online - between "an address" and "a search". (I work with user support in a secondary-level school; I know this.)
Suggestion
So, if the issue remains unresolved: if your niece received the URL on her phone, then proceeded to her Mac to download, she may indeed have downloaded a rogue product (which at best may be uninstalled by dropping the Applications entry in the junk) or some "passenger app" malware may have attached itself (in which case she probably needs some antimalware tool to remove it).
Last edited by keme on Wed Mar 26, 2025 3:40 pm, edited 2 times in total.
Re: Associated cost or hacked?
Available from https://www.openoffice.org/download/index.html via the question below links form:
(?) (i) How to verify the download?
The link points up the url
https://www.openoffice.org/download/checksums.html
you can there find some explanations how to check validity of downloaded files. If the checksums does not match, you can be sure that something is wrong.
(?) (i) How to verify the download?
The link points up the url
https://www.openoffice.org/download/checksums.html
you can there find some explanations how to check validity of downloaded files. If the checksums does not match, you can be sure that something is wrong.
JJ ∙ https://forum.openoffice.org/pl/
LO (25.2|24.8) ∙ Python (3.12|3.10) ∙ Unicode 16 ∙ LᴬTEX 2ε ∙ XML ∙ Unix tools ∙ Linux (Rocky|CentOS)
LO (25.2|24.8) ∙ Python (3.12|3.10) ∙ Unicode 16 ∙ LᴬTEX 2ε ∙ XML ∙ Unix tools ∙ Linux (Rocky|CentOS)