logo_square

Possible malware attack by EmEditor Update Checker

Dear EmEditor user,

We have found malicious files were placed in a subfolder of the EmEditor website, and we estimate these files were placed by a hacker between 6:36 am and 11:20 am on August 18th in the Pacific Daylight Time (USA and Canada), or between 1:36 pm and 6:20 pm on August 18th in the UTC. If a user uses EmEditor Update Checker from one of certain IP addresses, a malicious program, not EmEditor, might have been installed. The IP addresses are:

For the following list, * represents any number between 0 and 255. All 256 numbers between 0 and 255 are IP addresses in question.

12.44.85.*
12.189.27.*
12.233.153.*
42.147.69.*
49.101.250.*
61.211.224.*
63.119.133.*
64.102.249.*
64.235.145.*
64.235.151.*
66.129.241.*
77.248.69.*
86.111.221.*
106.139.26.*
106.188.131.*
114.160.192.*
118.103.17.*
118.238.0.*
124.248.207.*
133.6.1.*
133.6.91.*
133.6.94.*
133.56.0.*
133.74.211.*
133.173.2.*
150.26.82.*
173.36.196.*
173.38.209.*
182.162.60.*
188.111.86.*
194.98.194.*
198.135.0.*
199.167.55.*
203.104.128.*
203.180.164.*
204.15.64.*
209.97.118.*
210.17.188.*
210.172.128.*
210.174.36.*
210.224.179.*
216.228.150.*
219.195.174.*

For the following list, # represents a number between 0 and 255, but only one number represents the IP address in question. To protect users’ privacy, the actual IP address is hidden by #. If your IP address is included in this list, please contact us at jp@emurasoft.com with your IP address, and we will let you know your IP address is included.

12.234.38.#
61.202.251.#
101.110.12.#
101.110.14.#
101.110.15.#
101.111.185.#
108.28.100.#
117.103.185.#
118.159.230.#
118.159.235.#
124.85.138.#
126.205.203.#
133.6.76.#
153.163.255.#
180.0.96.#
180.6.227.#
202.7.107.#
202.62.253.#
206.13.28.#
210.148.24.#
210.164.30.# (2 IP addresses)
210.169.198.#
210.175.75.#
210.233.113.#
210.237.143.#
211.7.234.#

If your IP address is included in any of the above lists, and if you use the Update Checker of EmEditor during the above time frame, there is a possibility that your computer might have been infected by a virus. If so, please use anti-virus software to clean your computer.

To check your IP address, please go to www.google.com, enter “My IP”.

Currently, our server hosting company is scanning the whole website. As soon as the scan is completed, we plan to resolve the issue completely by all means.

We will keep you informed of our progress. If we cannot get access to our website, we might use Twitter, Google+, or Facebook to make announcements.

We apologize for any inconveniences that this situation might have caused you.

 

Share with friends... Tweet about this on TwitterShare on FacebookShare on Google+Email this to someone
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply