When Johannes mentioned on the Stormcast that 3CX’s trojanized installer was blocked by Google Chrome, I remembed a feature I don’t often use.
Here you see the blocked 3CX installer download blocked in Chrome:
Your only option is to click Discard (the up-arrow symbol offers no extra options).
But if you have this Discard option, then you can unblock the download in the Download Tab (menu entry Downloads):
And there you have the option to keep the file:
You have to confirm:
And then you can get the file from your Downloads folder (or whatever folder you selected).
This doesn’t work for malware detected by an anti-virus (then you have no Discard option), like the EICAR file:
I rarely use this trick, because I usually download malicious or suspicious files from the command-line.
But sometimes when I have to use a browser (in a sandbox), I will use this feature.
Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
