I downloaded with the Windows 7 plasma theme for KDE4 from kde-look.org. After activating it, it spawned a flash applet that loaded a bunch of ads and prevented me from using my computer. I had to log out of KDE4.

Nice.

Byte

Please report this to the kde-look.org Administrators ( by convention, likely webmaster@kde-look.org ) so it can be removed.

How lovely.

Can I ask why we don't have security protocols active for knewstuff? Seems silly not to, as this case proves.

Unfortunately, such a thing isn't possible, although a "Bad Download" or so button on GetHotNewStuff probably could help, with it bringing that download to the attention of the administrators.

Damn.

I cannot figure out how the theme launched the flash applet after examining the downloaded files more closely. I was on kde-look.org with konqueror at the same time I downloaded the theme. Maybe it was some sort of web exploit that was on kde-look.org.

Bye

Well, it would make sense to target a KDE-centric site with malware to exploit Konq. As far as I know, despite Kong not being able to handle the more modern techniques, it is still as vulrenble to them.

@ByteEnable: can you please provide a link to the applet in question?

I don't understand this... A theme is just a tarball with SVG files in it, isn't it? And I just tried downloading a theme called, "Windows 7" which had a rating of 29 (nice). Nothing happened. It was just a duplicate of the Oxygen theme. I tried setting it as my theme, still nothing happened.

Very odd...

Correct, a theme is simply a collection of SVG files.

If Konqueror was open at the same time, then what were you doing with it? Can you link this definitely against the content on kde-look?