I have just noticed that Linux Mint page is offline. Apparently they had some problems at the weekend, don't know when its going to be up again:
http://arstechnica.com/security/2016/02/linux-mint-hit-by-malware-infection-on-its-website-and-forum-after-hack-attack/

Mint is one of the most popular distributions (if not the most popular), with its Ubuntu heritage, support by third parties, and more "traditional" user interface.

They exploited a vulnerability in WordPress to replace the links to the Mint Cinnamon 64bit .iso with links to their own compromised one which has a backdoor built-in. Fortunately it was spotted and taken down & alerts were put out very quickly.

I have a few links to some mirrors of the proper versions in case anyone needs them:

http://ftp.heanet.ie/pub/linuxmint.com/stable/17.3/
http://www.mirrorservice.org/sites/www.linuxmint.com/pub/linuxmint.com/stable/17.3/
http://mirror.bytemark.co.uk/linuxmint/stable/17.3/ Mint is one of the most popular Linux distros so it makes sense for scum to target them in order to try to compromise as many users as possible.

I'm glad that I decided to switch back to Ubuntu shortly after Mint publicly announced that their future builds were going to based on the Ubuntu LTS releases. I've settled upon Ubuntu Studio with Mate Desktop and Mint Menu installed for my own personal preference and ease of use. One could also install Cinnamon desktop on a Ubuntu based install for another "Linux Mint like" desktop. The Ubuntu Sources List Generator allows one to quickly add commonly used repositories. Or one could install either Mate or Cinnamon on a Debian base install and tweak repositories with the Debian Sources List Generator for yet another "Linux Mint like" desktop.

The price of success.

Yes indeed. Hope he gets it all fixed soon. Thanks for the mirrors, hopefully he will get it all sorted out soon.

So... you're saying that my recently obtained Rosa version of Mint is compromised. I've downloaded the thing two or three days ago and installed it...

Possibly... the link to the fake .iso was only up for a short time though so maybe not.

If I were you I'd test the checksum of the downloaded .iso & see if it matches the checksum provided officially (check the links to the mirrors I posted above) - if they do then it's fine, if not then you have the fake one. You could also boot into the live environment of the version you obtained and check for /var/lib/man.cy - if it exists then the .iso is fake.

I'd like to do the latter version without going firsthand into Mint itself... so is there any ext4 file explorer made for Windows that I can use to check this?

How-To Geek: 3 Ways to Access Your Linux Partitions From Windows

There are checksum files in the same folder as the images. The file that contains the sha256 sums is signed with gpg. If everybody would check the integrety of the images and the checksum file, there wouldn't be a problem.

I admit that I'm not sure that I've checked the signatures every time…

Man, this sucks big time. I'm hoping they'll make a fast recovery and the revamped Linux Mint website is going to be simpler and more secure.

With all their success and the media attention they've been getting, they've become fair game for any illicit party out there.

Let me know what version you're using and I can give you an md5 of any of my .isos (I've downloaded all versions two days after their release via torrents, so was not affected by any hijacks).

If you don't want to boot the .iso and check there (perfectly safe to do this if you use a VM with networking disabled) then it's better to compare the checksums.

So sad to hear this :( Linux MInt has one of the biggest LInux communities and afaik no commercial company support so this made them a perfect target and it feels scary to know that hackers are turning and eye on linux now :(