what's the deal with sorceforge distributing malware?

Toggle sidebar Toggle sidebar
C

cubby1223

Lifer
May 24, 2004
13,518
42
86
I needed to download filezilla yesterday, and sorceforge wanted to bundle some of those malware programs that "claim" hundreds of things are wrong with your computer, begging you to give your cc number to clean them up, such as System Optimizer Pro came up...

And to throw more salt on the wound, a blog entry from filezilla:

2014-01-28 - Advisory: Malware downloads on third-party websites

As recently published on the avast! blog, modified versions of FileZilla tainted with malware are being distributed on some third-party websites.

This is by no means a new threat. While this instance is one of the largest to date, there have been many cases of modified versions spreading malware hosted on third-party websites for over a decade. We do not condone these actions and are taking measures to get the known offenders removed. Note that we cannot in general prevent tainted versions on third-party websites or prove their authenticity, especially since the FileZilla Project promotes beneficial redistribution and modifications of FileZilla in the spirit of free open source software and the GNU General Public License.

To avoid any risk when downloading FileZilla, we recommend that you only download FileZilla from the official FileZilla website or from SourceForge, the official download partner of FileZilla and many other open source projects.
Click to expand...

*sigh* your own recommended official partner is distributing the malware.

Every other day I'm cleaning up the same set of malware off of someone's computer that can no longer access the internet... conduit, **********, pc/system optimizer pro, search protect...
 
smakme7757

smakme7757

Golden Member
Nov 20, 2010
1,487
1
81
Click "Direct Link" instead of waiting for the timer and you get the actual FileZilla setup file from sourceforge.

The "Downloader" isn't really malware, it's just adware giving you options to download Winzip and other stuff like that. I've never had it tell me i need to fix problems and crap like that.

I guess they are doing it to make some extra cash.

But yea, click "Direct Link" to get the actual setup file.
 
lxskllr

lxskllr

No Lifer
Nov 30, 2004
59,395
9,921
126
It should be standard practice to provide SHA1 sums, and/or sign binaries with GPG. That way you know you know what you're getting hasn't been monkeyed with.
 
PliotronX

PliotronX

Diamond Member
Oct 17, 1999
8,883
107
106
Cnet is kinda sneaky in that way too. Most free download sites have the actual download link in tiny hard to read print or by default have the option checked to "download with manager" where the filth gets on. I cannot count how many HD video players, optimizers, rogue anti malware, game downloaders etc I have removed from various systems.
 
B

bononos

Diamond Member
Aug 21, 2011
3,928
186
106
Sourceforge has moved on to the adware model. I think one popular project quit SF because of this.
 
corkyg

corkyg

Elite Member | Peripherals
Super Moderator
Mar 4, 2000
27,370
239
106
For a week, I was getting notices of PUPs. After a few days, MBAM premium was no longer able to quarantine them. It really got bad last Saturday,and suddenly my OS (XP Pro) needed to be activated. In another hour it was un bootable. I tried a backup HDD, and it too became unbootable.

Yeah, PUPs per se are not malware, but they are capable of providing a path for bad things. The good news was, this forced me to completely cast XP aside. My data was all safe on two RAID1 HDDs. I moved it to a newer faster Win 7 machine and by Sunday, was back up and running. I then had to move the Win 7 machine to my main corner setup, and install a scanner, laserjet, Dymo printer, and several other USB devices. In about an hour it was all done and working.

So, thank you PUPs, you forced me to take action. :)

P.S. - After the dust cleared, I got this info from MBAM directly:
http://blog.malwarebytes.org/malvertising-2/2014/07/a-cunning-way-to-deliver-malware/
 
Last edited:
ViRGE

ViRGE

Elite Member, Moderator Emeritus
Oct 9, 1999
31,516
167
106
The program is called DevShare, and it's a program created by SourceForge to allow developers to monetize their software.

http://en.wikipedia.org/wiki/SourceForge#DevShare_adware_controversy
http://sourceforge.net/blog/devshare-relaunch-power-to-end-users/
http://www.reddit.com/r/technology/comments/1jk1gz/sourceforge_starts_using_enhanced_adware/
https://forum.filezilla-project.org/viewtopic.php?t=30240

DevShare is optional, and a software developer needs to purposely enable it to get adware bundled with their software. FileZilla is probably the most well known piece of SourceForge-hosted software to use this program, though it is not the only one.
 
KillerBee

KillerBee

Golden Member
Jul 2, 2010
1,750
82
91
I can see developers needing the money to support themselves

but Oracle / Java updates with their default install Ask Toolbar
I hope Oracle isn't hurting for money
 
corkyg

corkyg

Elite Member | Peripherals
Super Moderator
Mar 4, 2000
27,370
239
106
I don't think Larry's yacht is for sale. :)
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom