Beware with Sourceforge.net and Windows OS

Come here to discuss FileZilla and FTP in general

Moderator: Project members

Post Reply
Message
Author
Perberos
500 Command not understood
Posts: 3
Joined: 2008-10-20 02:41

Beware with Sourceforge.net and Windows OS

#1 Post by Perberos » 2015-04-29 10:56

Sorry about my English.

Today I just downloaded the Filezilla Client and It contains a Trojan, detected with my Common Sense 2015 (I forgot to update it, so it detect the Trojan after I installed it... Oops)

So I wonder WHAT HAPPENS! Looked the web page, clicked download, and it redirect to sourceforge. But something happens to the page.

http://imgur.com/9dT3NnR

The link was changed. It seems like an Ad inject code and set a custom HTML instead of the "FileZilla. Your download will start in 2 seconds... Problems with the download? Please use this direct link, or try another mirror.". The problem do not happens on GNU/Linux.

It is just a WARNING. Greetings.

User avatar
boco
Contributor
Posts: 24719
Joined: 2006-05-01 03:28
Location: Germany

Re: Beware with Sourceforge.net and Windows OS

#2 Post by boco » 2015-04-29 11:32

Sourceforge has been sold out, you got the 'gift-wrapped' (read:Adware) installer. You might want to take a look at the additional download options on the FileZilla download page.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Perberos
500 Command not understood
Posts: 3
Joined: 2008-10-20 02:41

Re: Beware with Sourceforge.net and Windows OS

#3 Post by Perberos » 2015-04-29 12:34

I just format the hdd, burned the PC and buried under ground.
But I've noticed that if the download button is not pressed, the correct file will be downloaded.

User avatar
boco
Contributor
Posts: 24719
Joined: 2006-05-01 03:28
Location: Germany

Re: Beware with Sourceforge.net and Windows OS

#4 Post by boco » 2015-04-29 13:06

### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

zoogs
500 Command not understood
Posts: 4
Joined: 2015-04-13 16:07

Re: Beware with Sourceforge.net and Windows OS

#5 Post by zoogs » 2015-04-29 16:50

That's a funny article. Google's "strictest standards" must not be very strict. Dressing on a pig, eh?

FileZilla is a partner in this program. According to that post, it was its largest partner as of 2013.

There are software offerings on SourceForge that don't use or try to even push their adware-laden installer. FileZilla does not choose to go this route because they want the partnership deal. I recognize that open source developers are being put in this position by SF and it's a shame. I also think it's a shame FZ, knowing full well what the effects on thousands of naive users is and what SF is doing, continues to choose the kickback.

TLDR -- it isn't just SourceForge that sold out. FZ has to take ownership here. It is their decision to play along, and not everyone who offers their software on SourceForge has.

Novus
500 Command not understood
Posts: 1
Joined: 2015-05-04 12:19

Re: Beware with Sourceforge.net and Windows OS

#6 Post by Novus » 2015-05-04 12:35

I can confirm that a Trojan, Hihavavov_us.exe, was installed on my workstation as a result of updating FileZilla using the SourceForge installer. This reflects poorly on the FileZilla Project as you have selected SourceForge to represent you. You need to take ownership of this and fix this problem.

I know others have mentioned to make use of different download options. I have searched the FileZilla website and have no found an obvious place to avoid using SourceForge. Let me know where this is on the site.

User avatar
boco
Contributor
Posts: 24719
Joined: 2006-05-01 03:28
Location: Germany

Re: Beware with Sourceforge.net and Windows OS

#7 Post by boco » 2015-05-04 13:40

You cannot avoid Sourceforge but you can avoid the Adware installer. Just use the 'Show additional download options' link, then download.

Alternatively, use an extension like NoScript and block Javascript for Sourceforge and all connected sites (like fsdn.com).
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Post Reply