Malware served from filezilla-project.org/download.php

Come here to discuss FileZilla and FTP in general

Moderator: Project members

Post Reply
Message
Author
TomasPionect
500 Command not understood
Posts: 1
Joined: 2014-09-11 14:37
First name: Tomas
Last name: van Rijsse

Malware served from filezilla-project.org/download.php

#1 Post by TomasPionect » 2014-09-11 14:46

Yesterday I got the message from FileZilla (v3.9.0.3) about an update to fix the auto updater.
So I came to the website to download the new version but my AV alerted that I was about to download malware.

Image

I thought it would be something that would be fixed in a day but just found out it's still there.

It seems that when I'm on the download page on /download.php and click on the big green SourceForge button I get the malware.
That button links to http://sourceforge.net/projects/filezil ... urce=accel

But when I go to the page with 'Additional version' and click the same 3.9.0.5_win32-setup.exe I dont get the malware.
The link then happens to be http://sourceforge.net/projects/filezil ... oad?nowrap

If I ignore the AV alerts and download the file anyway you can see the difference
Image

My guess is that the sourceforge button is changed and the Filezilla website is compromised.

Arith
504 Command not implemented
Posts: 10
Joined: 2014-05-07 11:49

Re: Malware served from filezilla-project.org/download.php

#2 Post by Arith » 2014-09-11 16:49

I thought it would be something that would be fixed in a day but just found out it's still there.

It seems that when I'm on the download page on /download.php and click on the big green SourceForge button I get the malware.
That button links to http://sourceforge.net/projects/filezil ... urce=accel

But when I go to the page with 'Additional version' and click the same 3.9.0.5_win32-setup.exe I dont get the malware.
The link then happens to be http://sourceforge.net/projects/filezil ... oad?nowrap
Actually it's a little more sinister than that. The author of Filezilla is getting kickback from that malware. "Advertising" they call it. Sourceforge offered this deal to a few people to make some extra coin. So, to maximize this, he's hidden the clean download as you have eventually found. Then puts the dirty install up from and center with bright green buttons and whatnot to funnel anyone who doesn't know any better to the infected installer.

Here's a surefire way to eliminate this problem: Don't use Filezilla.

asloane
500 Command not understood
Posts: 2
Joined: 2007-09-10 08:06

Re: Malware served from filezilla-project.org/download.php

#3 Post by asloane » 2014-09-12 20:23

The Filezilla-related Malware suite is being mentioned on the Filezilla forum, Virustotal and other websites. Are Filezilla prepared to risk their loyal user base being infected with malware?

Today, one of my users, upon my trusted advice, downloaded and started to install Filezilla via a link on
https://filezilla-project.org/download.php?type=client
which lead to Sourceforge. Which then started a messy cascade of malware infections which broke their Firefox, redirected their webpages and disabled their Firefox Help menu (thereby preventing a clean restart).

A small file KB had been download via Sourceforge from a known malware spreading site:
http://cdn.sfrgfiles.com/?ic_user_id=128
This file was then followed by the Filezilla Client 5.77MB

The Filezilla malware issue is being tracked, see:
http://www.herdprotect.com/filezilla_3. ... 029d8.aspx
https://www.virustotal.com/en/url/1b635 ... 410534298/

The user reported webpages/popups related to "driver restorer", "reimage repair" and "astromenda". Uninstalling "driver restorer" seemed to cause more malware to be installed or at least to follow the first infection.

Investigating the issue took a full hour and many more hours of advice and tech support to start the disinfection process. The system may still not be clean.

I am surprised that Filezilla and SourceForge would subject their users to such malware. The consequences are immense. Like others I will be looking for another FTP program even though Filezilla's Client and Server have been my recommendation for 10 years.

General information about uninstalling browser malware can be found (but is not guaranteed to fix the issue especially when the browser has been crippled by malware that it cannot be simply reset) here:
http://malwaretips.com/blogs/ads-panora ... t-removal/

jaredean
500 Command not understood
Posts: 1
Joined: 2014-09-12 22:39
First name: jared
Last name: dean

Re: Malware served from filezilla-project.org/download.php

#4 Post by jaredean » 2014-09-12 22:44

unbelievable. I have used Filezilla for over 10 years and have LOVED it...but i just recently downloaded it and noticed a new installer routine. I explicitly DECLINED any sort of extra software and still ended up with multiple pieces of malware/crapware/virus' like software...how in the world can such and amazing piece of software be bundled with such horrible add ons? I PROMISE i declined the one i saw because i remember being surprised at being asked to install something else. Didn't matter, it still installed at least two things that i've found so far. I spent all night last night doing an OS clean install on this laptop. What a waste. I'd rather pay for FileZilla (easily the BEST FTP software out there) than deal with this...why not give that option?

jared

beegee72
503 Bad sequence of commands
Posts: 21
Joined: 2014-10-24 12:04

Re: Malware served from filezilla-project.org/download.php

#5 Post by beegee72 » 2014-10-29 15:02

Sourceforge can no longer be trusted as a reliable download source. Better to use the direct download link than the "recommended" one. Note that the recommended link on this site also leads to the malware download.

User avatar
botg
Site Admin
Posts: 31475
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Malware served from filezilla-project.org/download.php

#6 Post by botg » 2014-10-31 21:17

While the SourceForge Installer may present third-party offers, they are clearly labeled as such. All third-party offers can easily be declined.
Nothing unwanted is being installed without your consent. Declining offers does not prevent nor otherwise disturb the installation of FileZilla.

If you do not wish to use the SourceForge installer, have a look at the additional download options listed on the FileZilla website.

beegee72
503 Bad sequence of commands
Posts: 21
Joined: 2014-10-24 12:04

Re: Malware served from filezilla-project.org/download.php

#7 Post by beegee72 » 2014-11-26 22:23

botg wrote:While the SourceForge Installer may present third-party offers, they are clearly labeled as such.
No, they are not. If they were clearly labeled as such, all these people wouldn't complain about accidentally installing them.

Post Reply