See also: Malformed FileZilla FTP client with login stealer http://blog.avast.com/2014/01/27/malformed-filezilla-ftp-client-with-login-stealer/
FileZilla still being hosted at http://sourceforge.net/ still infects with Trojan http://www.virusradar.com/en/Win32_Injected.E/description
Do you mean that filezilla at sf is also the one with the trojan? Or that spinoffs of the original - hosted not at sf - are the ones with the trojan. Mrk
Actually it's not a trojan. There are two download links for FileZilla at SourceForge. The second link is for the original unmodified installer. The main download link downloads a program called SourceForge Download Manager. It is basically the same concept that download.com is using. It will download the original installer for FileZilla and give you the option to install it. It also however, offers to optionally download and install two 3rd party programs. It needs to be noted, that if you click Decline on both the 3rd party offers, then only FileZilla will be downloaded and installed. Like I said, download.com has similar installer, and also quite a few software publishers are using OpenCandy to provide optional 3rd party offers. Also, with either installer, you will get the original FileZilla, not the malicious modified version.
As best as I can determine, what "S/F" is hosting still has an adware wrapper as whatever is attempted to download flags something on my A|V. Findings from a previous issue: http://www.dslreports.com/forum/r28803216-Sourceforge-Drives-off-Downloads I have nothing else to report at this time.
When I got to sf and try to download fz, I get the standard fz binary without any adware thingie. So I am not sure how and why the discrepancy. I also read the dslreports thread, and I don't see anything of that sort. Could be regional targetting? If you go here and click on the green thingie: http://sourceforge.net/projects/filezilla/ What do you see? I see filezilla_3.7.3_....exe And accordingly to your original report, the binary itself was the compromised one, so your previous post also indicates the same thing, but I guess it is not the case then? It is important to separate the possibilities, because there's a big difference: FZ binaries on SF are clean BUT bundle installer offers adware? FZ binaries on SF are trojaned? Something else? Mrk
This is not the original installer. As I explained in my previous post, it is a downloader, which will download and run the original FileZilla installer, but also offers two 3rd party programs, which will also be downloaded and installed, unless you click Decline on both of them. Underneath the green download button, is a link title Direct Download. This link is for the original installer with nothing else bundled. Both downloads have the same file name, but different icons as you can see in this screenshot The first download is the original installer. Here are screenshots of Sourceforge's downloader: If you click on the Decline buttons on the second two screens, then the 3rd party software will not be downloaded. The actual extra software offered, will no doubt change from time to time. No matter which installer you use, you get the original unmodified FileZilla. SourceForge's downloaded gets flagged by some AV software because it can install extra software, just like many AVs detect OpenCandy. I hope this helps. Roger
For me, if I click on the green one, the download offers the 4.7MB file. The same thing for the direct download thingie. So I wonder, regional stuff? Cheers, Mrk
@Mrkvonic, go to this page: https://sourceforge.net/projects/filezilla/files/ And see whether you have "Direct Download Link: On" or "Direct Download Link: Off". If it the former, I *think* that may be why you are not getting the stub installer. Or maybe its something else.
Figured it, the reason is Noscript. This is what I get: The interactive file manager requires Javascript. Please enable it or use sftp or scp. You may still browse the files here. Looking for the latest version? Download FileZilla_3.7.3_win32-setup.exe (4.8 MB) So there's a completely unrelated reason for Noscript. Block moronware. Mrk
Fileszilla stable is at 3.7.4.1. I always start from here, which takes me to the direct link page without any other download buttons.. Al
Regardless of what link I point at and thanks to those that have offered alternative ways of fetching this software - my AV still flags the download. (see screenshot)
ESET only detects SourceForge's downloader - it does not detect the original installer. I just scanned both the downloader and original installer (which I also downloaded from SourceForge) at VirusTotal, and only the downloader was detected by ESET. If you click on the "Direct Download" link you will get the original installer. Edit: My next post explains what is going on.
I just looked again at your screenshot and I can see the problem. ESET is detecting the url "ids.sourceforgecdn.com", and blocking the download, rather than letting the file download and then detecting it. This is an issue you might want to report to ESET, since it blocking the download of the original installers of software and not just the download of SourceForge's downloader. It is things like this that make me avoid website blocking of any kind.
Thanks for your feedback and observations, Roger. ESET is aware of this and it is currently under investigation. Regards,
The maker of Filezilla refuses to stop his official Filezilla website from linking to file hosts which bundle in pernicious, damaging and virtually impossible to remove browser hijacking malware such as "driver restorer", "reimage repair" and "astromenda" etc. Adware is awful but a software engineer who permits malware infection should be banned. I can never recommend Filezilla, the real cost in lost time and hassle is too great. The complaints at Filezilla's forum and the 1-star reviews at SourceForge are stacking up. Can anyone recommend a secure, malware-free FTP Server and Client solution?
Astronmenda may be an exception, but both Reimage Repair and Driver Restore are absolutely not malware, and are safe to use. They also come with uninstallers, so can easily be removed. I'm not happy about extra being bundled with installers eithers. But, it is important to note that almost always the 3rd party software installed is not malicious in any way, and can be considered a nuisance if you didn't want it installed, but not harmful.
