Malicious versions of FileZilla are spreading
It was bad enough that FileZilla offers SourceForge installers loaded with garbage software that could easily be viewed as malicious software. Junkware such as "Hotspot Shield" are still bundled with some installers offered by Filezilla.
Now, avast has discovered that malicious versions of FileZilla 3.7.3 and 3.5.3 are being spread. "We have noticed an increased presence of these malware versions of famous open source FTP clients", the firm announces.
The fake software is idential except for one point. Any attempt to update the software through the build in update checker will fail. This is most likely to prevent the malware from being overwritten.
Avast uncovered a hidden "stealer" inside of the code, saying, "The algorithm is part of a malformed FileZilla.exe binary, therefore sending stolen log in details which bypasses the firewall. The whole operation is very quick and quiet. Log in details are sent to attackers from the ongoing FTP connection only once. Malware doesn’t search bookmarks or send any other files or saved connections."
The websites distributing these fake copies of FileZilla seem to all be registered in Russia, using a registrar that hides the client information.
FileZilla has placed a warning on its own website, stating "We do not condone these actions and are taking measures to get the known offenders removed. Note that we cannot in general prevent tainted versions on third-party websites or proof their authenticity, especially since the FileZilla Project promotes beneficial redistribution and modifications of FileZilla in the spirit of free open source software and the GNU General Public License."
On a personal note, if they do not condone these actions; then why are they working with SourceForge and bundling software like Hotspot Shield and other unwanted programs? Previously we posted an article by the Gluster Community about this very subject. Perhaps this occurance will help the FileZilla team to improve their own standards.