Downloading from SourceForge? Official links deliver fakes also

vbimport

#1

We’ve just posted the following news: Downloading from SourceForge? Official links deliver fakes also[newsimage]http://static.myce.com/images_posts/newsitem_small.jpg[/newsimage]

A video demonstration showing how various attempts to download FileZilla resulted in a download of an Adware wrapped installer instead of the FileZilla setup package.

            Read the full article here: [http://www.myce.com/news/downloading-from-sourceforge-official-links-deliver-fakes-also-76749/](http://www.myce.com/news/downloading-from-sourceforge-official-links-deliver-fakes-also-76749/)

            Please note that the reactions from the complete site will be synched below.

#2

Gee, I thought it was just me…?

I downloaded a fresh copy of Clonezilla yesterday and got some piece of garbage that I didn’t want along with it…


#3

I only use Opera Beta most of the time & it is Chrome based so I haven’y had any problems with Downloading from SourceForge .
I always scan any download I get usually with Avast & MBAM.
Sometimes with Spybot S&D as well & I do have one more that I don’t keep active that I can scan with.
I also scan a “zip” type download twice . Once packed & once more when unpacked.

I haven’t tried to download Filezilla or Clonezilla (lately).


#4

I guess the scumbags are winning the battle for the internet. :doh:


#5

Somehow, I get the feeling that if Firefox users mask spoof their user agent, so as to make themselves look like GNU/Linux users, they will get real downloads (although they will have to make sure they download the Windows versions of their programs, assuming they use Windows).


#6

Your are indeed correct TSJnachos117. :iagree:

When I spoof Firefox for Linux, it gave me the .tar.bz2 package for Linux by default, however, when I browsed for the Windows package, it gave me the proper package.

I then tried other user agents and interestingly the Googlebot user agent seems to do the trick nicely as it gives me the proper Windows package by default. It seems like they don’t want Googlebot spotting its Adware installer.

Once the download starts, I just switch off the user agent overrider and continue surfing on as normal.

I posted a follow-up article to show this in action.


#7

Opera Beta did the download with no extra steps & had no adware.
VirusTotal showed no adware.


#8

I thought I’d update this post after noticing that FileZilla cheekily changed how it delivers its bundled download.

Its SourceForge links now appear to be the proper installer, while the direct link on its website includes the Web Companion adware.

From a quick check in Sandboxie, the bundled installation is quite sneaky. On the second screen it brings up the ‘Offer’ screen. If ‘Next’ clicked without ticking the decline offer option, it silently installs the adware immediately even though there are a few more screens to reach the ‘Install button’:



#9

Luckily, the FileZilla guys offer this link https://filezilla-project.org/download.php?show_all=1 after having clicked “Show additional download options” which is of course not that prominent as the big “Download Now” button. :Z

Nevertheless, this is ugly. And it does not seem to be a sourceforge-only issue as the thread title suggests.