back to article Trojan-laden FileZilla clone slurps data, sends it to the UNKNOWN

Cybercrooks have put together a malicious version of popular FTP app FileZilla which works just like the real thing but surreptitiously passes login information to a hacker-controlled server. The evil twin version has the same look and feel as the genuine programme and is clearly designed to mask its suspicious activities, such …

COMMENTS

This topic is closed for new posts.
Silver badge
Paris Hilton

"two extra malicious DLL libraries"

Endorsed by Dr. Evil himself.

More interestingly, don't people check the signatures? Gotta admit that the way code nerds implement this simple software surety often leaves SOMETHING to be desired. Like for it to be actually there....

0
0
Bronze badge
Meh

Of course not

The computer will do it for them, which is why they end up with ask.com tookbar and mywebsearch as their homepage (Other junkware is available).

2
0
Bronze badge
WTF?

So why is it smaller?

I am puzzled about why (with extra libraries) it ends up smaller

0
2

Re: So why is it smaller?

They took out the updating code I would presume.

5
0
Silver badge

Re: So why is it smaller?

Different compiler/optimiser?

2
0
Silver badge

The article clearly states that the miscreants removed all update code to keep it from being replaced for as long as possible.

0
0

Don't people check the signatures

They could easily have doctored the signature on the web page so it wouldn't help much.

1
0
Silver badge
Facepalm

Not a very good show here...

First of all you'll have to forgive me for being a little sceptic when there's originally only one party, Avast in this case, which warns about the whole thing. To be honest I don't really trust most of those "virus vendors" and Avast is one of them.

Even so, you'll have to admit that the FileZilla project themselves makes it way too easy for such a thing to happen. After all, just look at the Official download page. It only features a link to get the program without even bothering to mention something as checksums.

Only if you go to the additional download options do you get a link to the checksums, next to links to all the available platforms.

But shouldn't that link have been featured right on the main download page as well? I don't care that people "are always able to download them"; what if people simply forget and by looking at the link suddenly recall: "Oh yeah, should get the checksum too..."?

There's more to security to provide the means to double check; there's also something as making it as easy as possible for the end users. And that's a bit lacking in this case.

4
5
Anonymous Coward

Runs on Windows

Easy to use, easy to loose.

0
2

This post has been deleted by its author

Bronze badge

Why?

It's a lot easier to hack a website when the sysadmin/webmaster uploads your code for you.

Many security conscious admins use SFTP and FTPS instead of FTP and Filezilla is a convenient client for this for Windows and Linux alike, even though Linux has many other clients generally already built in. It can be used as another crossover feature for an ex-Windows bod.

Does the Linux version have this additional feature?

I'd say this *could* be a big deal for the unwary.

Spamtastic.

Cheers

Jon

0
0
Anonymous Coward

Digital signatures?

I've never understood why they don't sign their installers and executables with a digital signature. It's not hard and a really useful way to trust (or revoke) executable code.

0
2

Double Check

I double check everything by running new files thru www.virustotal.com

Someone else usually has already done the work for me, so I need only to use the cached results and not have the program re-checked which can be time consuming.

0
0
Bronze badge
Flame

What i've never understood

Is why MS doesn't dump installs in their own sub-program folder only and not allow any app to touch the registry (which was one of their biggest f-ups ever). By the same token, MS should have always had their own internal firewall with full control by the user for every in - out - etc. possible

1
1
Silver badge

Re: "full control by the user"

That has always been Microsoft's Achilles heel.

If Win7 is only marginally more secure and stable than XP, it's because user control has been toned down a tiny notch.

Still not enough, but it's a start.

0
0
Anonymous Coward

Default Windoze FileZilla install already contains adware...

The default windows installer for FileZilla already contains adware/malware:

* http://www.gluster.org/2013/08/how-far-the-once-mighty-sourceforge-has-fallen/

* http://blog.l0cal.com/2013/05/02/rethinking-the-vlc-mirrors-infrastructure/

* http://www.gimp.org (see "GIMP Windows Installers move from Sourceforge to ftp.gimp.org")

Who's to say this version isn't somehow blessed by the FileZilla authors as well (probably paid off)...?

0
2
FAIL

"the genuine programme"

Ahem — a "programme" runs on a TV; something which runs on a computer is a "program".

I expect better computer literacy from El Reg than that.

0
0
This topic is closed for new posts.

Forums