Cybercrooks have put together a malicious version of popular FTP app FileZilla which works just like the real thing but surreptitiously passes login information to a hacker-controlled server. The evil twin version has the same look and feel as the genuine programme and is clearly designed to mask its suspicious activities, such …
"two extra malicious DLL libraries"
Endorsed by Dr. Evil himself.
More interestingly, don't people check the signatures? Gotta admit that the way code nerds implement this simple software surety often leaves SOMETHING to be desired. Like for it to be actually there....
Of course not
The computer will do it for them, which is why they end up with ask.com tookbar and mywebsearch as their homepage (Other junkware is available).
So why is it smaller?
I am puzzled about why (with extra libraries) it ends up smaller
Re: So why is it smaller?
They took out the updating code I would presume.
Re: So why is it smaller?
The article clearly states that the miscreants removed all update code to keep it from being replaced for as long as possible.
Don't people check the signatures
They could easily have doctored the signature on the web page so it wouldn't help much.
Not a very good show here...
First of all you'll have to forgive me for being a little sceptic when there's originally only one party, Avast in this case, which warns about the whole thing. To be honest I don't really trust most of those "virus vendors" and Avast is one of them.
Even so, you'll have to admit that the FileZilla project themselves makes it way too easy for such a thing to happen. After all, just look at the Official download page. It only features a link to get the program without even bothering to mention something as checksums.
Only if you go to the additional download options do you get a link to the checksums, next to links to all the available platforms.
But shouldn't that link have been featured right on the main download page as well? I don't care that people "are always able to download them"; what if people simply forget and by looking at the link suddenly recall: "Oh yeah, should get the checksum too..."?
There's more to security to provide the means to double check; there's also something as making it as easy as possible for the end users. And that's a bit lacking in this case.
Runs on Windows
Easy to use, easy to loose.
It's a lot easier to hack a website when the sysadmin/webmaster uploads your code for you.
Many security conscious admins use SFTP and FTPS instead of FTP and Filezilla is a convenient client for this for Windows and Linux alike, even though Linux has many other clients generally already built in. It can be used as another crossover feature for an ex-Windows bod.
Does the Linux version have this additional feature?
I'd say this *could* be a big deal for the unwary.
I've never understood why they don't sign their installers and executables with a digital signature. It's not hard and a really useful way to trust (or revoke) executable code.
I double check everything by running new files thru www.virustotal.com
Someone else usually has already done the work for me, so I need only to use the cached results and not have the program re-checked which can be time consuming.
What i've never understood
Is why MS doesn't dump installs in their own sub-program folder only and not allow any app to touch the registry (which was one of their biggest f-ups ever). By the same token, MS should have always had their own internal firewall with full control by the user for every in - out - etc. possible
Re: "full control by the user"
That has always been Microsoft's Achilles heel.
If Win7 is only marginally more secure and stable than XP, it's because user control has been toned down a tiny notch.
Still not enough, but it's a start.
Default Windoze FileZilla install already contains adware...
The default windows installer for FileZilla already contains adware/malware:
* http://www.gimp.org (see "GIMP Windows Installers move from Sourceforge to ftp.gimp.org")
Who's to say this version isn't somehow blessed by the FileZilla authors as well (probably paid off)...?
"the genuine programme"
Ahem — a "programme" runs on a TV; something which runs on a computer is a "program".
I expect better computer literacy from El Reg than that.
- DAYS from end of life as we know it: Boffins tell of solar storm near-miss
- Put down that Oracle database patch: It could cost $23,000 per CPU
- Bose says today IS F*** With Dre Day: Beats sued in patent battle
- The END of the FONDLESLAB KINGS? Apple and Samsung have reason to FEAR
- Review Porsche Panamera S E-Hybrid: The plug-in for plutocrats