back to article Trojan-laden FileZilla clone slurps data, sends it to the UNKNOWN

Cybercrooks have put together a malicious version of popular FTP app FileZilla which works just like the real thing but surreptitiously passes login information to a hacker-controlled server. The evil twin version has the same look and feel as the genuine programme and is clearly designed to mask its suspicious activities, …

COMMENTS

This topic is closed for new posts.
  1. Destroy All Monsters Silver badge
    Paris Hilton

    "two extra malicious DLL libraries"

    Endorsed by Dr. Evil himself.

    More interestingly, don't people check the signatures? Gotta admit that the way code nerds implement this simple software surety often leaves SOMETHING to be desired. Like for it to be actually there....

    1. Captain Scarlet Silver badge
      Meh

      Of course not

      The computer will do it for them, which is why they end up with ask.com tookbar and mywebsearch as their homepage (Other junkware is available).

  2. tony2heads
    WTF?

    So why is it smaller?

    I am puzzled about why (with extra libraries) it ends up smaller

    1. Anonymous Coward
      Anonymous Coward

      Re: So why is it smaller?

      They took out the updating code I would presume.

    2. Cliff

      Re: So why is it smaller?

      Different compiler/optimiser?

    3. Pascal Monett Silver badge

      The article clearly states that the miscreants removed all update code to keep it from being replaced for as long as possible.

  3. thosrtanner

    Don't people check the signatures

    They could easily have doctored the signature on the web page so it wouldn't help much.

  4. Anonymous Coward
    Facepalm

    Not a very good show here...

    First of all you'll have to forgive me for being a little sceptic when there's originally only one party, Avast in this case, which warns about the whole thing. To be honest I don't really trust most of those "virus vendors" and Avast is one of them.

    Even so, you'll have to admit that the FileZilla project themselves makes it way too easy for such a thing to happen. After all, just look at the Official download page. It only features a link to get the program without even bothering to mention something as checksums.

    Only if you go to the additional download options do you get a link to the checksums, next to links to all the available platforms.

    But shouldn't that link have been featured right on the main download page as well? I don't care that people "are always able to download them"; what if people simply forget and by looking at the link suddenly recall: "Oh yeah, should get the checksum too..."?

    There's more to security to provide the means to double check; there's also something as making it as easy as possible for the end users. And that's a bit lacking in this case.

  5. Anonymous Coward
    Anonymous Coward

    Runs on Windows

    Easy to use, easy to loose.

    1. This post has been deleted by its author

  6. Anonymous Coward
    Anonymous Coward

    Why?

    It's a lot easier to hack a website when the sysadmin/webmaster uploads your code for you.

    Many security conscious admins use SFTP and FTPS instead of FTP and Filezilla is a convenient client for this for Windows and Linux alike, even though Linux has many other clients generally already built in. It can be used as another crossover feature for an ex-Windows bod.

    Does the Linux version have this additional feature?

    I'd say this *could* be a big deal for the unwary.

    Spamtastic.

    Cheers

    Jon

  7. Anonymous Coward
    Anonymous Coward

    Digital signatures?

    I've never understood why they don't sign their installers and executables with a digital signature. It's not hard and a really useful way to trust (or revoke) executable code.

  8. gubbool

    Double Check

    I double check everything by running new files thru www.virustotal.com

    Someone else usually has already done the work for me, so I need only to use the cached results and not have the program re-checked which can be time consuming.

  9. earl grey
    Flame

    What i've never understood

    Is why MS doesn't dump installs in their own sub-program folder only and not allow any app to touch the registry (which was one of their biggest f-ups ever). By the same token, MS should have always had their own internal firewall with full control by the user for every in - out - etc. possible

    1. Pascal Monett Silver badge

      Re: "full control by the user"

      That has always been Microsoft's Achilles heel.

      If Win7 is only marginally more secure and stable than XP, it's because user control has been toned down a tiny notch.

      Still not enough, but it's a start.

  10. Anonymous Coward
    Anonymous Coward

    Default Windoze FileZilla install already contains adware...

    The default windows installer for FileZilla already contains adware/malware:

    * http://www.gluster.org/2013/08/how-far-the-once-mighty-sourceforge-has-fallen/

    * http://blog.l0cal.com/2013/05/02/rethinking-the-vlc-mirrors-infrastructure/

    * http://www.gimp.org (see "GIMP Windows Installers move from Sourceforge to ftp.gimp.org")

    Who's to say this version isn't somehow blessed by the FileZilla authors as well (probably paid off)...?

  11. Robert Baker
    FAIL

    "the genuine programme"

    Ahem — a "programme" runs on a TV; something which runs on a computer is a "program".

    I expect better computer literacy from El Reg than that.

This topic is closed for new posts.

Other stories you might like