Fake Download Sites Infect Suckers With Malware
A number of fraudulent SourceForge pages distribute malware.
Hackers have set their sights on a reliable repository for free software by creating a number of dodgy imitator sites. Although they purport to offer region-specific downloads, all they provide is malware.
Even though SourceForge is not a household name, chances are good you've seen it at some point. SourceForge is a fast, safe download site for a number of open-source projects, including browser plug-ins, media players and gaming tools. If you have VLC Media Player, 7-Zip, DOSBox or one of 5 million other free programs, then you've used it.
If you've seen regional variations, like "sourceforgemorocco" or "sourceforgeyemen," however, don't bother. Online hackers have registered a number of SourceForge soundalikes in order to trick everyday users into downloading some fairly serious malware.
The California-based security experts at Zscaler Threat Lab reported that the first fake SourceForge site surfaced on April 5, and pretended to offer a free download of the hit game "Minecraft." Any user who attempted to download files from "hxxp://sourceforgechile.net" ("hxxp" can hide a direct link to a malicious site) would find themselves infected with an insidious Trojan.
The malware — closely related to the ZeroAccess Trojan, which drafts computers into a botnet and infects users with fraudulent ads — would take up residence in the Recycle Bin, and rename its own files fairly innocuous things, like "Desktop.ini." Posing as a Windows service, it would then inundate users with bogus advertisements, and use the computer to spread the malware and infect other machines.
The site came and went once people realized its duplicity, but the hackers behind it decided to try their luck again — at least eight times. Instead of Chile, this round of fake SourceForge addresses pretended to be Palauan, Burmese, Yemeni or even "Indianan" (Zscaler tracked the websites' registration back to the Ukraine, so perhaps the hackers are not aware that Indiana is not its own country). [See also: Denial-of-Service Attack Transformed Into Beautiful Black Hole]
The sites went live last week and have already been taken down, but the hackers tried similar tricks this time around. Two hacked files on offer were an "X-Ray Texture Pack" for "Minecraft" and a pirated copy of "Airport Firefighter Simulator" (yes, this is a real game). Hackers utilized the same ZeroAccess Trojan.
After nine failed attempts, the hackers may just call it quits, but keep an eye out just the same. If you download material from SourceForge, make sure the URL is the standard "SourceForge.net," regardless of which country you're in. While you're at it, steer clear of dodgy game modifications and pirated copies. They're usually full of malware anyway
A word to the wise: There is only one SourceForge website, and it's called SourceForge.net.