The Latest in IT Security

Fake SourceForge site distributes malware

18
Apr
2013

We spotted malware hosted on hxxp://sourceforgechile.net/ a couple of days ago. The website is not currently responding, but appears to been set up as a fake and malicious version of the popular open-source hosting site SourceForge.

sourceforgechile.net was registered on 04/05/213 in the US and is hosted in the Ukraine.

One of the malicious files downloaded was hxxp://sourceforgechile.net/minecraft_1.3.2.exe. Minecraft is a proprietary game with a significant following. Many open-source projects related to the game are hosted on SourceForge.

This file is a pretty nasty piece of malware:

  • It hides itself in the Recycle Bin
  • It disguises dropped files with names like Desktop.ini
  • It registers itself as a Windows service
  • It injects code in other threads and DLLs
  • It opens and listens to a port
  • It connects to about 20 IPs over port 16471
  • etc.

This malware is related to the ZeroAccess trojan. The malware makes money by clicking on ads (click fraud) and using the infected PC as part of a wider botnet (zombie PC).

You can get the VirusTotal report here. The detection rate among AV vendors has gone up in the past week, it is now flagged by most vendors.

As usual, be very careful about the files you download and run. In this case, ensure that you’re downloading content from the official SourceForge site, not a clone.

Leave a reply


Categories

FRIDAY, JULY 19, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks