Fake SourceFourge Web Site Delivers Malware
The site, which was registered in the U.S. on April 5, is designed to trick victims into thinking they're downloading files from the real SourceForge.
The site was registered in the U.S. on April 5, 2013, and is hosted in the Ukraine.
One sample of malware on the site, disguised as a Minecraft download, is related to the ZeroAccess Trojan. According to the researchers, the malware hides itself in the Recycle Bin, disguises dropped files with names like Desktop.ini, registers istelf as a Windows service, injects code in other threads and DLLs, opens and listens to a port, and connects to about 20 IPs over port 16471.
"As usual, be very careful about the files you download and run," writes Zscaler senior security researcher Julien Sobrier. "In this case, ensure that you're downloading content from the official SourceForge site, not a clone."