Fake SourceFourge Web Site Delivers Malware


Zscaler researchers recently found malware hosted at sourceforgechile.net, which appears to have been set up as a malicious version of SourceForge (h/t Help Net Security).

The site was registered in the U.S. on April 5, 2013, and is hosted in the Ukraine.

One sample of malware on the site, disguised as a Minecraft download, is related to the ZeroAccess Trojan. According to the researchers, the malware hides itself in the Recycle Bin, disguises dropped files with names like Desktop.ini, registers istelf as a Windows service, injects code in other threads and DLLs, opens and listens to a port, and connects to about 20 IPs over port 16471.

"As usual, be very careful about the files you download and run," writes Zscaler senior security researcher Julien Sobrier. "In this case, ensure that you're downloading content from the official SourceForge site, not a clone."