Monday, March 25, 2013

Alert: Sourceforge.net download infected computer with AVASoft Professional Antimaware malware program plus additional malware.

It has been years since I’ve infected my own computer. You’d think as an IT support person it shouldn’t happen but I thought I’d share the story as a warning to others.

I wanted to save a YouTube video (of an ad) for experimentation. I did a search and came up with a program in Soureforge. I’d used Sourceforge in the past without problems and felt fairly confident things should be OK. I downloaded the program from sourceforge<dot>net<slash>projects<slash>ytd<slash> which came as a zip file ffd20.zip. The zip file contains a Java program which I ran. When the program ran a page opened in Internet Explorer and the malware AVASoft Professional Antimalware program installed itself. This shows how easy it is to infect your computer. All that was required was to run the program which did not appear to contain malware but which then subsequently without any user interaction infected the computer.
 

For me is an inconvenience and a nuisance. But at least I can fix the problem given time. The problem is others do the same and can’t fix their computer so it ends up costing money to repair their computer, creates considerable grief and wastes a considerable amount of time. I’ve seen quite a few people tricked by fake antivirus programs and some people have also paid money for the program to repair their computer. The program doesn’t repair the computer. It is just a scam.

Effective immediately I would recommend people stay away from Sourceforge.net to download programs. Don’t take the risk.

The program I used has been downloaded 2,040 times and recommended 160 times. The scanning I did on the program doesn’t report any malware (which included 48 antivirus programs including all the commonly used antivirus programs) but I suspect it is when the program runs it opens a web page which had malware installed. This creates what is known as a drive-by infection where opening a page infects a computer.

Effective immediately do not trust Sourceforge.net if you are looking to download a program.
 
Kelvin Eldridge
Online Connections
Call 0415 910 703 for computer advice and support.
 

2 comments:

  1. Great post Kelvin. It can be extremely frustrating to get malware infested on your computer, there is no reason why we should have to pay additional costs to get it fixed when there is free information available to avoid said costs. Thanks for sharing the information. Hopefully it will help others avoid the attack that happened to you.

    ReplyDelete
    Replies
    1. Hi Charles,

      A bit disappointed with your comment, not because of the comment, but it appears you're blog spamming.

      I see that you freelance for TrendMicro and your name is used to link back to TrendMicro's site.

      Normally I wouldn't release this type of comment because I believe the main intent is to promote TrendMicro with the link. You shouldn't blog spam other people's blogs and if TrendMicro is behind this then shame on them.

      I've installed dozens of TrendMicro products on clients' machines in the past and removed TrendMicro products from all my client machines as I found their products weren't very good. As you say why pay for a product when there are better free products that I advise my clients to use.

      Disappointed in you Charles.

      Kelvin

      Delete

Note: Only a member of this blog may post a comment.