It was downloaded from Filezilla webpage (not a third party) and 'client' was chosen. His IT guy discovered it had a lot of malware attached.
#Filezilla ftp client malware install#
It is highly recommended that you only install FileZilla directly from the project’s own site or from SourceForge, where it is also hosted. A client of mine loaded Filezilla - most recent version on his new computer. The site gives instructions for checking the version you have installed. Note that we cannot in general prevent tainted versions on third-party websites or proof their authenticity, especially since the FileZilla Project promotes beneficial redistribution and modifications of FileZilla in the spirit of free open source software and the GNU General Public License". The websites distributing these fake copies of FileZilla seem to all be registered in Russia, using a registrar that hides the client information.įileZilla has placed a warning on its own website, stating "We do not condone these actions and are taking measures to get the known offenders removed. Malware doesn’t search bookmarks or send any other files or saved connections", Avast concludes. Filename: FileZilla3.40.0win64-setupbundled.exe. I am not sure if this was downloaded from an approved mirror so I am just putting this out there to submit on your own if you ever plan on installing this. Log in details are sent to attackers from the ongoing FTP connection only once. Just received alerts based on a recent Filezilla install regarding bundled malware. The whole operation is very quick and quiet. "The algorithm is part of a malformed FileZilla.exe binary, therefore sending stolen log in details which bypasses the firewall. After deep analysis, the researchers found code hidden within the real open source code designed to add a stealer to the app. Security outfit Avast says its noticed an increase presence of malware infested FileZilla FTP clients, most often affecting versions 3.5.3 and 3.7.3 (the latter of which is the most current version).
0 kommentar(er)
