Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Malformed FileZilla FTP client with login stealer
avast antivirus blog ^ | January 27th, 2014 | Malware Analyst Workforce

Posted on 01/28/2014 10:08:51 AM PST by Utilizer

Beware of malformed FileZilla FTP client versions 3.7.3 and 3.5.3. We have noticed an increased presence of these malware versions of famous open source FTP clients.

The first suspicious signs are bogus download URLs...

Malware installer GUI is almost identical to the official version. The only slight difference is version of NullSoft installer where malware uses 2.46.3-Unicode and the official installer uses v2.45-Unicode. All other elements like texts, buttons, icons and images are the same.

The installed malware FTP client looks like the official version and it is fully functional! You can’t find any suspicious behavior, entries in the system registry, communication or changes in application GUI.

The only differences that can be seen at first glance are smaller filesize of filezilla.exe (~6,8 MB), 2 dll libraries ibgcc_s_dw2-1.dll and libstdc++-6.dll (not included in the official version) and information in “About FileZilla” window indicates the use of older SQLite/GnuTLS versions. Any attempt to update the application fails, which is most likely a protection to prevent overwriting of malware binaries.

(Excerpt) Read more at blog.avast.com ...


TOPICS: Business/Economy; Computers/Internet; Reference
KEYWORDS: downloading; hacking; malware; passwords
More details including screencaps and binary code debugging examples at the website. If you are using or have used FileZilla you need to be aware of this hack. Other downloading utilities should also be closely examined for similar problems.
1 posted on 01/28/2014 10:08:51 AM PST by Utilizer
[ Post Reply | Private Reply | View Replies]

To: Utilizer

Grr...just updated to 3.7.3. My version is clean but it wasn’t all that easy to prove. BTT


2 posted on 01/28/2014 10:16:59 AM PST by Billthedrill
[ Post Reply | Private Reply | To 1 | View Replies]

To: Billthedrill

Yep. I walked through it just to be sure too. Bleh.


3 posted on 01/28/2014 10:18:55 AM PST by Nachum (Obamacare: It's. The. Flaw.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Billthedrill

I feel sorry for those who are not that computer savvy and do not know how to check for and correct from a corrupt version, other than removal and re-installation from a known good version out of a reputable site.


4 posted on 01/28/2014 10:22:00 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Utilizer

I’ll say this with the same aplomb as I do with my coworkers: people still use FTP?

With cloud-based file services and SFTP out there, why would anyone want to continue using a protocol that transmits your uid/pw as clear text?


5 posted on 01/28/2014 10:23:37 AM PST by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer
Bttt.

5.56mm

6 posted on 01/28/2014 10:27:24 AM PST by M Kehoe
[ Post Reply | Private Reply | To 1 | View Replies]

To: rarestia

Meh. You get a guaranteed complete copy of the file you want, even if the download is interrupted for some reason. Like your internet connection goes out -which also defeats your cloud file services. Speaking as someone who does not have internet access at all times, cloud-based services are not reliable enough for critical functions.


7 posted on 01/28/2014 10:32:36 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Utilizer

bookmark


8 posted on 01/28/2014 10:33:45 AM PST by dadfly
[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer

Multipart and parity files are in use across the Internet. Resuming a download is pretty standard anymore. FTP’s only real use anymore is for anonymous file distribution in the case of, say, drivers for hardware, etc.


9 posted on 01/28/2014 10:45:30 AM PST by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Utilizer

“Avoid strange looking websites and portals offering software via their own downloaders or installers”

My favorite advice. Heck, at least half the LEGIT download sites want to use their own damn installable downloader, which I refuse to do btw. I’ll just go elsewhere where I can get a clean download and let them keep their crappy downloaders.


10 posted on 01/28/2014 10:47:06 AM PST by catnipman (Cat Nipman: Vote Republican in 2012 and only be called racist one more time!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rarestia

Filezilla doesn’t just do vanilla FTP. It does SFTP and FTPS as well.

I personally use it to back up my wife’s blog onto my hard drive for easy disaster recovery or sudden webhosting changes.


11 posted on 01/28/2014 10:53:37 AM PST by angryoldfatman
[ Post Reply | Private Reply | To 5 | View Replies]

To: Utilizer; ShadowAce

For your tech Ping list.


12 posted on 01/28/2014 11:09:25 AM PST by CedarDave (Obama - Lord of the LIES!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rarestia
Multipart and parity files are in use across the Internet. Resuming a download is pretty standard anymore.

Oddly enough, when downloading a file using http or https the file gets corrupted when interruptions occur and do not reliably resume the downloads. Needs a complete deletion and restart.

Too, although I am not an expert at it, I am informed that using an ftp service is the least-demanding useage of system resources one can find, thus its continued popularity.

13 posted on 01/28/2014 11:10:27 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 9 | View Replies]

To: rarestia

FileZilla uses SFTP/SSH as well.


14 posted on 01/28/2014 11:11:59 AM PST by dfwgator
[ Post Reply | Private Reply | To 5 | View Replies]

To: catnipman

I generally use download.cnet.com. I don’t trust any others.


15 posted on 01/28/2014 11:13:38 AM PST by dfwgator
[ Post Reply | Private Reply | To 10 | View Replies]

To: angryoldfatman

There’s no doubt it’s one of the most direct methods to get/put data, but vanilla FTP is one of the biggest security holes remaining on the Internet as a whole. SFTP improves on that, but you have to have SSL compatibility on both client and server, which, believe it or not, is not always standard.


16 posted on 01/28/2014 11:15:46 AM PST by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: catnipman
Heck, at least half the LEGIT download sites want to use their own damn installable downloader, which I refuse to do btw.

Agreed, and I do the same. For those sites I either look around the web for somewhere else to download the file or wait until one appears before downloading.

The other types of downloads I worry about are the ones with an ".exe" extension. To be on the safe side, I uncompress them into their constituent directories first and make certain that only the software I need will be installed. For those that will not decompress I simply mark them as being malware and leave them uninstalled.

17 posted on 01/28/2014 11:16:10 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Utilizer

That’s the beauty of MD5 checksums. I generate MD5 checks for all of my uploads, esp. multipart, and I have the receiver check the data integrity. Admittedly it’s a bit more advanced, but it works really well.


18 posted on 01/28/2014 11:18:07 AM PST by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 13 | View Replies]

To: rdb3; Calvinist_Dark_Lord; Salo; JosephW; Only1choice____Freedom; amigatec; Still Thinking; ...

19 posted on 01/28/2014 11:30:19 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer

bttt


20 posted on 01/28/2014 11:31:15 AM PST by bmwcyle (People who do not study history are destine to believe really ignorant statements.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer

M4L


21 posted on 01/28/2014 11:33:07 AM PST by Scrambler Bob ( Concerning bo -- that refers to the president. If I capitalize it, I mean the dog.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: FReepers
Did You Know?

The Current FReepathon Pays For The Current Quarters Expenses?

Please Donate And Keep FR Running


22 posted on 01/28/2014 11:38:04 AM PST by DJ MacWoW (The Fed Gov is not one ring to rule them all)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dfwgator
I generally use download.cnet.com.

SourceForge and Freecode are quite reliable. Some would argue more so.

23 posted on 01/28/2014 11:51:19 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Utilizer

I’m sorry I am so uneducated with computers, but I know my computer has been hacked.. I downloaded FileZilla, but don’t know how to run the program, can anyone help.. I know, I’m an idiot..


24 posted on 01/28/2014 1:36:18 PM PST by carlo3b (Corrupt politicians make the other ten percent look bad.. Henry Kissinger)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Utilizer

Thanks for posting this info. Fortunately, my copy seems to have been unaffected, but I passed this along to other users.


25 posted on 01/28/2014 1:36:33 PM PST by unlearner (You will never come to know that which you do not know until you first know that you do not know it.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: catnipman

“My favorite advice. Heck, at least half the LEGIT download sites want to use their own damn installable downloader,”

Yep. We mostly don’t need sophisticated downloaders any more so what’s up with those? I don’t know nor care. I prefer to download from the developer’s own site whenever possible.


26 posted on 01/28/2014 3:11:44 PM PST by expat1000
[ Post Reply | Private Reply | To 10 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson