I wanted to save a YouTube video (of an ad) for experimentation. I did a search and came up with a program in Soureforge. I’d used Sourceforge in the past without problems and felt fairly confident things should be OK. I downloaded the program from sourceforge<dot>net<slash>projects<slash>ytd<slash> which came as a zip file ffd20.zip. The zip file contains a Java program which I ran. When the program ran a page opened in Internet Explorer and the malware AVASoft Professional Antimalware program installed itself. This shows how easy it is to infect your computer. All that was required was to run the program which did not appear to contain malware but which then subsequently without any user interaction infected the computer.
For me is an inconvenience and a nuisance. But at least I can fix the problem given time. The problem is others do the same and can’t fix their computer so it ends up costing money to repair their computer, creates considerable grief and wastes a considerable amount of time. I’ve seen quite a few people tricked by fake antivirus programs and some people have also paid money for the program to repair their computer. The program doesn’t repair the computer. It is just a scam.
Effective immediately I would recommend people stay away from Sourceforge.net to download programs. Don’t take the risk.
The program I used has been downloaded 2,040 times and recommended 160 times. The scanning I did on the program doesn’t report any malware (which included 48 antivirus programs including all the commonly used antivirus programs) but I suspect it is when the program runs it opens a web page which had malware installed. This creates what is known as a drive-by infection where opening a page infects a computer.
Effective immediately do not trust Sourceforge.net if you are looking to download a program.
 

 

Nice find Kelvin! Thanks for sharing. I will inform my readers about Avasoft malware and possible risk when downloading from Sourceforge too. Actually, it's not the first time Sourceforge is distributing malware. I remember pretty much the same incident a few months ago, except that it wasn't fake AV but a password stealing Trojan which is a lot more dangerous piece of malware.
ReplyDeleteMichael