Since I know some people use FileZilla here, it's probably worth warning you that there is a version of FileZilla that will send your login details to a malicious server.
http://it.slashdot.org/story/14/01/2...tm_medium=feed
Xara Group Ltd.
Member
WARNING - Trojanised FileZilla in wild
Since I know some people use FileZilla here, it's probably worth warning you that there is a version of FileZilla that will send your login details to a malicious server.
http://it.slashdot.org/story/14/01/2...tm_medium=feed
Member
Re: WARNING - Trojanised FileZilla in wild
Thank you for the warning.
New Member (No PMs)
Re: WARNING - Trojanised FileZilla in wild
Thanks Much . . . I use Filezilla so I will check for the DLL's you listed. I have good security installed and check regularly and so far so good.
Moderator Emeritus
Re: WARNING - Trojanised FileZilla in wild
The world is a terrible place.
Gary W. Priester
Mr. Moderator Emeritus Dude, Sir
gwpriester.com | eyetricks-3d-stereograms.com | eyeTricks on Facebook | eyeTricks on YouTube | eyeTricks on Instagram
Member
Re: WARNING - Trojanised FileZilla in wild
Thanks Luke. Am I right in thinking that Filezilla direct from them - https://filezilla-project.org/ - is not affected by this? The problem is 3rd party downloads?
JOHN -XaReg (FB) XaReg (DB - ignore prompt to register)
Windows 10 [Anniversary] pro Intel Pentium CPU G630 @ 2.70Ghz RAM: 4 GB; 64-bit x64
Member
Re: WARNING - Trojanised FileZilla in wild
From the FileZilla site
"2014-01-28 - Advisory: Malware downloads on third-party websites
As recently published on the avast! blog, modified versions of FileZilla tainted with malware are being distributed on some third-party websites.
This is by no means a new threat. While this instance is one of the largest to date, there have been many cases of modified versions spreading malware hosted on third-party websites for over a decade. We do not condone these actions and are taking measures to get the known offenders removed. Note that we cannot in general prevent tainted versions on third-party websites or proof their authenticity, especially since the FileZilla Project promotes beneficial redistribution and modifications of FileZilla in the spirit of the GNU General Public License.
To avoid any risk when downloading FileZilla, we recommend that you only download FileZilla from the official FileZilla website or from SourceForge, the official download partner of FileZilla and many other open source projects.
To check the authenticity of your version of FileZilla, the SHA-512 hash of the unmodified FileZilla_3.7.3_win32-setup.exe is f56716044dcf1239d09343d11422b26230fb14419a4e85b702 a03080550bc9e69e1c7ec22312874701de54c1ed4085e0f468 d93d4993b36eabd704406b3567ff
In case you no longer have the installer, the the SHA-512 hash of the installed filezilla.exe in version 3.7.3 is d6d68f564295a878ba6cdf1d79cc90b4cff4fb98177bf5aac0 eb22ad3757f8997e2de718e290eb97520892d04a8d2388bb2b cb71b785d05c2b59b037abf6d28f "
Posting Permissions
Reply With Quote
Bookmarks