Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looking for free, safe FTP Client


  • Please log in to reply
13 replies to this topic

#1 bockery

bockery

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 15 January 2015 - 01:25 AM

I recently downloaded FileZilla, which was bundled with some nasty malware (Vosteran).

 

Now I'm trying to find a totally safe FTP Client alternative.  What is user-friendly and safe to download?



BC AdBot (Login to Remove)

 


#2 M. de Jager

M. de Jager

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 AM

Posted 15 January 2015 - 01:49 AM

I don't know where you downloaded FIleZilla, but I never found any malware in it... So tell me, where did you download it from?

 

If you get it from the official website, here I don't see any problem, or use the direct link.

 

To inform you it is safe I scanned the setup using Virustotal, see the result here.

 

But when you are 100% sure you want something else, you can get a look on this website.



#3 bockery

bockery
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 15 January 2015 - 02:14 AM

I got it from the FileZilla website.  I've been reading tons of complaints about Source Forge and bundling adware into the download process, which is exactly what happened to me.  I'm a little nervous to do it again, because it took me a while to take care of the malware.

 

I've also been reading that even if you do not agree to additional bundling options, there still may be malware with FileZilla through SF?



#4 M. de Jager

M. de Jager

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 AM

Posted 15 January 2015 - 02:23 AM

Well, I've used FileZilla since I was busy to make websites (don't ask about it) and never had any problems.

 

Can you give me some prove that there was malware inside? Oh, and if you don't want to download it from that website, I've uploaded the file to my Google Drive, feel free to download it from it.

 

I've also been reading that even if you do not agree to additional bundling options, there still may be malware with FileZilla through SF?

Where? Without any source I can't help/inform you about it. ;)

 

Oh and if you think you're infected with malware, you can always open a topic in the Am I infected? What do I do? section. Make sure that you read this first.

 

Regards.



#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 15 January 2015 - 05:29 AM

Maybe it's too simple for your use case, but you do know that most browsers support the FTP protocol? Example: ftp://ftp.adobe.com/


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 15 January 2015 - 05:36 AM

There's another topic covering FileZilla bundling addware:

 

http://www.bleepingcomputer.com/forums/t/559564/is-there-a-safe-way-to-download-freeware/page-3?hl=%2Bfilezilla#entry3589989


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 15 January 2015 - 06:00 AM

I recently downloaded FileZilla, which was bundled with some nasty malware (Vosteran).

 

I was thinking that maybe you have the Source Forge installer and not the FileZilla install program (they have the same name). Can you upload your FileZilla setup to http://www.virustotal.com and share the link of the analysis here?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 PM

Posted 15 January 2015 - 08:12 AM

I recently downloaded FileZilla, which was bundled with some nasty malware (Vosteran).

 
I was thinking that maybe you have the Source Forge installer and not the FileZilla install program (they have the same name). Can you upload your FileZilla setup to http://www.virustotal.com and share the link of the analysis here?


It's the SourceForge.net installer that bundles Vosteran, however, there's a clear option to decline it. There's an "Advanced" checkbox that is greyed out but you can still click on it and more options about Vosteran appears. They also try to bundle Optimizer Pro. This is if you go on the FileZilla website and you click on the big "Download Now" button by SourceForge, so they are the guilty people here. If you click on "Show additional download options" on FileZilla website, and click on the .exe setup for Windows, it's the clean FileZilla installer.

The website at fault here is SourceForge bockery, not FileZilla.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 15 January 2015 - 09:48 AM

The website at fault here is SourceForge bockery, not FileZilla.


No, it is the FileZilla developer's fault. This adware bundling on SourceForge is opt-in.
https://sourceforge.net/blog/today-we-offer-devshare-beta-a-sustainable-way-to-fund-open-source-software/

He decided to opt-in:
https://forum.filezilla-project.org/viewtopic.php?f=1&t=31967&start=89

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 PM

Posted 15 January 2015 - 10:37 AM

The website at fault here is SourceForge bockery, not FileZilla.


No, it is the FileZilla developer's fault. This adware bundling on SourceForge is opt-in.
https://sourceforge.net/blog/today-we-offer-devshare-beta-a-sustainable-way-to-fund-open-source-software/

He decided to opt-in:
https://forum.filezilla-project.org/viewtopic.php?f=1&t=31967&start=89


Well said that way you are right. I didn't know about that. At least, there's still a clean installer on the website, it's just not obvious to see and not proposed by default.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 bockery

bockery
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 15 January 2015 - 02:04 PM

Hey, guys - 

 

Those alternate download links both redirect to SourceForge.  Maybe that's a recent development, but I just want to make sure I'm totally safe using the alternate download link, even if it is from SourceForge.

 

Am I safer downloading the portable version and extracting/installing myself?



#12 bockery

bockery
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 15 January 2015 - 02:20 PM


 

 

 

I recently downloaded FileZilla, which was bundled with some nasty malware (Vosteran).

 

I was thinking that maybe you have the Source Forge installer and not the FileZilla install program (they have the same name). Can you upload your FileZilla setup to http://www.virustotal.com and share the link of the analysis here?

 

 

Sorry, I can't - I wasn't sure if I had the real software or a doppleganger after all the hijacker stuff, so I deleted FileZilla as well.  Would love to re-download if it's totally safe.

 

 



#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 15 January 2015 - 06:40 PM

Download from the alternate links, then check the digital signature of the file you downloaded. It should say "Open Source Developer, Tim Kosse".

If you don't know what a digital signature is, I explain how you check it in this video:

http://www.bleepingcomputer.com/forums/t/519715/instructional-video-checking-the-digital-signature-of-windows-executables/

 

As far as I know, it's SourceForge that is bundling software in its downloader for FileZilla, and not the developer Tim Kosse. So if you download something signed by him, it should not contain adware.

But again, I can't be 100% sure, this may change in the future. The developer Tim Kosse gave permission to SourceForge to bundle adware.

 

He said that the automatic updater for FileZilla does not contain adware. It uses the same installers as the alternate links.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 riopelnet112

riopelnet112

  • Banned
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 21 January 2015 - 06:03 AM

This is if you go on the FileZilla website and you click on the big "Download Now" button by SourceForge, so they are the guilty people here. If you click on "Show additional download options" on FileZilla website, and click on the .exe setup for Windows, it's the clean FileZilla installer.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users