Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
Security Research

More Fake SourceForge Websites Show Up

image
JULIEN SOBRIER
April 30, 2013 - 1 min read
Security Insights

Contents

  1. Article
  2. More blogs
Two weeks ago we reported on a fake SourceForge website, sourceforgechile.net, which was used to distribute malware. We have since seen more of these fake sites this past week:
  • sourceforgebulgaria.net, registered on 05/06/2013
  • sourceforgesweden.net, registered on 05/06/2013
  • sourceforgecyprus.net, registered on 05/02/2013
  • sourceforgeniger.net, registered on 05/01/2013
  • sourceforgeestonia.net, registered on 04/26/2013
  • sourceforgegrenada.net, registered on 04/26/2013
  • sourceforgepalau.net, registered on 04/22/2013
  • sourceforgeecuador.net, registered on 04/21/2013
  • sourceforgeindiana.net, registered on 04/20/2013
  • sourceforgemorocco.net,  registered on 04/19/2013
  • sourceforgemyanmar.net ,  registered on 04/19/2013
  • sourceforgeyemen.net, registered on 04/06/2013
Each domain has been registered with different WHOIS information, but with the same registrar. All of them are unreachable today (DNS does not resolve).

We were however able to obtain two malicious files found from the these websites before they went dark:
  • http://sourceforgeestonia.net/minecraft_xray_texture_pack.exe
  • http://sourceforgeecuador.net/airport_firefighter_simulator.exe
The files are very similar to the malicious files from sourceforgechile.net which we analyzed earlier. They drop and hide malicious binaries into the Recycle Bin and are detected as the ZeroAccess Trojan.

It looks like the attacker is still registering new fake SourceForge websites. I'll update this post with new domain that I uncover going forward.
form submtited
Thank you for reading

Was this post useful?

vote yes
Yes, very!
vote no
Not really

Disclaimer: This blog post has been created by Zscaler for informational purposes only and is provided "as is" without any guarantees of accuracy, completeness or reliability. Zscaler assumes no responsibility for any errors or omissions or for any actions taken based on the information provided. Any third-party websites or resources linked in this blog post are provided for convenience only, and Zscaler is not responsible for their content or practices. All content is subject to change without notice. By accessing this blog, you agree to these terms and acknowledge your sole responsibility to verify and use the information as appropriate for your needs.

Explore more Zscaler blogs

A cyber criminal shopping for malware

Agniane Stealer: Dark Web’s Crypto Threat

Read post
Business people walking through a city

The Impact of the SEC’s New Cybersecurity Policies

Read post
Digital cloud illuminated in blue

Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)

Read post
TOITOIN Trojan

The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region

Read post

01 / 02

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.