Winnie123
Posts: 5
Joined: Mon Aug 24, 2015 3:30 pm

"Remote Access SFTP" document link to malware

Tue Aug 25, 2015 6:17 pm

While I tried to figure out how to move files between my Raspberry Pi and my regular windows computer, I follow the following instruction and download this "FileZilla":
https://www.raspberrypi.org/documentati ... sh/sftp.md

It turn out that this FileZilla installed a lot of maleware and rubbish with names that tried to full you. Eg. chromium (fake google stuff), Winzip registry optimizer (fake winzip stuff). I then found on cnet download several users complaining about the same malware! http://download.cnet.com/FileZilla/3000 ... 08966.html

I'm quite new to R-pi, not sure how to edit the document. Perhaps the user can varify the situation so that others won't be affected?

fruitoftheloom
Posts: 20745
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: "Remote Access SFTP" document link to malware

Tue Aug 25, 2015 6:33 pm

Winnie123 wrote:While I tried to figure out how to move files between my Raspberry Pi and my regular windows computer, I follow the following instruction and download this "FileZilla":
https://www.raspberrypi.org/documentati ... sh/sftp.md

It turn out that this FileZilla installed a lot of maleware and rubbish with names that tried to full you. Eg. chromium (fake google stuff), Winzip registry optimizer (fake winzip stuff). I then found on cnet download several users complaining about the same malware! http://download.cnet.com/FileZilla/3000 ... 08966.html

I'm quite new to R-pi, not sure how to edit the document. Perhaps the user can varify the situation so that others won't be affected?
https://www.raspberrypi.org/documentati ... sh/sftp.md

..has a link to FileZilla and clicking on the link takes one to

https://filezilla-project.org and the downloads direct to Sourceforge not CNet ;)


So it has nothing to do with the RPF WebSite, more a Windows NT Crapware issue :roll:
Retired disgracefully.....

gkreidl
Posts: 6097
Joined: Thu Jan 26, 2012 1:07 pm
Location: Germany

Re: "Remote Access SFTP" document link to malware

Tue Aug 25, 2015 6:42 pm

Yes, but the at least the windows version install lots of spyware.
BTW, the linux version is rather buggy and I stopped using it a while ago.

I've created an issue on github.com/raspberrypi/documentation.
Minimal Kiosk Browser (kweb)
Slim, fast webkit browser with support for audio+video+playlists+youtube+pdf+download
Optional fullscreen kiosk mode and command interface for embedded applications
Includes omxplayerGUI, an X front end for omxplayer

markuswelby
Posts: 12
Joined: Mon Aug 24, 2015 6:06 pm
Location: Pompey, UK

Re: "Remote Access SFTP" document link to malware

Tue Aug 25, 2015 6:45 pm

The last time I downloaded and installed the windows version of Filezilla from the Sourceforge site it installed malware also...

fruitoftheloom
Posts: 20745
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: "Remote Access SFTP" document link to malware

Tue Aug 25, 2015 6:46 pm

gkreidl wrote:Yes, but the at least the windows version install lots of spyware.
BTW, the linux version is rather buggy and I stopped using it a while ago.

I've created an issue on github.com/raspberrypi/documentation.
Well all the links on the download page (WinNT, OSX, Linux) go to Sourceforge for me ;)
Retired disgracefully.....

Heater
Posts: 13353
Joined: Tue Jul 17, 2012 3:02 pm

Re: "Remote Access SFTP" document link to malware

Tue Aug 25, 2015 7:47 pm

The moral of the story is:

Do not download and run random executable code from places you cannot trust.

Who can you trust? A good question. I certainly would not start with CNET.
Memory in C++ is a leaky abstraction .

kaos
Posts: 108
Joined: Mon Mar 26, 2012 8:14 pm

Re: "Remote Access SFTP" document link to malware

Tue Aug 25, 2015 8:37 pm

The links do go to SourceForge, but if you click the nice friendly "Download FileZilla Client" button, and on the next page, the equally nice and prominent "Windows 64-bit, Filezilla 3.13 etc. (Recommended)" link you will get a crapware bundle! So this particular pile of crap is courtesy of Filezilla, not CNET.
Admittedly there is a warning below the link that "This installer may include bundled offers. Check below for more options" and if you do click the "show additional download options", you can actually download a clean FileZilla installer.
Nevertheless, I'm deeply saddened that an established and respected maker of software like FileZilla should feel compelled to this kind of sleight of hand. To add insult to injury, the particular installer used does it's best to hide what software you are accepting, short of actually not asking for your approval. Each program in the bundle does have an "Accept" / "Reject" window, but no logo or headline indicating what the program is; only the name buried deep in a wall of text.
Now, I'm pretty sure FileZilla has despite everything not descended to the depth of bundling actual spyware or malware. At least the programs I was offered seemed innocent enough; one of them was the Opera browser which I have used before. So it should be easy enough to get rid of the pests by uninstalling.
Finally, does anybody know of another good, free, FTP client? I think I will have to flush FileZilla down the drain after this.

--
Best regards,
Kári

User avatar
Jednorozec
Posts: 809
Joined: Sun Nov 24, 2013 2:17 pm
Location: Deposit, NY

Re: "Remote Access SFTP" document link to malware

Tue Aug 25, 2015 8:47 pm

If you're running Windows, try http://winscp.net. I've been using it for a fair number of years with no problems.
The most important leg of a three legged stool is the one that's missing.
It's called thinking. Why don't you try it sometime?

kaos
Posts: 108
Joined: Mon Mar 26, 2012 8:14 pm

Re: "Remote Access SFTP" document link to malware

Tue Aug 25, 2015 9:06 pm

Thank you, I'll give it a try.

--
Best regards,
Kári

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 5968
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: "Remote Access SFTP" document link to malware

Wed Aug 26, 2015 1:08 am

Which installer is supposed to contain the malware?

I only see "FileZilla_3.13.1_win64-setup.exe" which is a clean nullsoft installer with nothing bundled in.

kaos
Posts: 108
Joined: Mon Mar 26, 2012 8:14 pm

Re: "Remote Access SFTP" document link to malware

Wed Aug 26, 2015 8:57 am

Yep, that is the clean installer. The first (and recommended) link in this page, https://filezilla-project.org/download.php?type=client, will download something called "FileZilla_3.exe", which is a bundle installer. That page is where you are taken if you click on the "Download FileZilla client" button on the page linked to from the Remote Access article.
As I said before, I'm not convinced that the bundles contain any actual malware, but certainly unwanted crap that the user was in all probability not looking for or expecting.

--
Best regards,
Kári.

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 5968
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: "Remote Access SFTP" document link to malware

Wed Aug 26, 2015 9:26 am

I had some trouble confirming this. When I use chrome, no matter what I do, I always get the clean download. However, using internet explorer (do people actually do that?) does indeed use the sourceforge malware installer.
kaos wrote:unwanted crap that the user was in all probability not looking for or expecting
Pretty sure that's one of the definitions of malware. If it isn't, it should be.

User avatar
RaTTuS
Posts: 10459
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK

Re: "Remote Access SFTP" document link to malware

Wed Aug 26, 2015 9:52 am

ShiftPlusOne wrote:I had some trouble confirming this. When I use chrome, no matter what I do, I always get the clean download. However, using internet explorer (do people actually do that?) does indeed use the sourceforge malware installer.
kaos wrote:unwanted crap that the user was in all probability not looking for or expecting
Pretty sure that's one of the definitions of malware. If it isn't, it should be.
^ I can confirm this
as I always use chrome everything I downloaded has been the clean version

as win 10 comes with the edge browser that may download the bad versions [I've not yet tried this]

[quick edit]
i.e. on vista 64 and win 7 can download a bad one
chrome on vista 64 win 7 , win 10 and win 8 all download the good one ...
edge on Win10 downloads a good one
so YMMV
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

User avatar
kusti8
Posts: 3439
Joined: Sat Dec 21, 2013 5:29 pm
Location: USA

Re: "Remote Access SFTP" document link to malware

Wed Aug 26, 2015 12:08 pm

Yet another reason to use Chrome... :roll:
There are 10 types of people: those who understand binary and those who don't.

plugwash
Forum Moderator
Forum Moderator
Posts: 3455
Joined: Wed Dec 28, 2011 11:45 pm

Re: "Remote Access SFTP" document link to malware

Wed Aug 26, 2015 12:53 pm

ShiftPlusOne wrote:I had some trouble confirming this. When I use chrome, no matter what I do, I always get the clean download.
I know at one stage chrome was marking sourceforge as a malware site. Maybe sf cut a deal with google to not serve crapware to chrome users in exchange for removing the malware mark.

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 5968
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: "Remote Access SFTP" document link to malware

Wed Aug 26, 2015 1:31 pm

Interesting

It's a shame to see open source projects opt into this sort of nonsense.

kaos
Posts: 108
Joined: Mon Mar 26, 2012 8:14 pm

Re: "Remote Access SFTP" document link to malware

Wed Aug 26, 2015 6:14 pm

ShiftPlusOne wrote:I had some trouble confirming this. When I use chrome, no matter what I do, I always get the clean download. However, using internet explorer (do people actually do that?) does indeed use the sourceforge malware installer.
At least one or two individuals, I'm reliably informed :o As for myself, I was using Firefox and didn't even think to try other browsers. I did a test with Chrome just now, and can confirm that it will download the clean installer instead of the bundle.
kusti8 wrote:Yet another reason to use Chrome... :roll:
Not if ...
plugwash wrote:Maybe sf cut a deal with google to not serve crapware to chrome users in exchange for removing the malware mark.
... at least IMO. I can, however, imagine a more palatable scenario, at least as far as Google is concerned: Doesn't Chrome have some kind of user rating system built in? (I'm afraid I don't use the various Google "community" tools, so I don't know for sure.) Maybe the malware site mark was a result of that kind of feedback, and SF decided unilaterally to stop serving bundles to Chrome users to improve their ratings? Unfortunately that does imply that it is SF that is behind this dastardly behaviour. (I've been looking for a decent excuse to use that word :D )
ShiftPlusOne wrote:
kaos wrote:
unwanted crap that the user was in all probability not looking for or expecting

Pretty sure that's one of the definitions of malware. If it isn't, it should be.
Heh, potatoes/potatos. My personal definition of malware is malicious software, i.e. a program that causes harm to you, your computer or your bank account. Useless crap that just sits there until thrown out, is what I call crapware. This is only semantics, of course; the point is that whatever you call it, it is unwanted, uninvited and a security risk, even if it is not deliberately programmed to do damage.

--
Best regards,
Kári.

plugwash
Forum Moderator
Forum Moderator
Posts: 3455
Joined: Wed Dec 28, 2011 11:45 pm

Re: "Remote Access SFTP" document link to malware

Wed Aug 26, 2015 6:23 pm

AIUI sourceforge are bundling the crapware with filezilla's permission and in exchange filezilla gets a cut of the profits.

Winnie123
Posts: 5
Joined: Mon Aug 24, 2015 3:30 pm

Re: "Remote Access SFTP" document link to malware

Thu Aug 27, 2015 7:35 am

Winnie123 wrote:While I tried to figure out how to move files between my Raspberry Pi and my regular windows computer, I follow the following instruction and download this "FileZilla":
https://www.raspberrypi.org/documentati ... sh/sftp.md

It turn out that this FileZilla installed a lot of maleware and rubbish with names that tried to full you. Eg. chromium (fake google stuff), Winzip registry optimizer (fake winzip stuff). I then found on cnet download several users complaining about the same malware! http://download.cnet.com/FileZilla/3000 ... 08966.html

I'm quite new to R-pi, not sure how to edit the document. Perhaps the user can varify the situation so that others won't be affected?

Thanks for your attention.
Well, just to clarify that I download this FileZilla based on Raspberrypi.org document from (https://www.raspberrypi.org/documentati ... sh/sftp.md).

(I did not download from CNET. I simply quote what CNET users review about FileZilla.)

It installed some "WinZip registry optimizer" that kept saying I have loads of registry errors and I can't close that thing. and many 'unexpected stuff'. One can argue whether they are malware, rubbish, or whether they are harmless. But for sure, some other organization had taken advantage from Raspberry Pi community to spread unrelated stuff.

Therefore, I want to get this reported, and made aware o the community that this thing exist in our github documentation!

fruitoftheloom
Posts: 20745
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: "Remote Access SFTP" document link to malware

Thu Aug 27, 2015 8:04 am

Winnie123 wrote:
Winnie123 wrote:While I tried to figure out how to move files between my Raspberry Pi and my regular windows computer, I follow the following instruction and download this "FileZilla":
https://www.raspberrypi.org/documentati ... sh/sftp.md

It turn out that this FileZilla installed a lot of maleware and rubbish with names that tried to full you. Eg. chromium (fake google stuff), Winzip registry optimizer (fake winzip stuff). I then found on cnet download several users complaining about the same malware! http://download.cnet.com/FileZilla/3000 ... 08966.html

I'm quite new to R-pi, not sure how to edit the document. Perhaps the user can varify the situation so that others won't be affected?

Thanks for your attention.
Well, just to clarify that I download this FileZilla based on Raspberrypi.org document from (https://www.raspberrypi.org/documentati ... sh/sftp.md).

(I did not download from CNET. I simply quote what CNET users review about FileZilla.)

It installed some "WinZip registry optimizer" that kept saying I have loads of registry errors and I can't close that thing. and many 'unexpected stuff'. One can argue whether they are malware, rubbish, or whether they are harmless. But for sure, some other organization had taken advantage from Raspberry Pi community to spread unrelated stuff.

Therefore, I want to get this reported, and made aware o the community that this thing exist in our github documentation!
Why did you install Win Zip Registry Optimizer ?

The RPF Documentation can not be held accountable for you installing CrapWare, that is just plain daft as daft can be..... :roll:
Retired disgracefully.....

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 5968
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: "Remote Access SFTP" document link to malware

Thu Aug 27, 2015 8:08 am

No need for that. We all know that windows users are trained to click 'accept' on thousand page EULAs while installing pretty much anything. The sourceforce installer exploits that by making it look like the usual EULA nonsense, but actually ask you if you want to install the optional crapware. It's easy not to notice.

fruitoftheloom
Posts: 20745
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: "Remote Access SFTP" document link to malware

Thu Aug 27, 2015 8:11 am

ShiftPlusOne wrote:No need for that. We all know that windows users are trained to click 'accept' on thousand page EULAs while installing pretty much anything. The sourceforce installer exploits that by making it look like the usual EULA nonsense, but actually ask you if you want to install the optional crapware. It's easy not to notice.
Still not the fault of the RPF Documentation though :D
Retired disgracefully.....

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 5968
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: "Remote Access SFTP" document link to malware

Thu Aug 27, 2015 8:22 am

Indeed, but it's the 'daft' comment which wasn't called for.

fruitoftheloom
Posts: 20745
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: "Remote Access SFTP" document link to malware

Thu Aug 27, 2015 8:32 am

ShiftPlusOne wrote:Indeed, but it's the 'daft' comment which wasn't called for.
Yes I was being DAFT ROFL !!!!
Retired disgracefully.....

gkreidl
Posts: 6097
Joined: Thu Jan 26, 2012 1:07 pm
Location: Germany

Re: "Remote Access SFTP" document link to malware

Thu Aug 27, 2015 10:23 am

No "fault" in the RPi documentation, but the important question is:
Should the documentation recommend software that installs crapware by default?
Minimal Kiosk Browser (kweb)
Slim, fast webkit browser with support for audio+video+playlists+youtube+pdf+download
Optional fullscreen kiosk mode and command interface for embedded applications
Includes omxplayerGUI, an X front end for omxplayer

Return to “Off topic discussion”