Hacker News new | comments | ask | show | jobs | submit login

Unfortunately Filezilla has this trojan for some years now! The trojan send all your identities to a server. This is tested 100%. We had many passwords stolen this way and we are 100% sure that it's filezilla.

Just take this test: Try to download the Filezilla and when the download page shows click on the Direct Link. Then compare the two executables, one that downloaded automatically and the one that it downloaded via the direct link. You will see that the direct download is clean but the other has the SF icon and it has a virus!

That's a pretty serious claim. Do you actually have evidence to prove it was FZ? Just because the SF executable includes spyware doesn't mean it's disclosing passwords.

You are kidding right? And what do you think that spyware does? They steal passwords! Our DC warns us of stolen passwords every time a client is using this exactly "touched" version of FZ. The DC is informed by a security firm and 100% of the situations is the Filezilla that steals them!

You're 100% sure? I would expect to see registry diffs before/after FileZilla was installed, disassembled code of the subroutine accessing your passwords in the malicious program, and a network packet capture of your data being sent over the wire.

...well not mine anymore, I uninstalled it... ;)

It's easy to blame Sourceforge. But Filezilla is not a SourceForge project and they can choose whatever hosting they want. I wonder what else they missed on.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact