SourceForge Injecting Malware In To Software Installers

SourceForge Malware

A popular and long-standing software download site, SourceForge, is injecting malware in to its software installers.  If you go to Google and search for ‘free whatever software’, chances are you’ll stumble upon SourceForge.

For example, if you attempt to download a popular FTP program, FileZilla, you will not be receiving an installer for just FileZilla.  Instead, you’ll find an installer loaded up with adware and malware.

If you’re utilizing ESET Nod32 Antivirus, it detects the installer’s injected payload:


ESET Detecting PUP on SourceForge
ESET Detecting PUP on SourceForge


So it looks like SourceForge has gone the same route as CNET.  I have personally avoided both sites for years and if you’re looking for installers for common programs, Ninite is a legitimate solution.

Vulnerability In HP LaserJet Pro Printers Could Provide Intruders With Access To WiFi

HP LaserJet Pro 1102w

HP has posted a vulnerability alert that could allow a hacker access to your WiFi network via your wirelessly-connected HP LaserJet Pro printer.

A printer on the vulnerability list is the HP LaserJet Pro P1102w, one of the more common HP printers utilized by businesses.

We are frequently asked to configure WiFi printers, but we are strong opponents to such configurations both for reliability purposes, as well as security issues such as this.  We recommend not utilizing WiFi unless absolutely necessary and having a printer connected via WiFi, simply isn’t worth the reliability and vulnerability issues.

The PCI DSS also recommends not implementing WiFi unless absolutely necessary…

[hr size=’big’]

PCI DSS Wireless
PCI DSS Wireless | Click to Enlarge

Source: PCI DSS @ https://www.pcisecuritystandards.org/security_standards/documents.php?category=saqs

[hr size=’big’]

Affected printers are vulnerable until owners download and install the latest firmware via HP’s Support page.

Back To Top