A popular and long-standing software download site, SourceForge, is injecting malware in to its software installers. If you go to Google and search for ‘free whatever software’, chances are you’ll stumble upon SourceForge.
For example, if you attempt to download a popular FTP program, FileZilla, you will not be receiving an installer for just FileZilla. Instead, you’ll find an installer loaded up with adware and malware.
If you’re utilizing ESET Nod32 Antivirus, it detects the installer’s injected payload:
So it looks like SourceForge has gone the same route as CNET. I have personally avoided both sites for years and if you’re looking for installers for common programs, Ninite is a legitimate solution.