14 DAY TRIAL // In mid-April, security researchers from Zscaler reported uncovering a fake SourceForge website, sourceforgechile.net, set up by cybercriminals in an attempt to distribute a variant of the notorious ZeroAccess Trojan.
Now, experts say that several new domains have been registered: - sourceforgeyemen.net; - sourceforgemyanmar.net; - sourceforgemorocco.net; - sourceforgeindiana.net; - sourceforgeecuador.net; - sourceforgepalau.net; - sourceforgegrenada.net; - sourceforgeestonia.net.
These new websites have been registered with the same registrar, but each of them has different WHOIS information.
Sourceforgechile.net was set up to serve what appeared to be an open source version of the popular Minecraft game. The latest domains serve the ZeroAccess Trojan by disguising it as a Minecraft “xray” texture pack and Airport Fighter Simulator.
Currently, none of the sites are accessible, but SourceForge users should be cautious since it’s clear that the cybercriminals are not ready to give up on this campaign.