The malicious site was registered in the US and hosted in Ukraine

Apr 18, 2013 09:41 GMT  ·  By

Cybercriminals often set up replicas of popular websites and use them to distribute malware. A perfect example is sourceforgechile.net, a website that replicates the popular source code repository SourceForge.

Experts from security firm Zscaler say the website was registered a week ago in the US and hosted on a server in Ukraine. Currently, it’s not responding, but a couple of days ago it served a piece of malware related to the infamous ZeroAccess Trojan.

The malicious element was disguised on the fake SourceForge site as an executable named “minecraft_1.3.2.exe.” The cybercriminals were probably hoping that users would mistake it for one of the many Minecraft open-source projects hosted on SourceForge.

Once it infects a computer, the malware hides itself in the Recycle Bin and starts dropping malicious files. It registers itself as a Windows service, after which it injects malicious code into other threads and DLL files.