Malware makers hitting Open Source projects -

Open sauce developers are getting hit by an alarming trend amongst malware makers to take their code and counterfeit it, or place malware under the bonnet.

Writing in his bog , VideoLAN developer Ludovic Fauvet he has seen his code being redistributed by various organizations' websites, some of which claim that VLC is theirs. They lure users with paid Google AdWords ads,

To make matters worse, some of them are installing malware and spyware in the installers.

Fauvet said that many of them are bundling VLC with various crapware to make cash. The result is a poor product that doesn't work as intended, that can't be uninstalled and that clearly abuses its users and their privacy.

He has named and shamed the following sites. We do not recommend you go there, but if you have black lists just cut and paste in the addresses.
pinballcorp.com

  • eorezo.com / tuto4pc.com
    Http://vlc.us.com
  • http://www.eorezo.com/cgi-bin/download/direct/index?c_software=vlc
  • http://www.vlcdownload.org
  • http://www.softwaredownload.cc/?gclid=CMyGhoHrwJ8CFcpb4wodNHnJzg
  • http://www.iogiciel.com/l/index.php?option=com_content&view=article&id=53&Itemid=61
  • http://vlcplayer.2010-fr.com
  • http://www.mediaplayers-gratuits.com
  • http://www.durable.com/telecharger/telecharger_vlc-media-player_11341?gclid=CJ6j9eyqiKACFVRm4wodoUL6MQ
    http://www.downloadvlcplayer.net
  • http://vlc-media-player-blog.com
  • http://www.softesdown.com/fr/vlcmediaplayer/
  • http://www.getyoursoft.com/download/name/vlc-media-player/id_soft/18
  • http://supertelech.info
  • http://www.descargarvclmediaplayergratis.com
  • http://www.oficial-es.org/es
  • http://todotusoft.com/Video/Reproductor-Multimedia/1158/VLC-Media-Player.html
  • http://galleries.secure-softwaremanager.com/804e9dc7b4/854190c2bc1e
  • http://www.clickdownloadsoftware.com/player/

While all this is violating trademarks, we guess that the malware writers will not care that much. It also violates the GPL which forbids you changing the code without sending it back to the original project.

VLC is not the only software that is getting turned over and it seems that the only way that any one is able to be sure is going directly to the project team itself.

Fauvet has tried to ask Google to stop selling adwords on the knockoff adverts but has not got anywhere. Of course they are making money on the adverts, but at the same time it might be difficult for them to work out who made the real software. After all it is having a few problems with that itself over its Android software.