Bypass SourceForge Adware by spoofing as Googlebot

Following our recent demonstration of SourceForge delivering an Adware installer instead of the proper FileZilla package, our member TSJnachos117 posted a comment suggesting to spoof their user agent as a Linux OS user to get the real downloads. So I gave this a try and sure enough the user agent affects how files are delivered. We used the Firefox Extension 'User Agent Overrider'.

When I chose the user agent to imitate Firefox running on Linux, it automatically delivered a .tar.bz2 file, which is a common archiving format using in Linux. So I manually browsed for the Windows executable and sure enough, it delivered the proper FileZilla setup package. The Zip package also delivered the proper Zip file, which otherwise would deliver the Adware installer executable had we not spoofed the user agent.

ADVERTISEMENT

For curiosity, we then tried the Googlebot user agent and made another download attempt. This time, it gave the proper Windows x64 setup file by default, avoiding the extra step of manually browsing for the Windows setup file. This trick also works when manually browsing for files on SourceForge, where it delivers the proper Zip and Executable files instead of its sneaky Adware installer.

There are a few clues as to whether SourceForge will deliver its Adware installer or the proper file. When it is going to deliver the Adware installer, it will display the following:

ADVERTISEMENT

SourceForge Adware Downloader

Now compare it to the following screenshot as it is about to deliver the proper FileZilla installation package:

SourceForge Proper Downloader

ADVERTISEMENT
  1. No countdown timer is shown when it is about to download the Adware installer.
  2. It always shows "Mirror provided by:" and the mirror host logo when it is about to deliver the proper file.
  3. The Adware installer is consistently 855KB in size, at least with every download we received.

The proper FileZilla installer gives a zero detection result on VirusTotal:

Harmless FileZilla installer VirusTotal

Like how SourceForge delivered the proper files when we used the Chrome browser, we have also had the same success choosing "Windows / Chrome" as the user agent. It's not clear why they exclude Windows Chrome users from getting the adware installer, unless Chrome has blacklisted the Adware installer or the domain it is hosted on.

The User Agent Overrider for Firefox can be obtained here.

To add the Googlebot option to the User Agent Overrider, just go into its Preferences and add the following to the end of its entries list:

# Bots
Googlebot: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

Once the download starts, don't forget to turn off the User Agent Overrider, otherwise some websites will not display properly.

No posts to display