You may have seen an article yesterday about “ransomware” on SourceForge and Github websites.
The exploit in question leads victims to fake sites, where their PCs are then infected with the offending malicious ransomware. First, we would like to state that no malware in this instance was hosted on SourceForge, but rather the content on SourceForge linked to malware hosted off-site.
We wanted to also assure you that within minutes of becoming aware of the problem, our team here at SourceForge, had removed the offending content and blocked the addresses from which it was being created. Likewise, it’s apparent that our peers at Github took similar actions to address the problem.
One of the side-effects of offering free project hosting is that there are people who will abuse it, and we are constantly on the lookout for this content. It appears that we missed some, and it’s a reminder to be more vigilant going forward. Our mission is to be the trusted source for Open Source, and we recognize that trust is something we must continue to earn, day by day.
If you ever see content on any SourceForge.net site which strikes you as questionable, illegal, or simply not appropriate for the mission of our site, please let us know right away, and we’ll take care of it.