One of those two sites is distributing adware. Which of them?

File Converter (FOSS) by Adrien Allard was hosted on file-converter[.]org since a decade. Then someone a few weeks ago snatched that domain and it’s now distributing adware. Almost identical design for the page, 100% designed to deceive users to download a different product, as it’s called Zamzar.

  • irotsoma@lemmy.world
    link
    fedilink
    English
    arrow-up
    22
    ·
    6 months ago

    It seems it’s not so much they stole the domain, it’s that they are using the same name with a different top-level domain. This is a common shady practice in malware. Most people can’t afford to purchase every TLD or their domain and so just pick one or two. Problem is that search engines will find the bad TLDs and suggest them over the real TLD if the malware providers do proper SEO manipulation. A FOSS author is unlikely to be able to or afford the time and effort it takes to manipulate search results and most popular search engines are not doing much to fix the problem, and instead relying on “AI” to reduce the costs of maintaining their search results, which does a pretty bad job, IMHO.

    • Moonrise2473@feddit.itOP
      link
      fedilink
      English
      arrow-up
      8
      ·
      6 months ago

      originally it was hosted in the .org domain, then somehow it changed hands and it was changed to .io

      • irotsoma@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        6 months ago

        Ah, thanks for clarifying. I didn’t see that mentioned anywhere and the git repo is showing .io

    • trolololol@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      6 months ago

      Would fdroid be safe from this kind of practice? Of course there’s no web domains involved but the exploit there is potentially the same

        • trolololol@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          What I mean is fake apps with slightly different names, does fdroid have the potential to approve them? Even if it’s open source, if someone intentionally adds malicious code it can take a couple months to spot, while the scan is going on.