OK, I’m miffed – I’m pissed off big time with malware masquerading as helpful software, or is that the other way round?

Firstly, .. in my crosshairs tonight is the ftp program called FileZilla!

The main download page offers an **enhanced** version of their software. Download it and then the internal alarms go off in Win10, but you don’t see or hear the fuckers till it’s too pissin’ late and the bloody things been installed.

It appears that there is now a set of files included with the *.exe from the main approved FileZilla site, files that provide added user interaction in the shape of FusionCore.

** It’s crappy hidden software that’s nothing more than third party bundlers of adware and PUP applications.

The additional payload typically offers addon applications, that users of the original corrupted software are supposedly looking for. For example: file converters and photo editing software, that may also include adware and potentially unwanted programs (PUPs), that you’ve already approved for download in other third party software installers.

Remember folks, .. it’s all been done with your express permission, and it happened when you blindly accepted the terms and conditions of the officially registered and signed installer: grrrrrrrr!

Basically, that quick click of the wrist gave you a viral download to contend with, but like an organic STD: it’ll burn you at a later date. The, (not quite), malware in question, is explained fully in the MalwareBytes forum.

The Author of FileZilla, has even defended his stance on including his **enhanced** well placed software. From his unequivocal righteous position on what he’s allowed to happen in his name, then to put it mildly: I’m as pissed as fuck that this poxy shite, from that wrist jerk by that unprincipled jerk, has even got on my system to impregnate it in the first place.

Using a condom to come off, .. on top. Here’s how to get what you want without paying the prostitutes going rate. Follow the link to the official ZIP file download page, and then find the zip archive of your choice: either 64 bit or 32 bit, ..

BTW: 32 bit programs work fine on 64 bit machines, but not visa-versa: always install 32 bit if unsure.

The following, direct download link of the zip file, might not work for you due to nightly build numbers, but as of 05/09/2002 — it is correct, FileZilla_x.xxxxx_win64.zip

My second bloomin gripe, .. is directed at those fucking late alarms built right into Win10 itself.

Now, usually I have nothing but high praise for Windows Defender, it does what it says on the tin, and does it well, and the scanner even reported that the FileZilla file was clean.

Then after the install the shit hit the fan, because it was at that point that App and Browser Control kicked off. Defender allowed me to install that viral load, and only after the name of the *.exe was registered in my download page: did the small icon on the task bar indicate that there was a problem.

Fusion.c (is – was) considered as a low risk, with the App asking, What do you want to do:- Delete, Quarantine or Ignore.

Deleting and Quarantining does precisely that, but it doesn’t stop the bloomin’ warnings from staying plastered right across the taskbar icon, or even inside the App part of the program itself, and all other attempts to delete again: result in errors being recorded to the effect that this action cannot be accomplished, ..

WTF?? – Has the viral infection got in?? – Is my entire system screwed??

So I ran the Defender program, off-line (nothing.)

Yet the App Browser Control warnings remained.

Pissing gripe 2.a), .. downloaded Malwarebytes, ran an in-depth scan, again – (nothing!)

** But that free program slowed my machine down to a craw, and it’s got some guts: so as a consequence, there’s no link for it.

You want it? Then you can find the anti-viral program for yourself, but I’m not impressed with the wretched thing, especially with the software trying to install and run the Pro version without my permission, instead of the free one which is all I wanted.

I was especially *not* impressed with the heavy-weight-selling-techniques that the program went in for; all done to frighten me, and then thusly (make) me keep the bloomin heavy weight thing on my system.

Geek uninstaller found absolutely shit loads of crap that Malwarebytes left behind, which also means that the windows registry will be full of the crappy stuff as well. Sigh! – Another cleaning job for another time.

So, with the App and Browser Control (!) warnings still plastered all over the Defender Shield Icon, and right in my worried eye line, and with me not being able to do anything about it anyway: I reluctantly turned (off) the Low Warnings in the software control panel, basically telling the software to (ignore the warnings) in these missing files that it had already deleted.

At which point the App reappeared, but minus any (!) warning icons, about the poxy missing files: that, (as I say), ( IT! ) had already deleted – (!)

Mickysoft, .. your software really sucks sometimes.

Third bitch, .. is directed at WordPress itself, and especially Firefox.

As some of you may well know, my website is constantly being hammered with brute force login attempts. The poxy hackers haven’t got in yet, and that’s all due to the thirty two length character password string that I’m using (god help me if I ever lose it.)

So to dissuade them, I installed a plugin that actually hides the wp-login.php and wp-admin.php files: thusly stopping the Hacking Twatts dead, but it didn’t, and the cheeky fucks who make the plugin even have a PRO version that they want you to buy.

Now, .. I’d never have even known that it wasn’t working, if I hadn’t had a brute force plugin installed that reported the illegal login attempts.

Here’s a small example of my sites GET and POST request that’s been generated by the Apache server log.

After numerous attempts of overloading the server itself with weird request strings, the Bot script itself then uses a well known loop-hole to reveal the hidden login string: more of that later, here the Bot issued a standard GET statement.

Then the BOT attempts to login with a POST statement, but after two failed attempts the IP address gets blacklisted for 24 hours, via a most excellent WP Plugin called Limit Login Attempts Reloaded.

[ 02/Sep/2020:01:10:01 +0100 ] 
“POST /b92login/ HTTP/1.1” 200 9820 
“https://www.b92mjs.co.uk/b92login/” 
“Mozilla/5.0 (Windows NT 6.1; Win64; x64) 
AppleWebKit/537.36 (KHTML, like Gecko) 
Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51” 
95.84.54.4 pigsoft.net 95.84.54.4

BUT, as I’ve found out: the poxy pigging hackers have more IP address to hand that I can handle, and the above Apache Log commands occurred within micro seconds of each other, with more pouring in by the minute.

So my bitch in this case, .. is the Firefox bug that forces the WordPress core to show the login string, an issue that’s been known about for at least five years, here’s the link to the article at wordpress.org.

Basically in a nutshell, open the Firefox browser: go to your website that has a hidden wp-login.php plugin installed, and then in Firefox add the following to the end of your web site string as in, ..

http://www.mysite.com/

%77%70%2D%6C%6F%67%69%6E.%70%68%70

Both parts of that line join up, to use it: simply replace the https://www.musite.com web link with your own sites URL, to then see your own hidden login string magically revealed. Which is a hacking trick that the scripted Bots are using, and is a flaw that’s been known about for at least four years.

Epilogue: why the flippin heck do we all put up with this inefficient sodden soft (ware) shit? – No idea! – Lets all make a movement, a bowel movement and get rid.

Thanks for reading, Jessica: Praise be the ORI.