Over the weekend a fire storm was unleashed after users started posting on Reddit about how the installer for the popular FileZilla FTP software was being tagged as adware by VirusTotal. These detections are caused by the installer, which is monetized to display offers to users as they install the software.
When downloading installers for FileZilla, the web site contains two different downloads. The main promoted download is the one that pushes offers and is named in a format similar to FileZilla_3.34.0_win64-setup_bundled.exe. FileZilla also offers a download that does not provide offers at
this page and will be named similar to FileZilla_3.34.0_win64-setup.exe.
The key word that indicates whether the installer will display offers is the word "bundled". If you download FileZilla from the main site and it includes the word "bundled" then you will be presented with offers.
There is also a stark contrast between the installers in terms of how they are detected by antivirus vendors. For example, the bundled installer has a
8/68 detections on VirusTotal, with most detecting it as an adware installer. The clean version, on the other hand, has
0/68 detections.