According to Zscaler researcher Julien Sobrier, one of the malicious files that could be downloaded from the fake SourceForge site is posing as a set of modifications for the popular Minecraft game - a considerable number of which actually exist on the legitimate repository page.
But this particular file - minecraft_1.3.2.exe - is actually malware closely related to the ZeroAccess Trojan, whose main goal is to hide itself on the infected computer, enslave it into a botnet, and surreptitiously click on online ads on the behalf of the computer owner and thus earn money for the botnet owner(s).
Users are always advised to download their software from reputable websites, but should also be careful and check whether the website URL is the correct one before starting any download.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.