SourceForge could start it again, but make it much less obvious. Simply pre-infect all of the downloads with malware. If caught, claim it was a hack, or that it 'somehow' got uploaded that way from the author. Then offer to fix it. The first few times everyone would believe it.
However, at this point, SourceForge has burned whatever trust it ever had. Soon the only people left are those gullible enough to believe SourceForge.
Something this face palm worthy can only be accomplished by a manager or someone higher up* in the organization.
*Note that everyone except the engineers perceive the value hierarchy to be inverted.