Security Market Segment LS
Tuesday, 06 December 2011 13:03

Cnet's Download.com is bundling malware with Nmap

By

Fyodor (Nmap's original author) is an angry man right now.  The download.com website has added a wrapper to Nmap and other downloads to install various additional components; the wrapper is also recognized as malware by many AV packages.

According to the summary Fyodor has written, "C|Net's Download.Com site has started wrapping their Nmap downloads (as well as other free software like VLC) in a trojan installer which does things like installing a sketchy "StartNow" toolbar, changing the user's default search engine to Microsoft Bing, and changing their home page to Microsoft's MSN."

Hardly the actions of a trusted source of free and shareware software.

Fyodor continues, referring to a screen image of the Nmap download page on download.com, "Note how they use our registered 'Nmap' trademark in big letters right above the malware 'special offer' as if we somehow endorsed or allowed this.  Of course they also violated our trademark by claiming this download is an Nmap installer when we have nothing to do with the proprietary trojan installer.

"In addition to the deception and trademark violation, and potential violation of the Computer Fraud and Abuse Act, this clearly violates Nmap's copyright.  This is exactly why Nmap isn't under the plain GPL. Our license specifically adds a clause forbidding software which 'integrates/includes/aggregates Nmap into a proprietary executable installer' unless that software itself conforms to various GPL requirements (this proprietary C|Net download.com software and the toolbar don't).  We've long known that malicious parties might try to distribute a trojan Nmap installer, but we never thought it would be C|Net's Download.com, which is owned by CBS!  And we never thought Microsoft would be sponsoring this activity!
"

Read on to see what the AV vendors think of this.


Virus Total shows that (currently) 10 AV vendors out of 39 identifies the package as containing malware; this number is sure to grow as more detect it.

Currently it appears that every new upload to C|net is receiving the wrapper treatment.  So, everyone, if the name of the package you want to download starts with 'cnet_' run away screaming - it WILL include the malware.

Fyodor continues, "Of course the next step is to go after C|Net until they stop doing this for ALL of the software they distribute.  So far, the most they have offered is:

"If you would like to opt out of the Download.com Installer you can submit a request to cnet-installer () cbsinteractive com  All opt-out requests are carefully reviewed on a case-by-case basis."

In other words, 'we'll violate your trademarks and copyright and squandering your goodwill until you tell us to stop, and then we'll consider your request 'on a case-by-case basis'; depending on how much money we make from infecting your users and how scary your legal threat is."


If this is how C|net is now operating, iTWire would recommend our readers use a different download service.  There are plenty around.

 

 

Read 10904 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




GET READY FOR XCONF AUSTRALIA 2022

Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.


Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event

GET YOUR TICKET!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments