Home Business IT Security Cnet's Download.com is bundling malware with Nmap

Fyodor (Nmap's original author) is an angry man right now.  The download.com website has added a wrapper to Nmap and other downloads to install various additional components; the wrapper is also recognized as malware by many AV packages.

According to the summary Fyodor has written, "C|Net's Download.Com site has started wrapping their Nmap downloads (as well as other free software like VLC) in a trojan installer which does things like installing a sketchy "StartNow" toolbar, changing the user's default search engine to Microsoft Bing, and changing their home page to Microsoft's MSN."

Hardly the actions of a trusted source of free and shareware software.

Fyodor continues, referring to a screen image of the Nmap download page on download.com, "Note how they use our registered 'Nmap' trademark in big letters right above the malware 'special offer' as if we somehow endorsed or allowed this.  Of course they also violated our trademark by claiming this download is an Nmap installer when we have nothing to do with the proprietary trojan installer.

"In addition to the deception and trademark violation, and potential violation of the Computer Fraud and Abuse Act, this clearly violates Nmap's copyright.  This is exactly why Nmap isn't under the plain GPL. Our license specifically adds a clause forbidding software which 'integrates/includes/aggregates Nmap into a proprietary executable installer' unless that software itself conforms to various GPL requirements (this proprietary C|Net download.com software and the toolbar don't).  We've long known that malicious parties might try to distribute a trojan Nmap installer, but we never thought it would be C|Net's Download.com, which is owned by CBS!  And we never thought Microsoft would be sponsoring this activity!
"

Read on to see what the AV vendors think of this.


Virus Total shows that (currently) 10 AV vendors out of 39 identifies the package as containing malware; this number is sure to grow as more detect it.

Currently it appears that every new upload to C|net is receiving the wrapper treatment.  So, everyone, if the name of the package you want to download starts with 'cnet_' run away screaming - it WILL include the malware.

Fyodor continues, "Of course the next step is to go after C|Net until they stop doing this for ALL of the software they distribute.  So far, the most they have offered is:

"If you would like to opt out of the Download.com Installer you can submit a request to cnet-installer () cbsinteractive com  All opt-out requests are carefully reviewed on a case-by-case basis."

In other words, 'we'll violate your trademarks and copyright and squandering your goodwill until you tell us to stop, and then we'll consider your request 'on a case-by-case basis'; depending on how much money we make from infecting your users and how scary your legal threat is."


If this is how C|net is now operating, iTWire would recommend our readers use a different download service.  There are plenty around.

 

 

FREE SEMINAR

Site24x7 Seminars

Deliver Better User Experience in Today's Era of Digital Transformation

Some IT problems are better solved from the cloud

Join us as we discuss how DevOps in combination with AIOps can assure a seamless user experience, and assist you in monitoring all your individual IT components—including your websites, services, network infrastructure, and private or public clouds—from a single, cloud-based dashboard.

Sydney 7th May 2019

Melbourne 09 May 2019

Don’t miss out! Register Today!

REGISTER HERE!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

 

Popular News

 

Telecommunications

 

Guest Opinion

 

Sponsored News

 

 

 

 

Connect