Download.com bundles Nmap with malware
Posted on 06.12.2011
"Hi Folks. I've just discovered that C|Net's Download.Com site has started wrapping their Nmap downloads (as well as other free software like VLC) in a trojan installer which does things like installing a sketchy "StartNow" toolbar, changing the user's default search engine to Microsoft Bing, and changing their home page to Microsoft's MSN," wrote Nmap developer "Fyodor" in a email sent on the project's mailing list, warning the subscribers to be careful when downloading software from the site.


He says that C|Net offers its own trojan installer - which is, by the way, detected as malware by 10 of the 39 AV solutions used by VirusTotal - to pull the Nmap downloads but it doesn't say so explicitly, so users end up thinking that the Nmap Project is to blame for the unwelcome onslaught.

He claims that by using their proprietary installer, C|Net violates the software's copyright. "Our license specifically adds a clause forbidding software which "integrates/includes/aggregates Nmap into a proprietary executable installer" unless that software itself conforms to various GPL requirements (this proprietary C|Net download.com software and the toolbar don't)," he ads, and points out that it also use their registered "Nmap" trademark to legitimize the malware-bundled download.

It seems that this is not the first time that something like this happened, but he says he is nevertheless very surprised that CBS - the company that owns C|Net's Download.Com - would allow such practices, and that Microsoft would be sponsoring the "trojanizing" of open source software.

In conclusion, he expressed his intention of "going after" C|Net to get them to stop doing such things.






Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //