Download.com bundles Nmap with malware
Posted on 06.12.2011
"Hi Folks. I've just discovered that C|Net's Download.Com site has started wrapping their Nmap downloads (as well as other free software like VLC) in a trojan installer which does things like installing a sketchy "StartNow" toolbar, changing the user's default search engine to Microsoft Bing, and changing their home page to Microsoft's MSN," wrote Nmap developer "Fyodor" in a email sent on the project's mailing list, warning the subscribers to be careful when downloading software from the site.


He says that C|Net offers its own trojan installer - which is, by the way, detected as malware by 10 of the 39 AV solutions used by VirusTotal - to pull the Nmap downloads but it doesn't say so explicitly, so users end up thinking that the Nmap Project is to blame for the unwelcome onslaught.

He claims that by using their proprietary installer, C|Net violates the software's copyright. "Our license specifically adds a clause forbidding software which "integrates/includes/aggregates Nmap into a proprietary executable installer" unless that software itself conforms to various GPL requirements (this proprietary C|Net download.com software and the toolbar don't)," he ads, and points out that it also use their registered "Nmap" trademark to legitimize the malware-bundled download.

It seems that this is not the first time that something like this happened, but he says he is nevertheless very surprised that CBS - the company that owns C|Net's Download.Com - would allow such practices, and that Microsoft would be sponsoring the "trojanizing" of open source software.

In conclusion, he expressed his intention of "going after" C|Net to get them to stop doing such things.






Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //