He says that C|Net offers its own trojan installer - which is, by the way, detected as malware by 10 of the 39 AV solutions used by VirusTotal - to pull the Nmap downloads but it doesn't say so explicitly, so users end up thinking that the Nmap Project is to blame for the unwelcome onslaught.
He claims that by using their proprietary installer, C|Net violates the software's copyright. "Our license specifically adds a clause forbidding software which "integrates/includes/aggregates Nmap into a proprietary executable installer" unless that software itself conforms to various GPL requirements (this proprietary C|Net download.com software and the toolbar don't)," he ads, and points out that it also use their registered "Nmap" trademark to legitimize the malware-bundled download.
It seems that this is not the first time that something like this happened, but he says he is nevertheless very surprised that CBS - the company that owns C|Net's Download.Com - would allow such practices, and that Microsoft would be sponsoring the "trojanizing" of open source software.
In conclusion, he expressed his intention of "going after" C|Net to get them to stop doing such things.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.