Download.com bundles Nmap with malware
Posted on 06.12.2011
"Hi Folks. I've just discovered that C|Net's Download.Com site has started wrapping their Nmap downloads (as well as other free software like VLC) in a trojan installer which does things like installing a sketchy "StartNow" toolbar, changing the user's default search engine to Microsoft Bing, and changing their home page to Microsoft's MSN," wrote Nmap developer "Fyodor" in a email sent on the project's mailing list, warning the subscribers to be careful when downloading software from the site.


He says that C|Net offers its own trojan installer - which is, by the way, detected as malware by 10 of the 39 AV solutions used by VirusTotal - to pull the Nmap downloads but it doesn't say so explicitly, so users end up thinking that the Nmap Project is to blame for the unwelcome onslaught.

He claims that by using their proprietary installer, C|Net violates the software's copyright. "Our license specifically adds a clause forbidding software which "integrates/includes/aggregates Nmap into a proprietary executable installer" unless that software itself conforms to various GPL requirements (this proprietary C|Net download.com software and the toolbar don't)," he ads, and points out that it also use their registered "Nmap" trademark to legitimize the malware-bundled download.

It seems that this is not the first time that something like this happened, but he says he is nevertheless very surprised that CBS - the company that owns C|Net's Download.Com - would allow such practices, and that Microsoft would be sponsoring the "trojanizing" of open source software.

In conclusion, he expressed his intention of "going after" C|Net to get them to stop doing such things.






Spotlight

Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Tue, Feb 9th
    COPYRIGHT 1998-2016 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //