Download.com "cleans up" Nmap but not other downloads
Posted on 08.12.2011
When he discovered that Nmap was being distributed by C|Net's Download.com site bundled up with a proprietary trojan installer that installed a sketchy toolbar, changed the users' default search engine to Microsoft Bing, and changed their home page to Microsoft's MSN, Nmap developer "Fyodor" raised the alarm and began warning users left and right.

It took less than a day for Download.com to react and quietly switch their Nmap downloads back to the software's real installer, and for Microsoft to contact him and explain that they weren't aware of the fact that they were sponsoring CNET to trojan open source software. They put the blame on one of their distribution partners, and said that it has suspended operations with C|Net until this issue has been solved.

"But the trojan installer uses your Internet connection to obtain more 'special offers' from C|Net, and they immediately switched to installing a 'Babylon toolbar' and search engine redirect instead. Then C|Net removed that and are now promoting their own 'techtracker' tool," says Fyodor in a new message to the nmap-hackers mailing list, and warns that other packages available for download on the site are still bundled with the installer.

Download.com's Adware & Spyware Notice offers contrasting claims and statements regarding the safety of downloading from the site.

On one hand it says that "every time you download software from Download.com, you can trust that we've tested it and found it to be adware-free," then they follow up with "despite our vigilance, we can't guarantee that our library is 100% adware-free." So, which is it?

Given that Download.com is one of the most popular sites for downloading software, this kind of behavior is alarming.






Spotlight

The psychology of phishing

Posted on 23 July 2014.  |  Cybercriminals no longer send out thousands of emails at random hoping to get a handful of hits, today they create highly targeted phishing emails which are tailored to suit their recipients.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //