Download.com "cleans up" Nmap but not other downloads
Posted on 08.12.2011
When he discovered that Nmap was being distributed by C|Net's Download.com site bundled up with a proprietary trojan installer that installed a sketchy toolbar, changed the users' default search engine to Microsoft Bing, and changed their home page to Microsoft's MSN, Nmap developer "Fyodor" raised the alarm and began warning users left and right.

It took less than a day for Download.com to react and quietly switch their Nmap downloads back to the software's real installer, and for Microsoft to contact him and explain that they weren't aware of the fact that they were sponsoring CNET to trojan open source software. They put the blame on one of their distribution partners, and said that it has suspended operations with C|Net until this issue has been solved.

"But the trojan installer uses your Internet connection to obtain more 'special offers' from C|Net, and they immediately switched to installing a 'Babylon toolbar' and search engine redirect instead. Then C|Net removed that and are now promoting their own 'techtracker' tool," says Fyodor in a new message to the nmap-hackers mailing list, and warns that other packages available for download on the site are still bundled with the installer.

Download.com's Adware & Spyware Notice offers contrasting claims and statements regarding the safety of downloading from the site.

On one hand it says that "every time you download software from Download.com, you can trust that we've tested it and found it to be adware-free," then they follow up with "despite our vigilance, we can't guarantee that our library is 100% adware-free." So, which is it?

Given that Download.com is one of the most popular sites for downloading software, this kind of behavior is alarming.






Spotlight

Android Fake ID bug allows malware to impersonate trusted apps

Posted on 29 July 2014.  |  Bluebox Security researchers unearthed a critical Android vulnerability which can be used by malicious applications to impersonate specially recognized trusted apps - and get all the privileges they have - without the user being none the wiser.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //