It took less than a day for Download.com to react and quietly switch their Nmap downloads back to the software's real installer, and for Microsoft to contact him and explain that they weren't aware of the fact that they were sponsoring CNET to trojan open source software. They put the blame on one of their distribution partners, and said that it has suspended operations with C|Net until this issue has been solved.
"But the trojan installer uses your Internet connection to obtain more 'special offers' from C|Net, and they immediately switched to installing a 'Babylon toolbar' and search engine redirect instead. Then C|Net removed that and are now promoting their own 'techtracker' tool," says Fyodor in a new message to the nmap-hackers mailing list, and warns that other packages available for download on the site are still bundled with the installer.
Download.com's Adware & Spyware Notice offers contrasting claims and statements regarding the safety of downloading from the site.
On one hand it says that "every time you download software from Download.com, you can trust that we've tested it and found it to be adware-free," then they follow up with "despite our vigilance, we can't guarantee that our library is 100% adware-free." So, which is it?
Given that Download.com is one of the most popular sites for downloading software, this kind of behavior is alarming.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.