V
Virus Guy
Cnet is accused of bundling malware with downloads
http://www.theinquirer.net/inquirer/news/2130382/cnet-accused-bundling-malware-downloads
The down low on low down Cnet downloads
By Dave Neal
Tue Dec 06 2011, 12:12
TECHNOLOGY PUBLISHER Cnet has been accused of bundling malware with the
security scanning software Nmap through its Downloads web site.
The accusation comes from the creator of Nmap, who in a forum post on
the Seclists.org web site chose not to mince his words.
"I've just discovered that C|Net's Download.Com site has started
wrapping their Nmap downloads (as well as other free software like VLC)
in a trojan installer which does things like installing a sketchy
'StartNow' toolbar, changing the user's default search engine to
Microsoft Bing, and changing their home page to Microsoft's MSN," wrote
Gordon 'Fyodor' Lyon in his post.
"The way it works is that C|Net's download page offers what they claim
to be Nmap's Windows installer. They even provide the correct file size
for our official installer. But users actually get a Cnet-created trojan
installer. That program does the dirty work before downloading and
executing Nmap's real installer."
People trust the web site, he added, and so are happy to click through
its installer screens, which they do at their own cost.
"Then the next time the user opens their browser, they find that their
computer is hosed with crappy toolbars, Bing searches, Microsoft as
their home page, and whatever other shenanigans the software performs!,"
he added. "The worst thing is that users will think we (Nmap Project)
did this to them!"
This is bad for users, he explained, but it's also bad for his Nmap
Project since allegedly Cnet is misusing its trademark to shill the
malware, and could be violating copyright laws.
"Note how they use our registered 'Nmap' trademark in big letters right
above the malware 'special offer' as if we somehow endorsed or allowed
this. Of course they also violated our trademark by claiming this
download is an Nmap installer when we have nothing to do with the
proprietary trojan installer," he added.
"We've long known that malicious parties might try to distribute a
trojan Nmap installer, but we never thought it would be C|Net's
Download.com, which is owned by CBS! And we never thought Microsoft
would be sponsoring this activity!"
Lyon added that once the Trojan Cnet executable is unpacked it is
detected as malware by Panda, McAfee and F-Secure.
Meanwhile Graham Cluley, security expert and blogger for Sophos in the
UK, expressed his surprise on Twitter, saying, "What on earth is CNET
playing at wrapping downloads (VLC, Nmap, etc) with a cruddy toolbar?"
Lyon is perhaps understandably annoyed by his failed attempts to resolve
the situation amicably with Cnet. "F*ck them!" he added. "If anyone
knows a great copyright attorney in the U.S., please send me the details
or ask them to get in touch with me."
We've asked Cnet to comment on the allegations. µ
http://www.theinquirer.net/inquirer/news/2130382/cnet-accused-bundling-malware-downloads
The down low on low down Cnet downloads
By Dave Neal
Tue Dec 06 2011, 12:12
TECHNOLOGY PUBLISHER Cnet has been accused of bundling malware with the
security scanning software Nmap through its Downloads web site.
The accusation comes from the creator of Nmap, who in a forum post on
the Seclists.org web site chose not to mince his words.
"I've just discovered that C|Net's Download.Com site has started
wrapping their Nmap downloads (as well as other free software like VLC)
in a trojan installer which does things like installing a sketchy
'StartNow' toolbar, changing the user's default search engine to
Microsoft Bing, and changing their home page to Microsoft's MSN," wrote
Gordon 'Fyodor' Lyon in his post.
"The way it works is that C|Net's download page offers what they claim
to be Nmap's Windows installer. They even provide the correct file size
for our official installer. But users actually get a Cnet-created trojan
installer. That program does the dirty work before downloading and
executing Nmap's real installer."
People trust the web site, he added, and so are happy to click through
its installer screens, which they do at their own cost.
"Then the next time the user opens their browser, they find that their
computer is hosed with crappy toolbars, Bing searches, Microsoft as
their home page, and whatever other shenanigans the software performs!,"
he added. "The worst thing is that users will think we (Nmap Project)
did this to them!"
This is bad for users, he explained, but it's also bad for his Nmap
Project since allegedly Cnet is misusing its trademark to shill the
malware, and could be violating copyright laws.
"Note how they use our registered 'Nmap' trademark in big letters right
above the malware 'special offer' as if we somehow endorsed or allowed
this. Of course they also violated our trademark by claiming this
download is an Nmap installer when we have nothing to do with the
proprietary trojan installer," he added.
"We've long known that malicious parties might try to distribute a
trojan Nmap installer, but we never thought it would be C|Net's
Download.com, which is owned by CBS! And we never thought Microsoft
would be sponsoring this activity!"
Lyon added that once the Trojan Cnet executable is unpacked it is
detected as malware by Panda, McAfee and F-Secure.
Meanwhile Graham Cluley, security expert and blogger for Sophos in the
UK, expressed his surprise on Twitter, saying, "What on earth is CNET
playing at wrapping downloads (VLC, Nmap, etc) with a cruddy toolbar?"
Lyon is perhaps understandably annoyed by his failed attempts to resolve
the situation amicably with Cnet. "F*ck them!" he added. "If anyone
knows a great copyright attorney in the U.S., please send me the details
or ask them to get in touch with me."
We've asked Cnet to comment on the allegations. µ
