exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Download.com Adding Malware To Nmap

Download.com Adding Malware To Nmap
Posted Dec 8, 2011
Authored by Fyodor | Site insecure.org

This is Fyodor's latest update on the CNET Download.com fiasco where they are packaging third party software with their own additions.

tags | advisory
SHA-256 | d94fdfbf33d2407700b9b12567eb0441217bb70e233ba79e1554d89b8efda071

Download.com Adding Malware To Nmap

Change Mirror Download
---------------------------- Original Message ----------------------------
Subject: Updates on Download.Com caught adding malware to Nmap installer
From: "Fyodor" <fyodor@insecure.org>
Date: Tue, December 6, 2011 11:11 pm
To: nmap-hackers@insecure.org
--------------------------------------------------------------------------

Hi Folks. A lot has happened since yesterday's email about
Download.com's antics (http://seclists.org/nmap-hackers/2011/5) and I
wanted to send a quick update.

First of all, several people complained about my angry tone and my
telling Download.com to "F*ck" themselves. I appologize to anyone
offended. But if you ever spend more than 14 years creating free
software as a gift to the community, only to have it used as bait by a
giant corporation to infect your users with malware, then you may
understand my rage.

The good news is that many users are sick and tired of having their
machines hijacked by malware. Especially by CNET Download.Com, which
still says on their own adware policy page:

"In your letters, user reviews, and polls, you told us bundled
adware was unacceptable--no matter how harmless it might be. We want
you to know what you're getting when you download from CNET
Download.com, and no other download site can promise that."
--http://www.cnet.com/2723-13403_1-461-16.html

Um, what people WANT when they download Nmap is Nmap itself. Not to
have their searches redirected to Bing and their home page changed to
Microsoft's MSN.

Speaking of which, Microsoft emailed me today. They said that they
didn't know they were sponsoring CNET to trojan open source software,
and that they have stopped doing it. But the trojan installer uses
your Internet connection to obtain more "special offers" from CNET,
and they immediately switched to installing a "Babylon toolbar" and
search engine redirect instead. Then CNET removed that and are now
promoting their own "techtracker" tool. Apparently the heat is so
high that even malware vendors are refusing to have any more part in
CNET's antics! But if CNET isn't stopped, the malware vendors will
come crawling back eventually and CNET will be there to receive them.

There have been dozens of news articles in the last day and hundreds
of outraged comments on blogs, Twitter, Facebook, etc. In the midst
of all this terrible PR, Download.com went in last night and quietly
switched their Nmap downloads back to our real installer. At least
for now. But that isn't enough--they are still infecting the
installers for thousands of other packages! For example, they have
currently infected the installer for a children's coloring book app:

http://download.cnet.com/Kea-Coloring-Book/3000-2102_4-10360620.html

Have they no shame at all??!

I've created a page with the situation background, links to the news
articles, and the latest updates:

http://insecure.org/news/download-com-fiasco.html

Feel free to share it. Together, I hope we can get Download.Com to
apologize and cease this reprehensible behavior!

Cheers,
Fyodor
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close