It's pretty hard to be efficient without being obnoxious - Kin Hubbard
|
|
|
Cnet is accused of bundling malware with downloads
TECHNOLOGY PUBLISHER Cnet has been accused of bundling malware with the security scanning software Nmap through its Downloads web site.
The accusation comes from the creator of Nmap, who in a forum post on the Seclists.org web site chose not to mince his words.
"I've just discovered that C|Net's Download.Com site has started wrapping their Nmap downloads (as well as other free software like VLC) in a trojan installer which does things like installing a sketchy 'StartNow' toolbar, changing the user's default search engine to Microsoft Bing, and changing their home page to Microsoft's MSN," wrote Gordon 'Fyodor' Lyon in his post.
"The way it works is that C|Net's download page offers what they claim to be Nmap's Windows installer. They even provide the correct file size for our official installer. But users actually get a Cnet-created trojan installer. That program does the dirty work before downloading and executing Nmap's real installer."
People trust the web site, he added, and so are happy to click through its installer screens, which they do at their own cost.
"Then the next time the user opens their browser, they find that their computer is hosed with crappy toolbars, Bing searches, Microsoft as their home page, and whatever other shenanigans the software performs!," he added. "The worst thing is that users will think we (Nmap Project) did this to them!"
This is bad for users, he explained, but it's also bad for his Nmap Project since allegedly Cnet is misusing its trademark to shill the malware, and could be violating copyright laws.
"Note how they use our registered 'Nmap' trademark in big letters right above the malware 'special offer' as if we somehow endorsed or allowed this. Of course they also violated our trademark by claiming this download is an Nmap installer when we have nothing to do with the proprietary trojan installer," he added.
"We've long known that malicious parties might try to distribute a trojan Nmap installer, but we never thought it would be C|Net's Download.com, which is owned by CBS! And we never thought Microsoft would be sponsoring this activity!"
Lyon added that once the Trojan Cnet executable is unpacked it is detected as malware by Panda, McAfee and F-Secure.
Meanwhile Graham Cluley, security expert and blogger for Sophos in the UK, expressed his surprise on Twitter, saying, "What on earth is CNET playing at wrapping downloads (VLC, Nmap, etc) with a cruddy toolbar?"
Lyon is perhaps understandably annoyed by his failed attempts to resolve the situation amicably with Cnet. "F*ck them!" he added. "If anyone knows a great copyright attorney in the U.S., please send me the details or ask them to get in touch with me."
We've asked Cnet to comment on the allegations.
Update
We put a couple of questions to Fyodor about the situation, and over email he expressed his frustration with Cnet.
"I haven't heard from anyone at Download.Com about this, but they do have a page where they try to justify their actions," he said while pointing us to a user help page that explains some facts about its downloader software.
"I totally expect this sort of thing from the black hat criminals who infect software with toolbars and the like. But Download.com is rated by Alexa as the 173rd most popular site on the Internet and supposedly prides itself on validating that software is free of adware/spyware/malware before listing it," he added.
"So it is reprehensible that they are now adding malware while claiming that their main purpose is to protect people from the same!"
We are still waiting for a response from Cnet. µ
Tags: Internet
Share this:
Share
We're sorry to see this happening to one of the most trustworthy internet venues. When we start developing BrowserProtect we didn't imagine browser hijack will go into mainstream like this.
Thanks for all the loyal BrowserProtect users out there. Others might want to take a look at us since we believe this is not going to stop anytime soon.
Regards and safe internet browsing,
sheldon on behalf of the BrowserProtect team.
http://www.browserprotect.org
I just blocked Cnet from all my pc's.
These days when I come across freeware which lists many sites to download from I notice it's 50% at least that are shifty, half of them come with 'install this downloader' crap and such shenanigans.
In fact not only sites, many companies and drivers and such also try to get you to install 'downloadmanagers' and creepy services, companies like graphicchips makers and google for instance, go check your software add/remove list and see if google did not install a few things like that, and check your services and see if crap isn't running.
They are all the same, you can't go by name, you have to be wary of every company and read every damn EULA.
They've only just noticed? CNET's been merely wrapping downloads for months.
I downloaded something just yesterday from CNET and it had a wrapper around the actual download.
Basically, I had to install something to be able to download the download so I could install it.
I clicked through so quickly I missed where it said it was going to change my default search engine and install some tool bar.
This was not part of the actual software I wanted.
Asshats
I quit visiting their website last year when they started putting advertisement pop ups that my blocker couldn't stop. Now I'm glad I stopped, for sure.
In my humble opinion, if c/net is doing something wrong and it's proven by several reputable organizations or experts, then fine! We all should boycott c/net and quit using it! But, if these accusations are unfounded, then someone needs to apologize! Like the law states, innocent until proven guilty!
Windows API and its gigabytes of utterly arcane library code is designed to prevent even the possibility of coding honest programs, by hooking them all into god knows what flaws and deliberate backdoors.
So in practice, "malware" in M$ terms means "exposed" as definitely nefarious.
Isn't it possible and perhaps even likely that CNET themselves aren't responsible for this and that it is in fact the result of a hack from a perpetrator outside of CNET?
Once I discovered CNET was using this wrapper, I stopped using it as a download source, and removed my shortcut to CNET from my browsers. I advise all my friends to avoid them.
This because they use a wrapper, which is not necessary for the person downloading, and can only do something to benefit CNET, and not the users of the software. There are many alternative sites for most software.
It doesn't surprise me that it is malware, it is entirely unnecessary and by definition that alone is malware.