CNet Is Bundling Open Source Software With Malware

“Fyodor”, on a mailing list for developers of the open source Nmap app:

I’ve just discovered that C|Net’s Download.Com site has started wrapping their Nmap downloads (as well as other free software like VLC) in a trojan installer which does things like installing a sketchy “StartNow” toolbar, changing the user’s default search engine to Microsoft Bing, and changing their home page to Microsoft’s MSN.

The way it works is that C|Net’s download page (screenshot attached) offers what they claim to be Nmap’s Windows installer. They even provide the correct file size for our official installer. But users actually get a Cnet-created trojan installer. That program does the dirty work before downloading and executing Nmap’s real installer.

Some of the programs the installer puts on your system are identified as malware by McAfee and F-Secure. Isn’t this sort of crap exactly what Download.com was started for? To serve as a place from which Windows users could trust what they download? Shameful.

Tuesday, 6 December 2011