I’ve just discovered that C|Net’s Download.Com site has started
wrapping their Nmap downloads (as well as other free software like
VLC) in a trojan installer which does things like installing a
sketchy “StartNow” toolbar, changing the user’s default search
engine to Microsoft Bing, and changing their home page to
The way it works is that C|Net’s download page (screenshot
attached) offers what they claim to be Nmap’s Windows installer.
They even provide the correct file size for our official
installer. But users actually get a Cnet-created trojan installer.
That program does the dirty work before downloading and executing
Nmap’s real installer.
Some of the programs the installer puts on your system are identified as malware by McAfee and F-Secure. Isn’t this sort of crap exactly what Download.com was started for? To serve as a place from which Windows users could trust what they download? Shameful.