[fyodor at insecure.org: C|Net Download.Com is now bundling Nmap with malware!]

Michael Painter tvhawaii at shaka.com
Wed Dec 7 04:53:08 UTC 2011

Fyodor wrote:
> On Mon, Dec 05, 2011 at 10:14:48PM -0800, andrew.wallace wrote:
>> Using fruitful language and acting like a child isn't going to see
>> you taken seriously.
> I'm sorry that my language offended you. But if you ever spend more
> than 14 years creating free software as a gift to the community, only
> to have it used as bait by a giant corporation to infect your users
> with malware, then you may understand my rage.
> The good news is that many users are sick and tired of having their
> machines hijacked by malware.  Especially by CNET Download.Com, which
> still says on their own adware policy page:
>  "In your letters, user reviews, and polls, you told us bundled
>   adware was unacceptable--no matter how harmless it might be. We want
>   you to know what you're getting when you download from CNET
>   Download.com, and no other download site can promise that."
>   --http://www.cnet.com/2723-13403_1-461-16.html
> Um, what people WANT when they download Nmap is Nmap itself.  Not to
> have their searches redirected to Bing and their home page changed to
> Microsoft's MSN.
> Speaking of which, Microsoft emailed me today.  They said that they
> didn't know they were sponsoring CNET to trojan open source software,
> and that they have stopped doing it.  But the trojan installer uses
> your Internet connection to obtain more "special offers" from CNET,
> and they immediately switched to installing a "Babylon toolbar" and
> search engine redirect instead.  Then CNET removed that and are now
> promoting their own "techtracker" tool.  Apparently the heat is so
> high that even malware vendors are refusing to have any more part in
> CNET's antics!  But if CNET isn't stopped, the malware vendors will
> come crawling back eventually and CNET will be there to receive them.
> There have been dozens of news articles in the last day and hundreds
> of outraged comments on blogs, Twitter, Facebook, etc.  In the midst
> of all this terrible PR, Download.com went in last night and quietly
> switched their Nmap downloads back to our real installer.  At least
> for now.  But that isn't enough--they are still infecting the
> installers for thousands of other packages!  For example, they have
> currently infected the installer for a children's coloring book app:
> http://download.cnet.com/Kea-Coloring-Book/3000-2102_4-10360620.html
> Have they no shame at all??!
> I've created a page with the situation background, links to the news
> articles, and the latest updates:
> http://insecure.org/news/download-com-fiasco.html
> Feel free to share it.  Together, I hope we can get Download.Com to
> apologize and cease this reprehensible behavior!
> Cheers,
> Fyodor

No, there's no shame when money's involved.
Do Unto Others as they would do unto you...sue the fsck out of them.

More information about the NANOG mailing list