Monday, December 5, 2011

Don't Use Download.com

Seriously.  They have taken to bundling malware with their download installers:
From: Fyodor
Date: Mon, 5 Dec 2011 14:35:30 -0800


Hi Folks. I've just discovered that C|Net's Download.Com site has
started wrapping their Nmap downloads (as well as other free software
like VLC) in a trojan installer which does things like installing a
sketchy "StartNow" toolbar, changing the user's default search engine
to Microsoft Bing, and changing their home page to Microsoft's MSN.

The way it works is that C|Net's download page (screenshot attached)
offers what they claim to be Nmap's Windows installer. They even
provide the correct file size for our official installer. But users
actually get a Cnet-created trojan installer. That program does the
dirty work before downloading and executing Nmap's real installer.

At least, there is symmetry
Note that the author of this post is also the author of Nmap, and this violates his license.

Here's some more background.

The fact that they (CNET/Download.com) also employ "Draw by Crayon Libertarian" Declan McCullagh, who is still proud of creating the "Al Gore created the Internet" lie provides a book end for this crap.

I'm not suggesting a boycott here.  I'm suggesting that CNET, and more specifically Download.com, has crossed a line and is now a purveyor of malware.

It's just not me saying this, it's, "Panda, McAfee, F-Secure," (top link) who are classifying their wrappers as spyware.

No comments:

Post a Comment