TECHNOLOGY PUBLISHER Cnet has been accused of bundling malware with the security scanning software Nmap through its Downloads web site.
The accusation comes from the creator of Nmap, who in a forum post on the Seclists.org web site chose not to mince his words.
“I’ve just discovered that C|Net’s Download.Com site has started wrapping their Nmap downloads (as well as other free software like VLC) in a trojan installer which does things like installing a sketchy ‘StartNow’ toolbar, changing the user’s default search engine to Microsoft Bing, and changing their home page to Microsoft’s MSN,” wrote Gordon ‘Fyodor’ Lyon in his post.
“The way it works is that C|Net’s download page offers what they claim to be Nmap’s Windows installer. They even provide the correct file size for our official installer. But users actually get a Cnet-created trojan installer. That program does the dirty work before downloading and executing Nmap’s real installer.”
People trust the web site, he added, and so are happy to click through its installer screens, which they do at their own cost.
“Then the next time the user opens their browser, they find that their computer is hosed with crappy toolbars, Bing searches, Microsoft as their home page, and whatever other shenanigans the software performs!,” he added. “The worst thing is that users will think we (Nmap Project) did this to them!”
This is bad for users, he explained, but it’s also bad for his Nmap Project since allegedly Cnet is misusing its trademark to shill the malware, and could be violating copyright laws.
“Note how they use our registered ‘Nmap’ trademark in big letters right above the malware ‘special offer’ as if we somehow endorsed or allowed this. Of course they also violated our trademark by claiming this download is an Nmap installer when we have nothing to do with the proprietary trojan installer,” he added.
“We’ve long known that malicious parties might try to distribute a trojan Nmap installer, but we never thought it would be C|Net’s Download.com, which is owned by CBS! And we never thought Microsoft would be sponsoring this activity!”
Lyon added that once the Trojan Cnet executable is unpacked it is detected as malware by Panda, McAfee and F-Secure.
Meanwhile Graham Cluley, security expert and blogger for Sophos in the UK, expressed his surprise on Twitter, saying, “What on earth is CNET playing at wrapping downloads (VLC, Nmap, etc) with a cruddy toolbar?”
Lyon is perhaps understandably annoyed by his failed attempts to resolve the situation amicably with Cnet. “F*ck them!” he added. “If anyone knows a great copyright attorney in the U.S., please send me the details or ask them to get in touch with me.”
We’ve asked Cnet to comment on the allegations. µ
View full post on National Cyber Security » Virus/Malware/Worms