Cnet de-trojans Nmap, but outrage continues

Ad program under fire.

Tech publisher CNet has removed the controversial proprietary installer it overlaid the penetration testing tool Nmap with, but critics are angry it is still used for "thousands" of other downloads.

Gordon Lyon, aka Fyodor, the creator of open source penetration testing tool, Nmap, slammed Cnet for using his software, distributed on title’s Download.com file site, as bait to lure people in to downloading various sponsored software, such as browser toolbars.

The StartNow toolbar that was offered in the CNet-altered Nmap download process, for example, would make Bing the default search engine and MSN the home page.

CNet's proprietary "installer" has been identified by several antivirus vendors — at least by its behavior — as a trojan, and was first noticed in August when ExtremeTech reported an altered install process for the popular VLC media player.

CNet describes its Download.com Installer as “a tiny ad-supported stub installer or “download manager” that helps securely deliver downloads from Download.com’s servers to the user's device.”

The publisher began adding its own installer on Windows-compatible non-premium software in July but claims it is not actually installed on the user’s machine and that the process offers a clearly labelled option to accept or decline additional software.

In the Nmap case, Microsoft was initially suspected of doing a deal to promote Bing through Download.com for the StartNow toolbar, however, it claims it was unaware of the practice until Lyon complained about it.

Lyon speculates that due to the attention the story was getting CNet on Monday replaced the Microsoft-affiliated StartNow with another toolbar, Babylon, which on Tuesday changed again to CNet's own TechTracker software.

Besides perceiving that his software was adulterated, Lyon criticised CNet for exploiting the trust Download.com users had in getting software from the site.

The publisher has since replaced its installer for Nmap on Download.com with Nmap's original installer, however Lyon remains unhappy that the process remains for "thousands" of other software downloads.

"CNET has (at least for now) removed the trojan installer for Nmap. But they could bring it back at any time, and they still infect thousands of other packages," he said.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags NmapCNETopen sourceFyodorsoftware

3 Comments

Sheldon

1

We're sorry to see this happening to one of the most trustworthy internet venues. When we start developing BrowserProtect we didn't imagine browser hijack will go into mainstream like this.

Thanks for all the loyal BrowserProtect users out there. Others might want to take a look at us at www.browserprotect.org.

Regards and safe internet browsing,
sheldon on behalf of the BrowserProtect team.
http://www.browserprotect.org

fake diplomas

2

Hi there friends, good post and pleasant arguments commented at this place, I am actually enjoying
by these.

fake diplomas

3

Hi there friends, good post and pleasant arguments commented at this place, I am actually enjoying by
these.

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Mobile Security for Enterprise

Embrace BYOD and gain full control, visibility and security of your mobile devices in a single endpoint solution

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.