CNET’s Site Accused of Bundling Malware with NMAP
In a charge held by NMAP, one of the developers of a network exploration and security auditing tool CNET was indicted of sending malware in the form of free software along with Trojan horse and shady toolbars on the downloading site of the client, as per the reports by Softpedia on December 8, 2011.
Gordon Lyon (Fyodor), Security Expert and Software Developer of NMAP is assertive that the downloading site of Cnet's site must have started rotating the Nmap downloads (as well as other free software like VLC) in a Trojan installer. This installer is enabled with capability to download a sketchy 'StartNow' toolbar by changing the user's default search engine to Microsoft Bing, and change their home page to Microsoft's MSN, as per the reports by INQUIRER on December 6, 2011.
Moreover, Fyodor also stated that although CNET provides the accurate file size required for the official installer, users actually receive a CNET-created Trojan installer. The duped program functions well before the process of installation and execution of the NMAP's real installer begins, as per the reports by Softpedia on December 6, 2011.
He added that people trust the website and so is happy through its installer screens, which they do at their own cost.
Fyodar further claimed that while using the site, ignorant users with a strong belief often takes it for granted that the installer is safe for use, devoid of any malware as they held faith on NMAP project believing that the client cannot circulate harmful code through installer.
The dangerous explicit of the software bundled with the installer is such that a second visit of the user on the browser makes them confront with unlimited crappy activities, leaving them exasperated at the might of NMAP, which is their host.
The NMAP threat relates to the destruction of the long-lived reputation of the company, as the users generally believe that the malware is arriving from the developers-end.
Fyodor added that once the Trojan Cnet executable is unleashed it is detected as malware by the reputed security firms such as Panda, McAfee, and F-Secure.
CNET offered users the chance to quit the Download.com Installer, but Fyodor claims that he is not going to stop here. He is looking for a copyright attorney as he is sure his rights have been defied. Finally, Nmap.installer on download.com seems to be repaired so maybe the company already followed on the warnings received from the developers.
Related article: Canada - A Major Stimulator of Spam, Says Cisco
» SPAMfighter News - 13-12-2011