CNET Downloading Malware
by askbill49 - 12/24/12 3:10 PM
I downloaded a program off of CNET and was infected with babylon.
Copied this from a web site.
CNet's Evil Crapware Babylon toolbar Bundling
In the continuing long decline of the download.com web site, it seems they have decided to start bundling malware with their downloads.
As described by Fyodor over at seclists.org.
"I've just discovered that C|Net's Download.Com site has
started wrapping their Nmap downloads (as well as other free software
like VLC) in a trojan installer which does things like installing a
sketchy "StartNow" toolbar, changing the user's default search engine
to Microsoft Bing, and changing their home page to Microsoft's MSN.
The way it works is that C|Net's download page (screenshot attached)
offers what they claim to be Nmap's Windows installer. They even
provide the correct file size for our official installer. But users
actually get a Cnet-created trojan installer. That program does the
dirty work before downloading and executing Nmap's real installer."
As well as doing it to a number of free open source products they have done it with our OSForensics package as well. In our case they are distributing a file called cnet2_osf_exe.exe with our software. This contains the "Babylon toolbar". See screen shot below.
A number of the Anti-virus packages are already flagging the bundled software as a Trojan.
Needless to say, it is pretty evil for CNet to do this without informing us.
Other developers have stated that if you pay CNET for advertising then CNet doesn't bundle their crapware. Which make it more like blackmail. If we get an additional details, we'll add to this post.
So for the moment we strongly suggest you don't use download.com. Go direct to the developer's sites for your downloads.
More details here,