Download.com, part of Cnet, shows downloads with malware installers. In some cases this is against the license of the original software. The site is advertising with the offer of spyware-free software.
Nmap developer Gordon ‘Fyodor’ Lyon discovered that Download.com a malware installer to its users of the website are trying to penetrate as they portscanner via the website to download. The original installers have been packaged in a program from Cnet, which offers a toolbar to install. Also other open source software such as media player, VLC and network tool Wireshark turned out to be with the unwanted software.
That the download website malware add is strange; Download.com promised in 2005, no spyware, bundled software more to offer and has, to date, this promise on their website. Lyon calls the unsolicited add, the malware not only immoral, but also sees a violation of the custom GPL nmap. The license allows only installers that under the same GPL as nmap itself.
Cnet has not yet publicly responded to the discovery of Lyon, however, is the original installer of Nmap, now restored. On Insecure.org is a timeline of the events tracked. In a sample of Tweakers.net seems to be the most popular software offered with the spyware, but turns the software back on at the lower quoted software in the lists. It is also apparent, Cnet already has a few times of type of malware to be changed. Originally, Microsoft’s Bing toolbar included, but the software giant from Redmond has the partnership with the download site, let it break.
