- Dec 30, 2012
- 4,809
A software wrapper used by CNET supposedly tricks users into installing toolbars and Trojans instead of the actual hosted program.
Old article but still an important read!
Gordon "Fyodor" Lyon is the creator and maintainer of the widely-used network auditing and penetration-testing tool called Nmap. It's a handy tool for administrators that can spot services that shouldn't be running, locate rogue PCs and servers, identify firewalls on the network and more. You would think that having a download mirror like CNET would bring a significant load of traffic to Lyon's software.
Well it has, just not in a good way.
According to the developer, CNET's Download.com repository has bundled his free software with Trojans and shady toolbars without his consent. Security firm Sophos backs up the claims and explains that it's encased in a software wrapper -- aka the Download.com Installer which was introduced back in July -- that tricks the potential customer into installing the Babylon Toolbar. To do this, the wrapper pops up a dialog headlined "Nmap" with a bright green default "Accept" button. But accepting only means CNET visitors accept the "special offer" of the toolbar instead... accepting the installation of Nmap comes later.
Old article but still an important read!
Gordon "Fyodor" Lyon is the creator and maintainer of the widely-used network auditing and penetration-testing tool called Nmap. It's a handy tool for administrators that can spot services that shouldn't be running, locate rogue PCs and servers, identify firewalls on the network and more. You would think that having a download mirror like CNET would bring a significant load of traffic to Lyon's software.
Well it has, just not in a good way.
According to the developer, CNET's Download.com repository has bundled his free software with Trojans and shady toolbars without his consent. Security firm Sophos backs up the claims and explains that it's encased in a software wrapper -- aka the Download.com Installer which was introduced back in July -- that tricks the potential customer into installing the Babylon Toolbar. To do this, the wrapper pops up a dialog headlined "Nmap" with a bright green default "Accept" button. But accepting only means CNET visitors accept the "special offer" of the toolbar instead... accepting the installation of Nmap comes later.
Last edited:
