download.com Download.com serving up malware

[James_A]

Download.com a.k.a. C|Net download.com is no longer a safe location to download programs, because it now wraps the software in a Trojan Installer, detected as malware by major Anti-Virus programs.

This story was first reported back in August on the ExtremeTech site, when VLC was "trojanised" by Download.com. See "Download.com wraps downloads in bloatware, lies about motivations"

Now it has re-emerged, because another well-known program used by Computer Security testers (nmap) has also been "trojanised" by Download.com:

I've just discovered that C|Net's Download.Com site has

started wrapping their Nmap downloads (as well as other free software

like VLC) in a trojan installer which does things like installing a

sketchy "StartNow" toolbar, changing the user's default search engine

to Microsoft Bing, and changing their home page to Microsoft's MSN.

The installer is actually detected as malware:

In fact, if we UPX-unpack the Trojan CNet

executable and send it to VirusTotal.com, it is detected as malware by

Panda, McAfee, F-Secure, etc:

http://bit.ly/cnet-nmap-vt

That bit.ly link will redirect you to virustotal.com for the test results.

Looks like download.com is no longer a safe place to go, for any downloads.

.

[0_0]

Wasn't it back in September that uTorrent and BitTorrent sites were hacked, files were replaced with scareware & ransomware...? Ironically I suppose, Google produced as a first result a comment about the issue by a download.cnet.com blogger.

[Eldmannen]

Shame on those as******.

1998 called and wanted their s***ty site back.

Shareware is dead.

Open source all the way.