[nsp-sec] Fwd: C|Net Download.Com is now bundling Nmap with malware!
William Allen Simpson
william.allen.simpson at gmail.com
Tue Dec 6 09:37:15 EST 2011
On 12/6/11 3:06 AM, Alfredo Sola wrote:
> I still haven't decided if this would be a near off-topic or a useful piece of information for our own teams, directly security related. Please excuse me if you think the former, and please exorcize nsp-sec headers when forwarding as usual if the latter.
>
It is.... Probably need the Firefox/Google "this can harm your computer"
screen. Can Google scan the other downloads from CNet and check for
more malware? Perhaps the entire site needs flagging?
>> De: Fyodor<fyodor at insecure.org>
>> It is interesting to compare the trojaned VLC screenshot in that
>> article with the Nmap one I've attached. In that case, the user just
>> clicks "Next step" to have their machine infected. And they wrote
>> "SAFE, TRUSTED, AND SPYWARE FREE" in the trojan-VLC title bar. It is
>> telling that they decided to remove that statement in their newer
>> trojan installer. In fact, if we UPX-unpack the Trojan CNet
>> executable and send it to VirusTotal.com, it is detected as malware by
>> Panda, McAfee, F-Secure, etc:
>>
>> http://bit.ly/cnet-nmap-vt
>>
More information about the nsp-security
mailing list