Threat Level: Infocon green

ISC Diary

Refresh Latest Diaries


C|Net download.com serving malware with nmap software

Published: 2011-12-06,
Last Updated: 2011-12-06 06:40:53 UTC
by Kevin Shortt (Version: 1)

6 comment(s)

Fyodor from insecure.org and the creator of nmap has issued the following statement on the nmap-hackers mailing list today.

http://seclists.org/nmap-hackers/2011/5

nmap is one the most respected networking tools available.
This is just another example that it is easy to be duped.

Downloaders beware. Stay vigilant.

-Kevin
--
ISC Handler on Duty

Keywords: nmap
6 comment(s)
Top of page

Top of page

Comments

CNet has been doing this for a long time. I refuse to download anything from them. Why bother when sourceforge is a billion times faster, anyways?
posted by JoeBlow, Tue Dec 06 2011, 11:18
I would like to see more sites post the hash value of the official package right next to the download button. While not perfect it would definitely influence me not to install a package that didn't compute.
posted by Mathair, Tue Dec 06 2011, 13:44
I uninstalled the CNET tracker from my Mac just today...used to hit it every day for updates and new apps. but not now.
posted by James, Tue Dec 06 2011, 15:20
That's WHY I only download applications from the source, rather than second party sites.
Too easy to end up having to format and reimage my machine otherwise.
posted by Wzrd1, Tue Dec 06 2011, 16:26
I don't know that I would categorize the Bing! toolbar as malware. It's not like that, and having your default web page changed to Microsoft, are the same thing as being hit with Blackhole, Zbot, etc. Is it annoying, rude, and a flagrant violation of Nmap's terms of use? Absolutely. But malware? Not by any definition I've seen
posted by Rob Shein, Tue Dec 06 2011, 23:30
- http://www.theregister.co.uk/2011/12/06/cnet_nmap_toolbar_wrapping_row/

- https://www.virustotal.com/file-scan/report.html?id=5bd70802c051fd95d0d78ac168385cd504705c00526ded2fd5edebdcc32d48f6-1323239699
File name: [b]29d0ca5df3dd63a69630a1bbdbfbcfdad6271702[/b]
Submission date: 2011-12-07 06:34:59 (UTC)
Result: 7/43 (16.3%)
.
posted by PC.Tech, Wed Dec 07 2011, 12:41

New Comments closed for all Diaries older than two(2) weeks
Please send your comments to our Contact Form

Diary Archives

Top of page
site/port/ip search:

Announcement!

IPv6 Support Added

Our iptables client now supports submitting IPv6 firewall logs.

Get ISC Swag!!

Advertisement

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

UDP port 1434 directed attack to AS13489 IP ranges - by: Manuel Humberto Santander Pelaez (2013-05-24)

MoVP II - by: Adrien de Beaupre (2013-05-23)

Privilege escalation, why should I care? - by: Adrien de Beaupre (2013-05-22)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute