It is currently Sat Dec 20, 2014 11:38 pm


Latest GIMP Scripts & Plug-ins

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 17 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: WARNING Cnet.download com installers are spreading dangerous malware
PostPosted: Fri Dec 07, 2012 5:35 am  (#1) 
Offline
GimpChat Member

Joined: Apr 12, 2010
Posts: 5877
Cnet.download.com in the past did a good job to distribute freeware to acquire public and the reputation of a trusted side

then started to modify the installers of the program that distribute, to embed adware , spyware, and browser hijacker (against the will of the developers of the programs that denunced the pratice.... a quick google search will give more detail )

Anyway that malware was mainly a disturbance but was not very dangerous , BUT NOW it embed also really dangerous malware as the Claro toolbar that will redirect all search on dangerous phishing sites and even filter the search of the other search engine, again to redirect to phishing sites

Claro is not only dangerous but also very difficult to eliminate ...it took me 2 days of fighting
to get rid of it and still there is some problem left that i could solve only with the help of the mozilla forum http://forums.mozillazine.org/viewtopic ... &t=2626967

And please note that claro infect not only the default browser but all the browser, i fixed firefox but Google Crome and IE are still sort of infected:
the virus is removed but its misfits are hard to fix


BTW in theory you have a option to use the download.com installers without installing also the malware , but in pratice a moment of distration is sufficent to get infected, and of infection very difficult to heal

And the escalation is impressive now download.com is not more only embedding "normal" adware and spyware as before crazy exacalation started to distribute very nasty virus and malware as claro

Note that claro virus is continuosly evolving so the instructions on how to remove need to be continuosly updated , most of the how to remove what you will found on the net is not more valid

As from antivirus most will not detect it or will only apparently eliminate the treath, but the virus will resurrect at each computer restart

There are much other safe download sites (i.e beta news, filehyppo,) so no reason to risk on download.com...

On a shared computer i will heartly suggest to put the Cnet.download.com URL in the firewall blacklist because it is spreding really dangerous malware

Take care !

_________________
My 3D Gallery on Deviantart http://photocomix2.deviantart.com/
Main gallery http://www.flickriver.com/photos/photocomix-mandala/
Mandala and simmetry http://www.flickriver.com/photos/photocomix_mandala/

Image

Mrs Wilbress


Last edited by PhotoComix on Fri Dec 07, 2012 6:20 am, edited 1 time in total.

Share on Facebook Share on Twitter Share on Orkut Share on Digg Share on MySpace Share on Delicious Share on Technorati
Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com is spreading dangerous malware hidden i
PostPosted: Fri Dec 07, 2012 6:13 am  (#2) 
Offline
GimpChat Member

Joined: Apr 12, 2010
Posts: 5877
PS actually cnet.download.com is also distributing GIMP

In the case of GIMP apparently they didn't embed the malware maybe only because they have a good lawyer:
if is forbidden include something as PSPI in gimp because PSPI is not respecting fully GPL license, it should be even more forbidden include closed source malware in its installer
BUT are legal trick to allow it, and antivirus and spywareprogram will not spot their malware till not installed, and then will be too late to remove without pain

so i will avoid the risk to use their gimp installer, even if in this case is apparently clean

_________________
My 3D Gallery on Deviantart http://photocomix2.deviantart.com/
Main gallery http://www.flickriver.com/photos/photocomix-mandala/
Mandala and simmetry http://www.flickriver.com/photos/photocomix_mandala/

Image

Mrs Wilbress


Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 7:42 am  (#3) 
Offline
GimpChat Member
User avatar

Joined: Dec 02, 2012
Posts: 158
Location: Cantabria, Spain
Thanks!!!

Although I'm Linux user I just noticed this in Gimp.Org.Es. for Win users and general knowledge.

_________________
Image



My Gimp rides on Linux Mint, Debian and Fedora


Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 8:47 am  (#4) 
Offline
Script Coder

Joined: Apr 10, 2011
Posts: 533
I... kinda thought this was old news? I remember hearing about this a year ago or so. If they're still doing it... why isn't anyone suing them?

Anyway, I can't see what possible motive CNet would have for embedding malware in installers, other than maybe large software companies are paying them to smear the reputation of free programs... (where's my tinfoil hat)


Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 8:57 am  (#5) 
Offline
GimpChat Member
User avatar

Joined: Nov 15, 2012
Posts: 970
Location: Mesa, AZ
Image

I'm using it though.

I've downloaded things on Cnet, and there always seems to be all kinds of derp packaged with my downloads. I've made it a point to very carefully click through the custom install process, lest I sign my soul over to headless zombie nuns for experimentation or worse.

_________________
Image

I now have a Tumblr, check it out!


Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 9:36 am  (#6) 
Offline
Administrator
User avatar

Joined: May 22, 2008
Posts: 6349
Location: Somewhere in GIMP
Thanks for the warning, PhotoComix. Sheesh, and I thought CNET was a reliable and safe place to download from. :hoh

_________________
Image
... Eye of newt, toe of frog ... Believed to be the first recipe for an explosive mixture ... the forerunner of gunpowder.

Image


Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 9:52 am  (#7) 
Offline
GimpChat Member

Joined: Apr 12, 2010
Posts: 5877
dd wrote:
I... kinda thought this was old news? I remember hearing about this a year ago or so.


The fact that cnet.download.com modify the installers to include adware is not a new, but we are no more talking of barely legal even if disturbing adware and spyware

It was a impressive escalation, now they get to the point to include Babylon , and much worse Claro that are really nasty and dangerous internet browser hjacker.

I downloaded tons programs from everywhere without never get a virus,but on cnet.download. com , even if i know the risk and i was careful just a second of distration was sufficent to get infected and in the most dangerous way :

luckily i use also linux so when i had the doubt that not only the Claro search itself was a phishing attempt that but also all the other search engine installed (google, yahoo, bing...)
were modified to redirect on phishing sites i could check it

And yes the result for "remove Claro toolbar", done with google and yahoo in Windows (infected by the claro virus included in a cnet installer,) were very different from the result of the same search done from my linux partition just few minutes after (just the time to restart the computer)

only few pages were similar, similar but with the addition of links for commercial programs (but i doubt that the link were for the autentic commercial programs) to remove the Claro malware, links that were not in the (apparently same page) if opened from a not infected OS

PS here i am not talking of the links added by google ads on top of each search, but the result of the search

PS

Quote:
Anyway, I can't see what possible motive CNet would have for embedding malware in installers


Money ...just money..what else ?
it is not a secret they admit openly (on their own site, even if in almost hidden pages) to modify the installers

The problem now may be that the rensponsable of fishing sites could afford to offer much more money respect to the distributor of less dangerous adware

A successfull phishing attack may even get the result to empty somebody bank account, it seems hard earning the same dealing adware.

_________________
My 3D Gallery on Deviantart http://photocomix2.deviantart.com/
Main gallery http://www.flickriver.com/photos/photocomix-mandala/
Mandala and simmetry http://www.flickriver.com/photos/photocomix_mandala/

Image

Mrs Wilbress


Last edited by PhotoComix on Fri Dec 07, 2012 10:19 am, edited 4 times in total.

Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 12:03 pm  (#8) 
Offline
GimpChat Member
User avatar

Joined: Apr 30, 2010
Posts: 1953
Location: Missouri
I never use cnet anymore because they insult my intelligence by including that junk, this new malware thing is new though and I'll pass it along. Thanks.

_________________
Image
The last time I kept an open mind,
my brain fell out and the dog grabbed it.
Now it's full of dirt, toothmarks, and dog slobber.
No more open minds or dogs for me.


Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 5:11 pm  (#9) 
Offline
GimpChat Member

Joined: Apr 12, 2010
Posts: 5877
Most irritating i did know well that they embed adware and similar junk in their installers, but all the other link were dead so i ended up there also because they don't force to install that junk, be really careful and reading well it is possible refuse the installation of the extra junk...

And then a parent jumped in my room to start some argument and for a moment i go distracted i already had successfully avoided a couple of toolbars and messagers and so overthinking i clicked automatically to proced ...i noticed immediatly what i have done but was no more oossible stop the installer...damn !

Neverthless i was not too worried, i was thinking to have just to unistall a new Ask or Vuze ,or whatever toolbar, or to clean up tracking cookies from some adware not to have to fight for 2 days with such nasty malware

_________________
My 3D Gallery on Deviantart http://photocomix2.deviantart.com/
Main gallery http://www.flickriver.com/photos/photocomix-mandala/
Mandala and simmetry http://www.flickriver.com/photos/photocomix_mandala/

Image

Mrs Wilbress


Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 5:55 pm  (#10) 
Offline
Global Moderator
User avatar

Joined: Nov 16, 2011
Posts: 3577
Location: Metro Vancouver, BC
I use to like CNET in the old yellow, red and then green days (1990's early 2000's), things started really going downhill when CBS interactive got involved. Here's an interesting article on the download issue,
Popular network tool Nmap in CNET security brouhaha

The CNET forum use to be good as well, but now it's full of partisan know-it-all's.

_________________
Image :santa
Gimp 2.8.14, Ubuntu 14.10, median user
Gimp Chat Tutorials Index


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 17 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

* Login  

* Subscribe to Gimp Chat's RSS Feed    * Subscribe to Gimp Chat's Tutorial Feed    * Subscribe to Gimp Chat's G'MIC Feed


Powered by phpBB3 © phpBB Group