It is currently Wed Apr 01, 2015 8:07 pm


Latest GIMP Scripts & Plug-ins

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic  [ 17 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: WARNING Cnet.download com installers are spreading dangerous malware
PostPosted: Fri Dec 07, 2012 6:35 am  (#1) 
Offline
GimpChat Member

Joined: Apr 12, 2010
Posts: 5873
Cnet.download.com in the past did a good job to distribute freeware to acquire public and the reputation of a trusted side

then started to modify the installers of the program that distribute, to embed adware , spyware, and browser hijacker (against the will of the developers of the programs that denunced the pratice.... a quick google search will give more detail )

Anyway that malware was mainly a disturbance but was not very dangerous , BUT NOW it embed also really dangerous malware as the Claro toolbar that will redirect all search on dangerous phishing sites and even filter the search of the other search engine, again to redirect to phishing sites

Claro is not only dangerous but also very difficult to eliminate ...it took me 2 days of fighting
to get rid of it and still there is some problem left that i could solve only with the help of the mozilla forum http://forums.mozillazine.org/viewtopic ... &t=2626967

And please note that claro infect not only the default browser but all the browser, i fixed firefox but Google Crome and IE are still sort of infected:
the virus is removed but its misfits are hard to fix


BTW in theory you have a option to use the download.com installers without installing also the malware , but in pratice a moment of distration is sufficent to get infected, and of infection very difficult to heal

And the escalation is impressive now download.com is not more only embedding "normal" adware and spyware as before crazy exacalation started to distribute very nasty virus and malware as claro

Note that claro virus is continuosly evolving so the instructions on how to remove need to be continuosly updated , most of the how to remove what you will found on the net is not more valid

As from antivirus most will not detect it or will only apparently eliminate the treath, but the virus will resurrect at each computer restart

There are much other safe download sites (i.e beta news, filehyppo,) so no reason to risk on download.com...

On a shared computer i will heartly suggest to put the Cnet.download.com URL in the firewall blacklist because it is spreding really dangerous malware

Take care !

_________________
My 3D Gallery on Deviantart http://photocomix2.deviantart.com/
Main gallery http://www.flickriver.com/photos/photocomix-mandala/
Mandala and simmetry http://www.flickriver.com/photos/photocomix_mandala/

Image

Mrs Wilbress


Last edited by PhotoComix on Fri Dec 07, 2012 7:20 am, edited 1 time in total.

Share on Facebook Share on Twitter Share on Orkut Share on Digg Share on MySpace Share on Delicious Share on Technorati
Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com is spreading dangerous malware hidden i
PostPosted: Fri Dec 07, 2012 7:13 am  (#2) 
Offline
GimpChat Member

Joined: Apr 12, 2010
Posts: 5873
PS actually cnet.download.com is also distributing GIMP

In the case of GIMP apparently they didn't embed the malware maybe only because they have a good lawyer:
if is forbidden include something as PSPI in gimp because PSPI is not respecting fully GPL license, it should be even more forbidden include closed source malware in its installer
BUT are legal trick to allow it, and antivirus and spywareprogram will not spot their malware till not installed, and then will be too late to remove without pain

so i will avoid the risk to use their gimp installer, even if in this case is apparently clean

_________________
My 3D Gallery on Deviantart http://photocomix2.deviantart.com/
Main gallery http://www.flickriver.com/photos/photocomix-mandala/
Mandala and simmetry http://www.flickriver.com/photos/photocomix_mandala/

Image

Mrs Wilbress


Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 8:42 am  (#3) 
Offline
GimpChat Member
User avatar

Joined: Dec 02, 2012
Posts: 156
Location: Cantabria, Spain
Thanks!!!

Although I'm Linux user I just noticed this in Gimp.Org.Es. for Win users and general knowledge.

_________________
Image



My Gimp rides on Linux Mint, Debian and Fedora


Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 9:47 am  (#4) 
Offline
Script Coder

Joined: Apr 10, 2011
Posts: 532
I... kinda thought this was old news? I remember hearing about this a year ago or so. If they're still doing it... why isn't anyone suing them?

Anyway, I can't see what possible motive CNet would have for embedding malware in installers, other than maybe large software companies are paying them to smear the reputation of free programs... (where's my tinfoil hat)


Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 9:57 am  (#5) 
Offline
GimpChat Member
User avatar

Joined: Nov 15, 2012
Posts: 967
Location: Mesa, AZ
Image

I'm using it though.

I've downloaded things on Cnet, and there always seems to be all kinds of derp packaged with my downloads. I've made it a point to very carefully click through the custom install process, lest I sign my soul over to headless zombie nuns for experimentation or worse.

_________________
Image

I now have a Tumblr, check it out!


Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 10:36 am  (#6) 
Offline
Administrator
User avatar

Joined: May 22, 2008
Posts: 6526
Location: Somewhere in GIMP
Thanks for the warning, PhotoComix. Sheesh, and I thought CNET was a reliable and safe place to download from. :hoh

_________________
Image
The densest objects in the universe, in increasing order, are white dwarfs, neutron stars, black holes and spammers.
Image


Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 10:52 am  (#7) 
Offline
GimpChat Member

Joined: Apr 12, 2010
Posts: 5873
dd wrote:
I... kinda thought this was old news? I remember hearing about this a year ago or so.


The fact that cnet.download.com modify the installers to include adware is not a new, but we are no more talking of barely legal even if disturbing adware and spyware

It was a impressive escalation, now they get to the point to include Babylon , and much worse Claro that are really nasty and dangerous internet browser hjacker.

I downloaded tons programs from everywhere without never get a virus,but on cnet.download. com , even if i know the risk and i was careful just a second of distration was sufficent to get infected and in the most dangerous way :

luckily i use also linux so when i had the doubt that not only the Claro search itself was a phishing attempt that but also all the other search engine installed (google, yahoo, bing...)
were modified to redirect on phishing sites i could check it

And yes the result for "remove Claro toolbar", done with google and yahoo in Windows (infected by the claro virus included in a cnet installer,) were very different from the result of the same search done from my linux partition just few minutes after (just the time to restart the computer)

only few pages were similar, similar but with the addition of links for commercial programs (but i doubt that the link were for the autentic commercial programs) to remove the Claro malware, links that were not in the (apparently same page) if opened from a not infected OS

PS here i am not talking of the links added by google ads on top of each search, but the result of the search

PS

Quote:
Anyway, I can't see what possible motive CNet would have for embedding malware in installers


Money ...just money..what else ?
it is not a secret they admit openly (on their own site, even if in almost hidden pages) to modify the installers

The problem now may be that the rensponsable of fishing sites could afford to offer much more money respect to the distributor of less dangerous adware

A successfull phishing attack may even get the result to empty somebody bank account, it seems hard earning the same dealing adware.

_________________
My 3D Gallery on Deviantart http://photocomix2.deviantart.com/
Main gallery http://www.flickriver.com/photos/photocomix-mandala/
Mandala and simmetry http://www.flickriver.com/photos/photocomix_mandala/

Image

Mrs Wilbress


Last edited by PhotoComix on Fri Dec 07, 2012 11:19 am, edited 4 times in total.

Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 1:03 pm  (#8) 
Offline
GimpChat Member
User avatar

Joined: Apr 30, 2010
Posts: 1940
Location: Missouri
I never use cnet anymore because they insult my intelligence by including that junk, this new malware thing is new though and I'll pass it along. Thanks.

_________________
Image
The last time I kept an open mind,
my brain fell out and the dog grabbed it.
Now it's full of dirt, toothmarks, and dog slobber.
No more open minds or dogs for me.


Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 6:11 pm  (#9) 
Offline
GimpChat Member

Joined: Apr 12, 2010
Posts: 5873
Most irritating i did know well that they embed adware and similar junk in their installers, but all the other link were dead so i ended up there also because they don't force to install that junk, be really careful and reading well it is possible refuse the installation of the extra junk...

And then a parent jumped in my room to start some argument and for a moment i go distracted i already had successfully avoided a couple of toolbars and messagers and so overthinking i clicked automatically to proced ...i noticed immediatly what i have done but was no more oossible stop the installer...damn !

Neverthless i was not too worried, i was thinking to have just to unistall a new Ask or Vuze ,or whatever toolbar, or to clean up tracking cookies from some adware not to have to fight for 2 days with such nasty malware

_________________
My 3D Gallery on Deviantart http://photocomix2.deviantart.com/
Main gallery http://www.flickriver.com/photos/photocomix-mandala/
Mandala and simmetry http://www.flickriver.com/photos/photocomix_mandala/

Image

Mrs Wilbress


Top
 Profile  
 
 Post subject: Re: WARNING Cnet.download com installers are spreading dangerous malw
PostPosted: Fri Dec 07, 2012 6:55 pm  (#10) 
Offline
Global Moderator
User avatar

Joined: Nov 16, 2011
Posts: 3930
Location: Metro Vancouver, BC
I use to like CNET in the old yellow, red and then green days (1990's early 2000's), things started really going downhill when CBS interactive got involved. Here's an interesting article on the download issue,
Popular network tool Nmap in CNET security brouhaha

The CNET forum use to be good as well, but now it's full of partisan know-it-all's.

_________________
Image
Gimp 2.8.14, Ubuntu 14.10, median user
Gimp Chat Tutorials Index
Spirit Bear


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 17 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 5 guests


Jump to:  

   Similar Topics   Author   Replies   Views   Last post 
This topic is locked, you cannot edit posts or make further replies. Attachment(s) Sourceforge Using ADs As Download Vectors For Malware

[ Go to page: 1, 2, 3, 4, 5 ]

in Gimp Discussions

CRogers

42

2289

Sat Nov 09, 2013 7:13 am

Rod View the latest post

No new posts Dangerous acquaintances

in Gimp Art

PhotoComix

2

263

Sat Jan 12, 2013 7:50 am

AnMal View the latest post

No new posts Gimp 2.7 portable and virus/malware alert

[ Go to page: 1, 2 ]

in Gimp News

PhotoComix

15

2018

Fri Feb 24, 2012 3:11 pm

molly View the latest post

No new posts GIMP (Official) Windows Installers moved

in Gimp News

Odinbc

3

807

Wed Nov 06, 2013 5:12 pm

lylejk View the latest post

No new posts Gimp Plugins installers for Win32+ Importing ressources into Gimp

in Gimp Scripts and Plugins

PhotoComix

2

624

Mon Sep 20, 2010 1:48 pm

Rod View the latest post



* Login  

* Subscribe to Gimp Chat's RSS Feed    * Subscribe to Gimp Chat's Tutorial Feed    * Subscribe to Gimp Chat's G'MIC Feed


Powered by phpBB3 © phpBB Group