How to make a thousand enemies (a horror story of added toolbars)

One of the many newsletters that I get is ThreatPost (yes, I know I am super geeky, but it is part of my job: “Geek Engineer/Specialist”). This is a Kapersky newsletter about security. I like it, because it does not focus on just Kapersky (Vipre/GFI also has good newsletters).

So, here is an article that was published saying “Cnet Apologizes for Nmap Adware Bundling” You can click and open the whole article, but before doing so, read the rest of the post.

One thing that I learn to do, is not to read “sensational journalism” Meaning, I completely ignore strong words that might give me a different view on something. You see it all the time (although you might not feel it), like using patriotism in political speech (sooooo common).

Why I consider the title sensationalist? Well, I was expecting real bad malware. was bundling the Bing toolbar with nmap. I didn’t not try the original download, but unfortunately I had to deal with it to get SteadyState (I could only find it with the download manager).

Now, I hate download managers, but that is my personal opinion. I don’t know what else it is setting up, and I find it a waste of time when you are downloading a 8MB file, but you can deny to install the toolbar in the download.

Can you feel where I am going? I tell this to most people, the biggest danger on the Internet are not the hacker, viruses, or malware, but the users themselves. Read, and check what you are installing. Keep your own computer safe, instead of trusting that the Internet is safe. It is the same concept as in real life and streets. (and as I say this, I am reminded that there is a ton of people that cross streets without checking for traffic, or people that merge without giving the right of away) Anyhow.

Cnet, should not add the toolbars, but they are running a business. The part about people trusting nmap or other open source projects is true, but as an IT person I always try to go to the source. So if I am downloading nmap I will go to

The other interesting point is what does CNET and consider malware and adware? Obviously not the tool bars. I am old enough (and I am not that old) to remember CNET when they bundled worse adware, and I still don’t trust them. I mainly don’t trust the layout of the site. Have you tried to download ad-aware? You could very easily end up downloading the wrong software thanks to the big advertising (right now, it seems easier to download ARO 2011 from the page of Lavasoft’s Ad-aware than the software itself).

As a final note the problem is “We, the users” although CNET holds blame. It is the same with SPAM. It would not exist, if there weren’t fools that buy Viagra from a SPAM message. Yes people, it does happen, and yes, SPAM is expensive to run, but can be profitable (I got 113 Spam comments on this blog alone Smile).

Now, for the actual article, after my long rant and informal analysis.

from Threat Post

CNet NMapOfficials at Cnet’s site have issued a statement apologizing for bundling the popular open source Nmap security audit application with adware that changed users’ search engine and home page to Microsoft properties. Fyodor, the author of Nmap, raised the issue earlier this week, saying that his app was being wrapped in malware on

It’s not unusual for download sites to bundle free applications with some kind of adware or toolbar, but the creators of open-source applications take a dim view of this practice, given the nature and ethic of open source projects. Nmap is a venerable and widely used tool for mapping networks and performing security audits and Fyodor wrote in a message to an Nmap mailing list earlier this week that, which is part of Cnet, a subsidiary of CBS Interactive, was bundling the application with its installer, which, if a user agreed, would install a search toolbar and change the user’s search engine to Bing.

"The way it works is that C|Net’s download page (screenshot attached) offers what they claim to be Nmap’s Windows installer. They even provide the correct file size for our official installer. But users actually get a Cnet-created trojan installer. That program does the dirty work before downloading and executing Nmap’s real installer. Of course the problem is that users often just click through installer screens, trusting that gave them the real installer and knowing that the Nmap project wouldn’t put malicious code in our installer. Then the next time the user opens their browser, they find that their computer is hosed with crappy toolbars, Bing searches, Microsoft as their home page, and whatever other shenanigans the software performs! The worst thing is that users will think we (Nmap Project) did this to them!" Fyodor wrote in his original message. Continue at source


If you would like to comment, please refer to which section of the article you liked so I know you are not a spammer. Too many out there :)

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s