The Tech Herald

C|Net downloader flagged as Trojan - hijacks popular security tool

by Steve Ragan - Dec 5 2011, 19:00

C|Net downloader flagged as Trojan...

For many IT professionals and geeks,, which is maintained by C|Net, used to be the go to spot for all your shareware and freeware needs. However, that was then, and now, changes over at C|Net have stirred the pot, leading some security vendors to flag their unique software installation tool as Malware.

On Monday, Fyodor (Gordon Lyon) blasted C|Net when a new version of his Nmap software was hijacked by their installer application.

C|Net’s special installation suite will offer to install various third-party tools, as well as altering the browser’s homepage and default search options. With millions of applications available on, not all of them are forced in to the hijacked installation process.

C|Net’s installer is only applied to any updated software package, so Nmap was flagged and taken over the moment version 5.51 was submitted to

“C|Net's download page offers what they claim to be Nmap's Windows installer. They even provide the correct file size for our official installer. But users actually get a C|Net-created Trojan installer. That program does the dirty work before downloading and executing Nmap's real installer. Of course the problem is that users often just click through installer screens, trusting that gave them the real installer and knowing that the Nmap project wouldn't put malicious code in our installer,” Fyodor explained.

To make things worse he added, users will likely install the software as normal, assuming that the source is trusted. When they later access their browser, they’ll find several alterations, from toolbars to start page changes, and some will blame the Nmap project itself.

“In addition to the deception and trademark violation, and potential violation of the Computer Fraud and Abuse Act, this clearly violates Nmap's copyright. This is exactly why Nmap isn't under the plain GPL,” he added.

“Our license specifically adds a clause forbidding software which ‘integrates/includes/aggregates Nmap into a proprietary executable installer’ unless that software itself conforms to various GPL requirements (this proprietary C|Net software and the toolbar don't). We've long known that malicious parties might try to distribute a Trojan Nmap installer, but we never thought it would be C|Net's, which is owned by CBS! And we never thought Microsoft would be sponsoring this activity!”

Software developers can email C|Net and request that their application not be included in C|Net’s installation suite, however, such requests will be examined on a case-by-case basis the.

“In other words, 'we'll violate your trademarks and copyright and squandering your goodwill until you tell us to stop, and then we'll consider your request 'on a case-by-case basis' depending on how much money we make from infecting your users and how scary your legal threat is. F*ck them! If anyone knows a great copyright attorney in the U.S., please send me the details or ask them to get in touch with me.”

It’s worth noting that the title Trojan is applied to C|Net’s installer, not only by those who are against what it does, but by the anti-Virus industry itself. BitDefender, F-Secure, GData, McAfee, ESET, and Panda all flag the installer when it runs on a system. Three of them actually call it a Trojan.

C|Net defends their installer, by pointing out that the additional installations are “clearly disclosed and provides the option to accept or decline the offer before proceeding with the download.”

“We only show offers for software that is approved for listing on C|Net If you do not wish to use the C|Net Installer, we provide a link to the direct HTTP download URL below the main ‘Download Now’ button. You need to be logged in as a C|Net member to use this link.”

Earlier this summer, there were several complaints about the new installer, which led to various postings on the topic, including one from GHacks and one from ExtremeTech, each discussing a different tool.

CBS Interactive, the parent of C|Net and would not discuss the financial aspects of any third-party partnerships.

Comment on this Story

comments powered by Disqus


Lucky Escape from Out of Control Truck

This man had a lucky escape on a New Jersey Turnpike when he had to stop on the road du...

Concept Car Videos from Detroit Auto Show

As at every big car show manufacturers at the Detroit Auto Show 2015 were keen to give us th...

Concept Car Pictures from Detroit Auto Show

Well we still had a few pics from the in Detroit Auto Show to put up. These are some of...

Nissan #withdad Super Bowl Commercial Teaser

Nissan have revealed the first glimpse of their #withdad Super Bowl commercial set to s...

This Is What A Horror 150-Car Pile-up In Snow Looks Like (VIDEO)

This incredible footage shows the terrifying unfolding of a massive 150-car pile-up tha...