BleepingComputer.com: Cnet bundled with viruses

Today I was removing some viruses because I was infected and two of the trojans were the cnet installer so I did some reserch and came across this: http://hightechreality.com/2011/08/cnet-downloadcoms-installer-install-malware/ I'm very shocked and I may never trust cnet again

After speaking with firemaster1337, I tested this and found that their new downloaded contains offers for toolbars and other programs that can be considered adware. If you state that you do not want to install these, it will not install, but will in fact download these offers to your %Temp% folder regardless.

Crappy programming for not cleaning up the temp files after and even crappier offers to be putting in their downloads. This, in my opinion is just download.com looking to make more money by using the afterdownload.com service. Still I would not go as far as stating that the CNET downloader is installing viruses or trojans, when in fact nothing malicious is installed on your computer.

I hate these downloaders. They offer no advantages over simply linking directly to the file. Driver Guide uses a downloader as well and does not allow anyone to download the file directly. Even after registering, Driver Guide still gives you their downloader.

The official download link for Avast keeps alternating between linking to Download.com and downloading the installer directly from Avast's server. I can't recommend a program that is officially only available from a Web site that uses one of these downloaders. It can be downloaded from other sites, but the downloads may be out of date.

On my last CNET update, I saw the optional toolbar on the downloads and unchecked that. After reading this I won't be downloading from their site again, but is anything going to happen if I just use the account to scan and tell me when updates are needed? What I would do is then go direct to the vendor to get the update Much less convenient, but I am so opposed to the tricks described here that I would do that.

Cleaning out the temp files will remove any offers the pre-downloaded to your computer.

You know, this kind of thing drives me crazy. I used to use download.com and I had a lot of trust in them especially since MalwareBytes Corp and many other security firms use them instead of using their servers (very lazy settups if you ask me), but I quit trusting them when I used them to avoid having to give information (name, address, phone number and the like), to a company for a free version of their product. (it was an XMPP server from coversant based on the microsoft .net Framework). I couldn't figure out why the download kept getting blocked, but it turned out that it was coming from NOD32, and according to NOD, the XMPp server download hosted over on CNet was a variant of Win32/InstallCore.C. Reluctantly I went to the vender's site, information given and all, and got the file from there. There was a difference in both the file name (CNet's had a double exe extension on it), and the file size. CNet's was equal to 444 K while Coversant's (the legit one), was equal to 4857 K.

Time to switch to softpedia

ranget, on 20 November 2011 - 02:12 PM, said:

why not sourceforge?