“cleans up” Nmap but not other downloads

When he discovered that Nmap was being distributed by C|Net’s site bundled up with a proprietary trojan installer that installed a sketchy toolbar, changed the users’ default search engine to Microsoft Bing, and changed their home page to Microsoft’s MSN, Nmap developer “Fyodor” raised the alarm and began warning users left and right.

It took less than a day for to react and quietly switch their Nmap downloads back to the software’s real installer, and for Microsoft to contact him and explain that they weren’t aware of the fact that they were sponsoring CNET to trojan open source software. They put the blame on one of their distribution partners, and said that it has suspended operations with C|Net until this issue has been solved.

“But the trojan installer uses your Internet connection to obtain more ‘special offers’ from C|Net, and they immediately switched to installing a ‘Babylon toolbar’ and search engine redirect instead. Then C|Net removed that and are now promoting their own ‘techtracker’ tool,” says Fyodor in a new message to the nmap-hackers mailing list, and warns that other packages available for download on the site are still bundled with the installer.’s Adware & Spyware Notice offers contrasting claims and statements regarding the safety of downloading from the site.

On one hand it says that “every time you download software from, you can trust that we’ve tested it and found it to be adware-free,” then they follow up with “despite our vigilance, we can’t guarantee that our library is 100% adware-free.” So, which is it?

Given that is one of the most popular sites for downloading software, this kind of behavior is alarming.

Don't miss