Download.com spyware

[damiank]

Download com just got caught distributing spyware with all of their downloads. CC Cleaner is being distributed by download com. Please google this and read what they did to nmap, an opensource tool. Everything there is now bad news. Please take CC Cleaner off that evil site. They used to promise not to add spyware in their TOS. Note that it is no longer present...

 

They re-package the software executable and add spyware, trojans, etc which are highly complex and undetectable.

 

Check it out, it's public info, CC Cleaner should not use their site.

 

To fix this from ever happening again, PLEASE ADD SHA1 or PGP/GPG CHECKSUM TO YOUR RELEASES, ONLY THEN CAN WE BE SAFE!!!!! Everyone else does it, why don't you?

 

Damian

[Alan_B]

You seem to be far too late and totally wrong.

 

You really should post a link proving your claim.

 

As you suggested I have just searched the phrase

Download com nmap spyware

I found this apology from LAST YEAR

http://download.cnet.com/8301-2007_4-57338809-12/a-note-from-sean-regarding-the-download.com-installer/

 

Please give evidence if you wish to support your claim that they are doing the same thing to the same victim.

 

N.B. I really do believe they will continue this practice when then think they can get away with it, hence I never download from there.

[damiank]

For the non-technical:

 

A SHA1 or PGP checksum, is a cryptography hash of a file. Basically, a sha hash has a specific number of bits, usually 160 bits of information for sha1. When you create a file, and you have a SHA1 checksum tool installed on your computer, you can simply right click it, click on SHA1 checksum, and it will print out something like this, which is the current checksum for the current version of CCCleaner: CCSetup321.exe SHA-1: 432e95c9b13671b563fddeca6c408a763b4020f8

 

That is what you should see when you run HashCheck a safe (OpenSource == SAFEALWAYS) program which you just right click the downloaded file, click properties, and you'll have a tab called "CheckSums" and you just make sure the numbers and letters match the ones on the programs website. It's super simple, super easy, and GUARENTEED 100% THAT THE FILE IS AUTHENTIC. IT IS THE ONLY WAY TO BE SURE.

 

Look at most other popular software projects that are safe (opensource) or popular that use alternative download sites, THEY ALWAYS HAVE A SHA1 SUM. Check yours now for the current version of CC Cleaner. If your SHA1 CheckSum from HashCheck, or any other SHA1 Checksum tool, does not match, THEN YOU HAVE A TROJAN!!!

[damiank]

http://insecure.org/news/download-com-fiasco.html

 

There is the update from a few days ago.

 

I've been using NMAP for years and they are the BEST security software pen-testing group in the world. There isn't a faster, or better tool in the world. Plus, it's completely SAFE, I've looked at the code myself, compiled my own version, and I know it's SAFE.

 

If NMAP Security says that Download com is distributing spyware, then thats a bad thing. Plus, look at their TOS,

[Andavari]

Topic moved to the Windows Security forum.

 

-------------------------

 

Just don't download from Download.com.

 

I haven't been to that site for ages, and it really went downhill many many years ago. Nowadays I block it and it's affiliated sister sites via the HOSTS file.

 

Tip:

If visiting a software developer website and a download links point to Download.com just look elsewhere for the download, there's far more reputable download sites to get software from such as; FileHippo.com, MajorGeeks.com Softpedia.com, SnapFiles.com, etc.

[damiank]

Thats dated a month ago. If the date is wrong or I am blind, I am apologetic. But, that says about a month ago, and they are the premier security company.

 

Nonetheless, if a company is willing to do something so freaking horrible like that, then thats it, they are done in my mind. Even if it's old news, who cares, you just don't become a murderer, and suddenly say, I'm not a murder because I got caught. It doesn't work like that here, maybe in other universes, but, I'm sorry, the unforgivable sin in software is to even THINK of distributing EVIL SOFTWARE on the backs of en ELITE SOFTWARE LIKE CC CLEANER!!!\

 

UNFORGIVABLE. Issue all the apologies in the world, the fact you even went there, omg, the fact they actually did it!!! I in 10,000,000,000 years, I don't care if they offered my the world, life is too short, I would NEVER sell my soul to earn a buck. They did, and it appears not long ago. So, even if the date is wrong, and it was a long time ago, I don't care. Whats done is done, they should not be online, period. If this is true, and they at any point in time did this, then they should be immediately shutdown, because I guarantee, without any doubt in my mind, the people who were a part of this malicious attack on CC Cleaner, NMAP, and thousands others, are still working there, maybe not all of them, but, I'll bet any amount of money, that people who partook in this evil scheme are still working there. Thats what I have a problem with. If I worked there, and my boss told me to break the law and hurt people, I would tell him to shove it, quit, and immediately post it all over the internet. So, how come one of the hundreds of developers who knew about this didn't say a word????

 

Evil company. Thats why. All or most of them are still working there, and you don't just kill someone and turn into a nice day the next day by way of apology. To me, spyware, trojans, viruses, all fall under the same offence as murder. It's a heinous crime, and it's unforgivable. I'm surprised they weren't thrown in prison. Hell, we imprison more people per capita than anywhere else on earth. We even put millions of innocent people in prison to keep the prison guards paid, and the cops paid, and we let them slide for committing FRAUD??? WTF? There is definitely something wrong, if they got off with an apology?? Are you kidding me?

 

I haven't needed to use my CC in a long time, so today when I went to update, I started looking for the checksum, seeing that CC hadn't come up to speed, I figured I've verify the download sites, and thats when I saw the post on NMAP's site. I WAS SHOCKED!!!

 

Thank God I checked. I just got rid of a terrible virus last week for a client, and it destroyed half of her data, corrupted files everywhere. It was a nightmare. Then I see that Download.com is doing it? Apology or not, you have to be a very evil company to go down that road, and none of their developers said a thing during development, they are all bad. Every freaking one of them. Not a single whistle blower?? They ALL WERE OKAY with this??? OMG MAN!!

 

I would've RUN OUT AND POSTED EVERYWHERE ON THE NET! There is no way in hell I would ever be a part of something so sinister. I will never in my entire life ever use their service. Plus, CNET?? How the hell is CNET affiliated with them???? WHY?? CNET is reputable, they have good reporting and everything else, why on earth are they even a part of this abomination?

 

Bottom line, once a Black Hatter, always a Black Hatter. No such thing as Black one day, White the next. Unless you go to work for the NSA of course, but, there, you'll just be wearing a different style black hat.

 

I've been White Hat my entire career in penetration testing, security, cryptography, number theory, game theory, and applied mathematics. I get paid to crack RSA/DSA/AES256 encrypted files/partitions/etc operated by some very bad bad people. These guys are the same people who are destroying our country. Then I see this today? A popular download site did the unthinkable? What has the world come too, and even worse, that CNET is involved. What the hell? If it's old news then why don't I see any indictments? What, are they like the crooks on WallStreet? They just get a pass? They rob/steal/kill and get a pass?

[Alan_B]

Sorry that I gave you a hard time upon the date, but you left it to me to search.

 

We do not know what actions occurred on what dates, but this is an improved link :-

http://insecure.org/...co.html#updates

• June 27, 2012: Download.com complies with our request to remove Nmap entirely from their system.
  
• Apr 24, 2012: Updated this page to note that they have removed their former pledge not to install adware and spyware on user's machines (see the summary section).
  

This suggests that Download.com simply removed their pledge by April 24th, and presumably remained committed to their evil practices,

and gave up supplying corrupted variant of NMAP by last week.

 

I was disturbed last week when I searched for CCleaner and DuckDuckGo gave very prominent links in second and third places for

DOWNLOAD.COM and

SOFTONIC.COM

 

It would be interesting to know if Download.com are corrupting CCleaner.

I have no intention of downloading myself because last year simply downloading "portable notepad" from Softonic trashed my system.

I never even ran or installed what I downloaded,

but it caused never ending "Side By Side" errors that only ended when I restored a partition image backup created before that download.

Softonic had an excuse that their installer came with a manifest that had an accidental error.

Since I never installed there is no reason why that manifest had become incorporated into my system - it must be yet another Microsoft vulnerability / backdoor,

but whatever - I required Portable and downloading their installer caused corruption to my system - why should I expect anything better from Download.com ?

[Guest Keatah]

I try to keep things simple, just download from the official source! In this case, Piriform. It's good advice and has kept my system trouble-free for 30 years. The internet is filled with so much crap and you just need to use good practices.

[Super Fast]

I fail to see how the hashes will protect you without a lot of trouble, seeing that new versions will have a different file size, & thus a different hash. And if it already comes bundled with Google Toolbar as part of the hash of the installer, then what is the point of the hash?

 

I tend to think that having 7zip installed is a more reliable way. Right-click + drag an installer to an empty folder & release, then extract here & delete toolbars etc in the folder!

 

For others, it may work to have a test machine to use, so that you can install the program, then grab just the program & required files/reg keys for it to run & clone to flash drive for future portable use without the bundled malware.

[Andavari]

I tend to think that having 7zip installed is a more reliable way. Right-click + drag an installer to an empty folder & release, then extract here & delete toolbars etc in the folder!

 

7-Zip however can't open Inno Setup made installers I wish it could though. I for one don't trust any antivirus software or online virus scanning services such as Jotti or Virus Total telling me an installer is clean yet it may have some s**t toolbar in it.

 

For Inno Setup made installers I use Inno Setup Extractor (free) to unpack them safely in a temp folder where I can look at the files myself without trusting what some antivirus scanner deems clean.

 

If I had an antivirus company I'd fend off the adware/spyware software houses like Ask Toolbar, Bunndle, OpenCandy, etc., because I'd detect and block all of their junk.

[Super Fast]

Hmmmm... Have you ever tested Universal Extractor or PeaZip to see if they can?

 

Universal Extractor -> http://www.filehippo.com/download_universal_extractor/

Peazip -> http://peazip.sourceforge.net/

 

I haven't had time to test them just yet, but I have them in my archives.

[Andavari]

Aren't they both ad-supported now? I thought UE is.

 

I used to use some extracting tool a few years back that could unpack literally anything except for password protected stuff, but stopped using it because it drove so many antivirus' crazy.