Download.com a.k.a. C|Net download.com is no longer a safe location to download programs, because it now wraps the software in a Trojan Installer, detected as malware by major Anti-Virus programs.
This story was first reported back in August on the ExtremeTech site, when VLC was "trojanised" by Download.com. See "Download.com wraps downloads in bloatware, lies about motivations"
Now it has re-emerged, because another well-known program used by Computer Security testers (nmap) has also been "trojanised" by Download.com:
I've just discovered that C|Net's Download.Com site has started wrapping their Nmap downloads (as well as other free software like VLC) in a trojan installer which does things like installing a sketchy "StartNow" toolbar, changing the user's default search engine to Microsoft Bing, and changing their home page to Microsoft's MSN.
The installer is actually detected as malware:
In fact, if we UPX-unpack the Trojan CNet executable and send it to VirusTotal.com, it is detected as malware by Panda, McAfee, F-Secure, etc: http://bit.ly/cnet-nmap-vt
That bit.ly link will redirect you to virustotal.com for the test results.
Looks like download.com is no longer a safe place to go, for any downloads.
Earlier today, Apple's very own Steve Jobs passed away at the age of 56 due to a rare form of pancreatic cancer. His death happens just a day after Apple announced the iPhone 4S.
"Apple has lost a visionary and creative genius, and the world has lost an amazing human being", the company said. "Those of us who have been fortunate enough to know and work with Steve have lost a dear friend and inspiring mentor. Steve leaves behind a company that only he could have built, and his spirit will forever be the foundation of Apple".
According to the LA Times, Jobs was diagnosed in 2003 with pancreatic neuroendocrine cancer, which produces islet cell or neuroendocrine tumors. This form is usually less aggressive than pancreatic exocrine cancer and patients can live longer, with the average survival rate more than three years. Some people with the neuroendocrine form can live as long as 20 years. He had a liver transplant in 2009 and took an extended medical leave from Apple last January. Several forms of treatment are available.
Microsoft's Digital Crimes Unit has shut down a botnet that was investigated for hosting the MacDefender scareware that preyed on Mac OS X users.
The botnet, known as Kelihos or "Waledac 2.0," has been linked to spam messages, ID-theft attacks, pump-and-dump stock scams and websites promoting the sexual exploitation of children, according to Microsoft senior attorney Richard Domingues Boscovich.
The botnet contained about 41,000 computers worldwide and was capable of sending 3.8 billion spam e-mails per day.
For the first time since Microsoft's anti-cybercrime team started disabling botnets, the company moved to the U.S. court system and identified a defendant that allegedly owned the domain that controlled the botnet.
In the complaint, Microsoft names Dominique Alexander Piatti alongside dotFREE Group SRO and John Does 1-22 and said they owned domains and subdomains that were used to operate and control the Kelihos botnet.
Brothersoft is celebrating their 9th anniversary and they want to celebrate it with you. You have a chance to win a Brothersoft 9th Anniversary Limited Edition tshirt. Interested? Here's how you can enter to get a shirt.
1. Click the "Join" button and tweet the activity news.
2. Follow Brothersoft on Twitter
Then you will be considered for this giveaway. The Winners will be picked at random, so everyone will have the equal chance. Remember the rate of winning prize can reach 50%.
Brothersoft is one of the top download websites available on the Internet. They keep getting better and better.
Here's to another great year, Brothersoft. Looking forward to celebrating your 10th anniversary with you all!
Recently Support.com acquired SUPERAntiSpyware for a healthy sum of $8.5 million. The deal is expected to finalize by the end of the year. SUPERAntiSpyware is a free tool that is extremely useful when cleaning up a system. It’s offered in both paid and free versions, but for most the free product delivers as promised.
What many people don’t know is that SUPERAntiSpyware, headquartered in Eugene, Oregon, is developed and maintained by a staff of ten. Those ten people, including founder Nick Skrepetos, will join Support.com full-time once the $8.5 million dollar deal is complete.
What changes will this mean for the SUPERAntiSpyware software? That much is unclear at this point in time. It's rumored that the free version will remain as such, free for many to use. However, the pay version will be pushed heavily.
Malwarebytes has certainly been getting a lot of attention from other companies. In 2009, IOBit decided to take advantage of Malwarebytes definition files by implementing them into their own. Malwarebytes quickly caught wind of this and accused Chinese software firm IOBit so reverse engineering it's malware signatures. This of course brought about a lot of commotion and IOBit received a lot of negative press. Thankfully, they finally did the right thing and removed Malwarebytes definitions from their own definitions.
Recently, ChronoPay revealed to security researcher and journalist Brian Krebs that they've hired programmers to reverse engineer the free version of Malwarebytes in an attempt to create their own anti virus solution. Upon learning this to the researcher published screenshots from a ChronoPay internal system showing that they deal with distributing scareware, selling pirated music, running illegal online pharmacies and much more. When confronted about this, ChronoPay released an official statement denying any involvement in the distribution of scareware. "We assure both our customers and competitors that we have no involvement at all with scareware or malware and warn anyone attacking our company with likes and rumor that we will put the full weight of our company behind the appropriate legal response."
ChronoPay may be attempting to find a way of evading the Malwarebytes product since they deal with distributing scareware. Another possibility, is that they're interested in the code to use for one of their own products that they may release in the future. Either way, attempting to reverse engineer someone elses intellectual property without permission is never good news.
The update to the anti-malware engine will be starting with Microsoft Security Essentials and will also update security solutions such as: Forefront Client Security, Forefront Endpoint Protection, and Windows Intune Endpoint Protection.
The new engine version will be in the range of 1.1.700X.0. Aside from the change in the version number no other actual information has been revealed about what changes are being made. However, with the engine receiving an upgrade it is believed that the detection will improve. If this is anything like the last engine upgrade then it may be a little late.
Considering the recent studies have shown that the Microsoft Security Essentials is the most used security solution worldwide, many users will benefit from the engine upgrade. Those studies have shown estimates that over 10.6% of users are running Microsoft Security Essentials. More people are using Microsoft Security Essentials than other free and pay anti-virus solutions. While this may be surprising to some, I definitely must say, "Well done, Microsoft."
By now many of you have heard of LulzSec. You may have heard of their recent activities such as launching DDoS attacks against gaming sites to hacking into government affiliated web sites. They have also been using Twitter to talk about what they’re doing along with cracking a few jokes.
Recently, the group obtained a long list of e-mail addresses and approximately 62,000 passwords. Of these, some of the most common passwords were really to be expected. Some of those common passwords include “123456”, “11111”, “0000”, “1234” and of course “password”.
This should be a good reminder to many people to make sure that they use complex passwords. It’s very helpful to make sure you’re using a strong password while surfing the Internet. This way hackers will not be able to break into your account as easily if you’re using a strong password. If you’re concerned about losing your passwords you may want to try a program called KeePass. For those of you that are wondering KeePass is an open source password manager that stores your passwords in a highly encrypted data base I can only be unlocked with one master password or key.