RE: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmapwith malware!]
Maybe it's just me, but I would think that simply getting them listed on stopbadware.org and other similar sites would probably have much more of an effect. The bad publicity can cause them to change tactics, but it takes some time. I've seen much quicker results from blacklisting on Google and other search engines. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 F: 610-429-3222 -Original Message- From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] Sent: Tuesday, December 06, 2011 11:48 AM To: andrew.wallace Cc: fyo...@insecure.org; nanog@nanog.org Subject: Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmapwith malware!] On Mon, 05 Dec 2011 22:14:48 PST, andrew.wallace said: Using fruitful language and acting like a child isn't going to see you taken seriously. No, he *does* want fruitful language - one that produces results. I think you meant some other word instead. As far as acting like a child, I'm reasonably sure that if CNet was doing the same thing to the good name of your consulting company, you'd react similarly. - Forwarded message from Fyodor fyo...@insecure.org On the other hand, just being Fyodor is sufficient to get him taken seriously.
Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmapwith malware!]
http://krebsonsecurity.com/2011/12/download-com-bundling-toolbars-trojans/ Its already getting some press... He could always send them a Cease and Desist letter like Wireshark had to do -Kyle On Tue, Dec 6, 2011 at 9:00 AM, Eric Tykwinski eric-l...@truenet.comwrote: Maybe it's just me, but I would think that simply getting them listed on stopbadware.org and other similar sites would probably have much more of an effect. The bad publicity can cause them to change tactics, but it takes some time. I've seen much quicker results from blacklisting on Google and other search engines. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 F: 610-429-3222 -Original Message- From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] Sent: Tuesday, December 06, 2011 11:48 AM To: andrew.wallace Cc: fyo...@insecure.org; nanog@nanog.org Subject: Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmapwith malware!] On Mon, 05 Dec 2011 22:14:48 PST, andrew.wallace said: Using fruitful language and acting like a child isn't going to see you taken seriously. No, he *does* want fruitful language - one that produces results. I think you meant some other word instead. As far as acting like a child, I'm reasonably sure that if CNet was doing the same thing to the good name of your consulting company, you'd react similarly. - Forwarded message from Fyodor fyo...@insecure.org On the other hand, just being Fyodor is sufficient to get him taken seriously.
Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmapwith malware!]
On 12/6/11 12:00 PM, Eric Tykwinski wrote: Maybe it's just me, but I would think that simply getting them listed on stopbadware.org and other similar sites would probably have much more of an effect. The bad publicity can cause them to change tactics, but it takes some time. I've seen much quicker results from blacklisting on Google and other search engines. I've reported it as a malware site via Firefox. Have you? But the whole site should be scanned for other/similar malware, and blocked accordingly. Probably a harder problem, as it gives different downloads depending on browser and OS.
Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmapwith malware!]
On Dec 6, 2011, at 12:34 31PM, William Allen Simpson wrote: On 12/6/11 12:00 PM, Eric Tykwinski wrote: Maybe it's just me, but I would think that simply getting them listed on stopbadware.org and other similar sites would probably have much more of an effect. The bad publicity can cause them to change tactics, but it takes some time. I've seen much quicker results from blacklisting on Google and other search engines. I've reported it as a malware site via Firefox. Have you? But the whole site should be scanned for other/similar malware, and blocked accordingly. Probably a harder problem, as it gives different downloads depending on browser and OS. Per the Krebs on Security link that Kyle just posted (and beat me to it), the installer is already flagged as malware by a number of different scanners. --Steve Bellovin, https://www.cs.columbia.edu/~smb