Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. win32
CBS distributes malware with ClamAV
dvd.s.prc at gmail
Feb 9, 2012, 8:27 AM
Post #1 of 3 (1915 views)
Permalink
One of the project heads might want to get on this:

The CBS site Download.com is distributing its malware with their
ClamAV downloads.[1]
Luckily ClamAV will catch this if already installed. This does nothing
to assist new users wishing to gain initial protection though. It
appears to be one of the only top AV products distributed on Cnet with
the malware installer bundled in as well.

Gonna make ClamAV look very bad after a user installs it and finds
their system hosed with this crap. Given the nature of ClamAV, they've
certainly steeped to a new low with this one. Talk about brazen!

This is already a well known problem with other security tools.[2][3][4]

[1] http://download.cnet.com/windows/sourcefire/3260-20_4-10091988.html
[2] http://insecure.org/news/download-com-fiasco.html
[3] http://seclists.org/nmap-hackers/2011/5
[4] http://seclists.org/nmap-hackers/2011/6

--
David Pierce
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
Re: CBS distributes malware with ClamAV [ In reply to ]
ja at conviator
Feb 10, 2012, 2:52 AM
Post #2 of 3 (1834 views)
Permalink
sorry if im understanding this wrong but it seams you are saying a new install might be infected, correct? How can I know if I installed a version thats infected? By installing an other scanner and scanning or?


-----Original Message-----
From: clamav-win32-bounces@lists.clamav.net [mailto:clamav-win32-bounces@lists.clamav.net] On Behalf Of David Pierce
Sent: 9. februar 2012 17:28
To: clamav-win32@lists.clamav.net
Subject: [clamav-win32] CBS distributes malware with ClamAV

One of the project heads might want to get on this:

The CBS site Download.com is distributing its malware with their ClamAV downloads.[1] Luckily ClamAV will catch this if already installed. This does nothing to assist new users wishing to gain initial protection though. It appears to be one of the only top AV products distributed on Cnet with the malware installer bundled in as well.

Gonna make ClamAV look very bad after a user installs it and finds their system hosed with this crap. Given the nature of ClamAV, they've certainly steeped to a new low with this one. Talk about brazen!

This is already a well known problem with other security tools.[2][3][4]

[1] http://download.cnet.com/windows/sourcefire/3260-20_4-10091988.html
[2] http://insecure.org/news/download-com-fiasco.html
[3] http://seclists.org/nmap-hackers/2011/5
[4] http://seclists.org/nmap-hackers/2011/6

--
David Pierce
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
Re: CBS distributes malware with ClamAV [ In reply to ]
dvd.s.prc at gmail
Feb 10, 2012, 7:43 PM
Post #3 of 3 (1844 views)
Permalink
The ClamAV binaries themselves _have not_ been altered. What Cnet is doing is,
requiring Windows users to run Cnet's own separate, proprietary and trojanned
installer. That trojanned installation program will in turn, download
the standard and legitimate Immunet installers by itself. It is akin
to a trojanned download manager.

Please read Fyodor's writeups on seclists and insecure.org for
additional information.

If you downloaded from Cnet's Download.com, you can upload the suspect
binary to VirusTotal to check that your installer has not been
trojanned, or scan it directly with ClamAV which has the Cnet trojan
in its database.

To be safe in the future, DO NOT obtain files from Download.com.
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal