Mailing List Archive: ClamAV: win32

CBS distributes malware with ClamAV

Index | Next | Previous | View Threaded

dvd.s.prc at gmail

Feb 9, 2012, 8:27 AM

Post #1 of 3 (685 views)
Permalink

CBS distributes malware with ClamAV

One of the project heads might want to get on this:

The CBS site Download.com is distributing its malware with their
ClamAV downloads.[1]
Luckily ClamAV will catch this if already installed. This does nothing
to assist new users wishing to gain initial protection though. It
appears to be one of the only top AV products distributed on Cnet with
the malware installer bundled in as well.

Gonna make ClamAV look very bad after a user installs it and finds
their system hosed with this crap. Given the nature of ClamAV, they've
certainly steeped to a new low with this one. Talk about brazen!

This is already a well known problem with other security tools.[2][3][4]

[1] http://download.cnet.com/windows/sourcefire/3260-20_4-10091988.html
[2] http://insecure.org/news/download-com-fiasco.html
[3] http://seclists.org/nmap-hackers/2011/5
[4] http://seclists.org/nmap-hackers/2011/6

--
David Pierce
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

ja at conviator

Feb 10, 2012, 2:52 AM

Post #2 of 3 (644 views)
Permalink

Re: CBS distributes malware with ClamAV [In reply to]

sorry if im understanding this wrong but it seams you are saying a new install might be infected, correct? How can I know if I installed a version thats infected? By installing an other scanner and scanning or?

-----Original Message-----
From: clamav-win32-bounces [at] lists [mailto:clamav-win32-bounces [at] lists] On Behalf Of David Pierce
Sent: 9. februar 2012 17:28
To: clamav-win32 [at] lists
Subject: [clamav-win32] CBS distributes malware with ClamAV

One of the project heads might want to get on this:

The CBS site Download.com is distributing its malware with their ClamAV downloads.[1] Luckily ClamAV will catch this if already installed. This does nothing to assist new users wishing to gain initial protection though. It appears to be one of the only top AV products distributed on Cnet with the malware installer bundled in as well.

Gonna make ClamAV look very bad after a user installs it and finds their system hosed with this crap. Given the nature of ClamAV, they've certainly steeped to a new low with this one. Talk about brazen!

This is already a well known problem with other security tools.[2][3][4]

[1] http://download.cnet.com/windows/sourcefire/3260-20_4-10091988.html
[2] http://insecure.org/news/download-com-fiasco.html
[3] http://seclists.org/nmap-hackers/2011/5
[4] http://seclists.org/nmap-hackers/2011/6

--
David Pierce
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

dvd.s.prc at gmail

Feb 10, 2012, 7:43 PM

Post #3 of 3 (646 views)
Permalink

Re: CBS distributes malware with ClamAV [In reply to]

The ClamAV binaries themselves _have not_ been altered. What Cnet is doing is,
requiring Windows users to run Cnet's own separate, proprietary and trojanned
installer. That trojanned installation program will in turn, download
the standard and legitimate Immunet installers by itself. It is akin
to a trojanned download manager.

Please read Fyodor's writeups on seclists and insecure.org for
additional information.

If you downloaded from Cnet's Download.com, you can upload the suspect
binary to VirusTotal to check that your installer has not been
trojanned, or scan it directly with ClamAV which has the Cnet trojan
in its database.

To be safe in the future, DO NOT obtain files from Download.com.
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads