back to article McAfee outs malware dev firm with scores of Download.com installs

McAfee says a software company with more than 50,000 downloads on sites such as Download.com is distributing web browser hijacking and fraud malware. Researcher Santosh Revankar says Lavians Inc is pushing the Bing.vc browser redirect and home page hijacker which creates seeming problems that the company then attempts to fix …

  1. redpawn Silver badge

    Better Late than Never

    Time to put out the Great Chicago Fire too.

    This stuff has been burning computers for over a decade.

    1. waldo kitty
      Boffin

      Re: Better Late than Never

      This stuff has been burning computers for over a decade.

      Try over TWO decades...

  2. Pascal Monett Silver badge

    Interesting

    "Large software download sites are a hated web relic in infosec circles because security checks are often scanty, while bundler installation programs make direct efforts to trick their users into installing unwanted apps that increase PC attack surfaces."

    Maybe they should have a word with CNet as well, eh ? I hate download wrappers. All of them.

    1. cmannett85

      Re: Interesting

      And that streaming pile of crap SourceForge.

    2. Charles 9 Silver badge

      Re: Interesting

      Download.com IS a CNET site. IIRC the whole works is owned by CBS Interactive.

  3. adam payne

    For me any download wrapper = no download.

  4. Anonymous Coward
    Anonymous Coward

    This happens a fair few times with small software companies who fail to realise their dream that their software is either not liked or wanted as they had hoped, so a few (with no morels) in an effort to make some extra cash decide to screw over any real potential customers/users by packaging it with as much kick back malware as possible.

    There is a great video (although a bit old) that covers the business models of such operations here for anyone that has time to watch:

    https://www.youtube.com/watch?v=k2mdUcOXW6I

    1. earl grey
      Trollface

      with no morels

      So, you're out of mushrooms then?

    2. Alistair
      Joke

      Im sorry, I have plenty of mushrooms..

      I still don't download *anything* from CNET group.

  5. eriksolo

    lavians.com is with Bluehost

    But their IP is owned by Linode

    The other site sharing their IP is http://cheersc.com/ which sells "P2P movie player" and one called "Frozen Movie Player" which for $39.95 will play the movie "Frozen" online for "Free"

    I am wondering if malware could be embedded in that too? hmm.

  6. Anonymous Coward
    Anonymous Coward

    If you have to say it...

    From the website: "100% Safe Download Without Virus".

    It's like people who say "you can trust me" or adverts for food that say "Tastes Great!"

  7. MrDamage

    Irony

    Given that McAfee bundle their fraudware* with plenty of other "free" products.

    *Let's face it, their AV products work half as well as their competitors, and slow your system down to a crawl.

  8. Aodhhan

    A great training site

    download.com and others are fantastic sites for training reverse engineering. You can always find applications which have been screwed with and hand them out as assignments.

    Companies who allow their freeware applications to be downloaded from these sites are just asking for trouble. They'd serve the public better by hosting it on their own site, require registration/validation and ensure an MD5 hash is provided.

    1. Anonymous Coward
      Anonymous Coward

      Re: A great training site

      I got really high on that MD5 Hash stuff... I hear you can buy it legally in Amsterdam...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021