Warning: Download.com (CNET Downloads) A cesspool for privacy invading malware and rogue software

Download.com Malware

I have a lot of experience removing rogue software from download.com that is reported by our visitors and have shared many emails on a variety of subjects with employees of the CNET website (CBS). Having said this, I have been aware for years that malware, mostly in form browser hijackers and rogue software CAN exist on the publicly accessible website (See RegGenie), but it seems more malware is being distributed on download.com today than ever, labeling the website a cesspool for privacy invading malware.

This past year (2012), more amounts of visitors are leaving comments and sending messages about software they have downloaded from download.com (download.cnet.com) containing privacy invading malware without their consent, categorized as adware, browser hijackers, and more such as Funmoods (see comments).

One reader claims that they downloaded the legitimate Anti-malware software Malwarebytes from download.com, and months later they became infected with a browser hijacker. This reader states “The only download I’ve done in the last probably three months was downloading Malwarebytes from download.com. I had no problems before that, then suddenly had this Funmoods stuff and couldn’t figure out where it came from.”

Another reader says “I was installing an extension renamer called… EXTENSION RENAMER and this **** was packaged in with it AND DID NOT ASK or NOTIFY that it was being installed.”

Conclusion

After reaching out to CNET Downloads about these issues, and as mentioned before having numerous discussions with CNET employees concerning the removal of malicious downloads, it can only be concluded that Download.com is not safe to download software from. Even legitimate software downloads including Malwarebytes are compromised.

If you need to download software, avoid CNET download’s website download.cnet.com. It is highly recommended to analyze reviews about software you wish to download and download software from the manufacturer’s secure website or source. 

February 2013 Update

It’s now verified that CNET bundles malware with their downloads in order to monetize free products and services. To add more, CNET has been sued by numerous software manufacturers for bundling malware with installments of their distributed software, even without notifying the developers. This often causes victims of CNET malware to report the legitimate software they downloaded from the distributor as unethical.

Sean Doyle

Sean Doyle is an engineer from Los Angeles, California. Sean's primary focuses include Cyber Security, Web Spam, and Online Marketing.