[147260] in North American Network Operators' Group
Re: [fyodor@insecure.org: C|Net Download.Com is now bundling Nmapwith
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Tue Dec 6 13:12:04 2011
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <4EDE5227.7030409@gmail.com>
Date: Tue, 6 Dec 2011 13:09:57 -0500
To: William Allen Simpson <william.allen.simpson@gmail.com>
Cc: fyodor@insecure.org, nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 6, 2011, at 12:34 31PM, William Allen Simpson wrote:
> On 12/6/11 12:00 PM, Eric Tykwinski wrote:
>> Maybe it's just me, but I would think that simply getting them listed =
on
>> stopbadware.org and other similar sites would probably have much more =
of an
>> effect.
>> The bad publicity can cause them to change tactics, but it takes some =
time.
>> I've seen much quicker results from blacklisting on Google and other =
search
>> engines.
>>=20
> I've reported it as a malware site via Firefox. Have you?
>=20
> But the whole site should be scanned for other/similar malware, and =
blocked
> accordingly. Probably a harder problem, as it gives different =
downloads
> depending on browser and OS.
>=20
>=20
Per the Krebs on Security link that Kyle just posted (and beat me to =
it),
the installer is already flagged as malware by a number of different =
scanners.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
