CNet download.com includes trojans - say it ain't so!

CNet download.com is apparently packaging their own trojan along with legitimate software.

The story broke wide open when Nmap creator Fyodor discovered this was being done with his software (http://insecure.org/news/download-com-fiasco.html). Nmap is a free network discovery and security auditing tool, and is part of the toolkit used by many security professionals.

CNet's download.com site is a popular site for downloading free software. With CNet's choosing to insert a trojan along with the software installer users request, potentially millions of computer users could be exposed.

In this particular instance, when a user downloaded Nmap, CNet included their own installer, which would make changes to the user's default search engine and browser home page. Not only is this disingenuous at best, it violates the license under which Nmap is released. CNet has since removed their trojan code from the Nmap download, but it remains in effect on their site for other software packages, likely thousands of offerings.

Even if CNet, which is owned by CBS (yes, the broadcasting CBS) chooses to reverse course, it highlights an issue that many security professionals have been warning about for years. That is, how can you be certain that what you're downloading is really what you requested? This has been a common occurrence with illegal copies of copyrighted software, movies and music, whereby users illegally download them and also get a bonus piece of malware. Serves them right.

But it is troubling to see what up to now has been viewed as a standup company engaging in the same conduct as purveyors of malware. Hopefully CNet/CBS will realize the error of their ways, stop including trojan installers and clean up their act. Otherwise, the market needs to make the decision for them and let them wither on the vine.

Google Apps: The Next Big Thing?

I'm certainly not the first to tout the advantages of using Google Apps. It has already been around for a number of years in various forms and has only gotten better as Google continues to add features and functionality. There is a commercial version that will appeal to businesses and free versions for small-businesses, nonprofit organizations and even government agencies. I'm going to focus on the educational version.

There are even two flavors of this service available, one for the K-12 market and one for higher education, although the differences are negligible at this time. At the time of this writing, the educational version gets you the standard offerings: email and calendaring through Gmail, file collaboration through Google Docs (Google's version of word processing, spreadsheet and presentation software), and website hosting. So far, pretty standard fare.

The really neat thing about all of this is how Google enables them to work together. Once you understand the basics of how it all works, you could easily create an online form, tie it to a spreadsheet and embed the results in a web page. All of this is accomplished mostly through a point and click interface that takes much of the complexity of this form of web programming out of the equation. Google simplifies things greatly by using wizard-like components called gadgets. There are a number available right from the menu while you're working and access to a host of Google Gadgets is always just a couple of clicks away. Thanks to a vibrant community of gadget writers, it's a pretty good bet that a gadget exists to do virtually anything you'd want, from simple things like including clocks or calendars to embedding minigames, slideshows and newsfeeds. The fun doesn't end there, either.

Along with all of the above, Google offers access to Google Video. Google Video can be thought of as a YouTube-like video storage and streaming solution. Users can upload video content and leverage Google's search engine to find other clips. I tend to view the real value of this type of service offering as a means of sparing what is likely limited local network bandwidth, by allowing the video to be streamed over Google's high-speed network to the viewer.

Finally, let's not forget that you also gain access to using Google Earth, Google Maps, and Google Enterprise Search capabilities. Each of these can enhance the online learning experience, by offering richer related content for lessons or homework assignments.

That should be enough of an overview to give you ideas on how all of this could be used in and out of the classroom setting. Next time we'll look at some specific applications.

Frenemies: Malware at the Door

So I'm surfing through some rather interesting web pages, following up on some leisure research (i.e. freesearch - meaning you don't get paid to do it), when suddenly my screen is overwhelmed by a large window imploring me to protect myself from viruses and spyware RIGHT NOW! Great. Just what I need, driveby malware.


I carefully contain my gratitude at having an unknown entity offer to trample and romp all over my hard drive in search of itself. Instead, I play the game of carefully killing the suspect running processes and checking my workstation for any more sludge and damage.


Note: Don't actually try and close these things down using the window controls. That usually leads to a trap where no matter what you click on, you 'authorize' the super duper anti-whatever scanner to take over your system and perform its virtually useless, in some cases outright damaging, but always annoying 'cleaning' function.


I finish this pleasant little diversion in about five minutes and go back to my freesearch activities. A couple hours later I shut down the computer for the night and all is well. Or so I foolishly think.


The next evening, I fire up my trusty desktop and notice almost right away that something is wrong. It's taking nearly three minutes for the Windows desktop to appear and I'm getting strange 'no network connection' messages. I groan, thinking perhaps my cable connection is down again (I love my monopoly cable provider, honest), but no, my wife is happily surfing away via the wireless connection and a quick perusal of the modem and router reveals lots of happily blinking lights in all the right places.


After poking through the network connections and various other fun places in the control panel (note: Microsoft has posted some very helpful instructions on this process), I discover that winsock is misbehaving. Using msinfo32, I can see all sorts of oddball protocols with long, friendly numeric names like -001e495-tlm-58ghj. Um, not exactly what I was hoping to see. Seems that this is a common side effect of this type of malware attack - it just sort of muscles in and takes over the street corner. The result is ugly.


So I try Microsoft's recommendation of using the 'netsh winsock reset' command, perform the obligatory reboot, and still no joy. Take 2. I next fire up the registry editor and begin poking around, locate the obviously sick Winsock entries (there are two), delete them, reboot and the computer now boots up to the desktop quickly (or at least a lot less slowly). Still no network connection, but all I have left to do is reinstall tcp/ip, which takes all of a minute. One reboot later and all is well and working again. Not exactly how I intended to spend an hour, but all's well that ends well. Now back to those interesting web sites...

Tooling Around with NMap v5

Okay, I'll admit - I'm easily amused by the shiny and the new. Especially if it allows me to better poke and prod around in the musty, dusty corridors of networks. Better still if I can have some fun while doing it. NMap v5 appears to be all of those things for me. Released just today, I'm already enjoying the new features.

For those who don't know, NMap is a network scanning tool. It is used for (among other things) finding computers (or hosts), seeing what services they might be offering up to the rest of the world and generally finding out all sorts of potentially useful and interesting tidbits.

Among the many new features are two really nice utilities. The first is Ncat, a rewrite of the very useful Netcat tool. Netcat is known as the network Swiss Army Knife because of its versatility. Ncat seems to meet this standard and even improve upon it. It can act as a proxy, redirecting network traffic; be used to interact with or pretend to be services like web servers or telnet; can connect multiple computers together, using encrypted channels; and much, much more of interest to any network spelunker.

The second addition is the Ndiff utility. Ndiff makes it easy to compare multiple scan results and report any differences. Imagine running several scans of a network and trying to compare results to see what's changed. With just a few hosts, this isn't too difficult. Now try this for hundreds or even thousands of results. Ndiff simplifies the task by performing the grunt work for you and generates a list of changes in hosts, services, etc. Previously Ndiff existed as a separate Python program; now it is included as part of the NMap suite. Very nice.

I've also been tinkering with the latest version of ZenMap, a bundled Windows GUI for NMap. There are some nice eye candy features included, with the most interesting so far being the impoved network diagramming function. This offers a view of scan results by hostname, IP address, even service. Again, really interesting stuff if you're plumbing out a network.

This is just scratching the surface of what Nmap v5 offers. If you've used any previous version of NMap, don't hesitate - go get v5! If you've never used NMap before, but are wondering what all this network scanning fuss is, v5 makes it easy to get your feet wet. Highly recommended.