— Koka Sexton (@kokasexton) December 24, 2012
Yesterday I used the once-reliable Cnet to download software from their site. They suggested using their Cnet downloader, which I did. Just as I clicked Yes to download, I saw a tiny message saying it would install a search plugin called Wajam. It was too late to say No and besides there didn’t appear to be any option to do so. The installation of Wajam locked up Firefox after installing it on Explorer and Chrome. I deinstalled Wajam from Add / Remove programs.
Things then got much worse. After deinstalling Wajam, a message appeared when starting Chrome saying ‘Coupon Companion’ had been installed. I did not authorize that nor was their any mention of it. CNet forums have many complaints about this stealth install of malware which spews ads everywhere. The complaints have been ignored by Cnet for months.
Now for the truly scumbag part. After deinstalling Coupon Companion from Chrome, I checked Add / Remove Programs and found it needed to be deinstalled there too. During that deinstall it had a box checked saying it would install a DNS tool, which presumably would have jacked my DNS. That’s right, The Coupon Companion deinstall program was trying to install yet another piece of malware, something which has to be a new low in sleaze. Hey, fuck you Coupon Companion and fuck you Cnet.
Malwarebytes found two trojans after the attempted install of the DNS jacker on my computer. Microsoft Security Essentials found three more.
Files Detected: 2
C:\Users\bob\AppData\Local\Temp\DNS.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\bob\Local Settings\Temporary Internet Files\Content.IE5\BLB3IDIY\DNS.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Cnet used to be solid and reliable. However, based upon their slimy, unethical new behavior, I’ve deleted my Cnet iPhone app and will stop going to their website. I suggest you do the same. If you go to sleazy, unsafe areas you’ll probably catch something nasty.