CNET site hacked?

I have for years listed my software on the CNET download.com site. Today, when trying to test the DL of my most recent software, I get the “dangerous site” warning from both Firefox and Safari. Anyone else experiencing this?

Their URL is here http://download.cnet.com/ and everything is fine. But if you do https:/download.cnet.com/ then you get the warning. It’s normal.

Well, you can download Adobe Flash from there, so the warning is probably justified …

:wink:

Normal? No. Not by a longshot. Anyone who is hosting software on CNET really needs to pay attention to this. I tried again this morning with other SW titles, not my own. Go to download.CNET.com. Click on the DL button of ANY software title. After a few seconds, I had the following screens pop up from either Firefox and Safari as you can see.


I have a ticket into CNET support. Waiting to hear.

Sometimes this message gets triggered by an advert that is fed alongside the content you want to view.
By allowing adverts to be pushed into frames, many web sites have no control over the effect of some hyperlinks they expose.

The stuff that annoys me is the javascript(?) code that pops up nowadays with a message to say your mac is infected by a virus , please
But it disables everything so that the only way out is a force quit on the browser.
I wish I knew where these people lived…

So, Jeff, I guess what you are saying is that I have no control over this and my CNET downloads are just dead. I can’t imagine anyone continuing on with the DL after seeing those screens.

True.
If CNET cannot or will not act on this, its not your site…

I actually tried downloaded CCleaner 3 hours after your first post and did not have any problem. I just tried download Avast also no problem.

Then I realised your warning is for a different website: files.downloadnow.com, whereas your intended link is http://download.cnet.com.

Yes, Cho, you are correct. But the files.downloadnow.com is the one that clicking on a DL button goes to. Yes?

Ive just downloaded CCleaner from there and didnt see the message.
But at no time did I end up at files.downloadnow.com either…

hmmm? So it’s looking like its my Mac that has been hacked.

Your router? I do hope you keep it up to date too …

Especially as two browsers show the problem.

There’s some malware identification information here: http://www.thesafemac.com/arg-identification/

TheSafeMac used to be a reliable place, but it looks like it got bought by some other entity - so I no longer trust the automatic removal tool. However, the information there for manual identification and removal is still useful.

I check the whois for downloadnow.com and it belongs to cnet:
http://www.networksolutions.com/whois/results.jsp?domain=downloadnow.com

I manually go to files.downloadnow.com , downloadnow.com and I get just a
File not found."
on the browser.

For malware removal beyond what an antivirus will do, I rely upon Malwarebytes. Great on Windows. It is available for Mac also, but I have no idea how good it is on that platform. There is a free download to try the product before buying.

On Mac, I use Intego Internet Security.

I tried to explain that the security warning never happens when using http:// anyway.

I reproducibly get the warning in both Chrome and Safari when I do https://files.downloadnow.com/ or https://download.cnet.com

Now what is the exact URL you are using ? Not the domain, the entire URL, and in particular the first part of the address.

http://download.cnet.com/mac/

Looking at the screen you posted, it seems to be different from the regular message triggered by an invalid secure connection .

Usually, the message mentions something like :“You have asked Firefox to connect securely to download.cnet.com, but we can’t confirm that your connection is secure.”

But I spent some time in Google Images trying to find the same, until I found a review of Firefox 3 https://tidbits.com/article/9662 with the same kind of popup (same colors and style).

What is your version of Firefox ? MIne is 43.0.1.

to continue my answer…
I search for my software, click on its title and the resulting URL is http://download.cnet.com/QuizMaker-Pro/3001-2051_4-10813621.html?hlndr=1
On that page, I can 1) wait until the page times out and goes to another page --or–
click on the link which appears and says “Your download will begin in a moment. If it doesn’t, restart the download.” Doing so produces the malware warnings from both Firefox and Safari.

I still can’t understand why I’m the only one experiencing this.

43.0.4