As the "malware" is only downloaded after you installed a download manager, I doubt the Cnet website will get marked as the distributor.
I believe it goes like this:
- User clicks on link to download software
- User is being asked to install Cnet download manager
- Download manager downloads more software, including the crapware
Because the actual download does not happen on the Cnet site, it does not gets marked as a distributor.
I can be wrong though, this is just my hypothesis of what is happening.
I clicked the 'Download' link for my application and I received an exe for something else with my application name in the file name. So if a user asks to download my application they receive a confusingly-similar one instead and have no choice but to run it to find out what it does.
I believe it goes like this: - User clicks on link to download software - User is being asked to install Cnet download manager - Download manager downloads more software, including the crapware
Because the actual download does not happen on the Cnet site, it does not gets marked as a distributor.
I can be wrong though, this is just my hypothesis of what is happening.