Popular file-share utilities contain Trojans

[jeremiah]

Popular file-share utilities contain Trojans
By Thomas C Greene in Washington

Popular file-sharing software from Grokster and the Limewire Gnutella Client contain the W32.DlDer Trojan, Symantec revealed last week.

According to several Reg readers, the KaZaA utility also contains the same infection.

The Trojan here is a spyware application masquerading as a lottery game called ClickTilUWin. When installing the Grokster or Limewire software, and some versions of KaZaA, the user is given an option to enable the ClickTilUWin feature. Regardless of whether one accepts or declines, the Trojan is installed.

Grokster has offered an explanation of this embarrassing oversight on its Web site:

"Some of you may be wondering why this Trojan was in our installer at all," the company speculates wisely.

"We sometimes bundle advertiser applications with our installer in order to help pay for our costs here at Grokster. We are normally given an installer from the advertiser which we run during the installation of Grokster. We have no access to the source code of these third-party installers and so we rely on what our advertisers say these programs do. To the best of our knowledge, this particular advertiser simply placed a link to a free online lottery on the desktop. We were never informed that it installed or was a Trojan."

The company has released a utility which it says will remove the Trojan, and promises to have a clean version of its software available in a matter of days.

Those who prefer to see to their own Trojan removal need only search for a hidden directory under their Windows directory called Explorer. Simply delete the WindowsExplorer directory, along with the companion file Dlder.exe in the Windows directory.

The Trojan is not destructive, but does phone home to the ClickTilUWin Web site with user data which, presumably, is used for marketing purposes, or is perhaps forwarded to RIAA headquarters to assemble a database of copyright scofflaws.

We don’t know which; but we do know better than to install software we know nothing about.

Original source – http://www.theregister.co.uk/content/4/23532.html

BE CAREFUL KIDS! [img]images/smiles/icon_eek.gif[/img]

[Halfman]

Thank you very much, Jeremiah. As I saw the topic to this thread, I was thinking "RIAA, RIAA". It would certainly be no surprise to see teh RIAA stoop to creating a shell company to pull this off, if they did it. Hopefully, their latest round of losing battles with Congress over the Anti-Terrorism Bill would discourage this activity. However, it would seem to skirt the monetary damages part by forwarding the info to RIAA for litigation instead of property damage. Still seems like information theft.

[Mattman]

I’m not surprised at all. In fact, I’ve caught some of these programs trying to install spyware on my machine.

I recommend Lavasoft’s Ad-Aware to get rid of the garbage. Be sure to use it regularly. [img]images/smiles/icon_cool.gif[/img]

[jeremiah]

Clean Limewire – want limewire without the spyware? here is a clean recompiled version of the opensource swap program – http://www.geocities.com/burk017/

Also, those of you Morpheus users can kill the ads and pop-ups by following these steps.
1 – in IE, select tools then Internet Options
2 – select the security tab
3 – select restricted sites
4 – select the site button
5 – add http://ads.musiccity.com to the list
6 – enjoy add-free goodness [img]images/smiles/icon_smile.gif[/img]

[jeremiah]

looks like there is spyware a brewin’ in audiogalaxy too. <img>

>>> http://www.poenews.com/inhouse/vx2.htm

>>> http://www.wired.com/news/technology/0,1282,49960,00.html

I second Mattman – look into using products like Ad-Aware along with your file sharing proggies.!

<img>

[ 01-24-2002: Message edited by: jeremiah ]

[Author]

Posts