Skip

File sharing apps may contain a trojan.
January 3, 2002 9:39 AM   Subscribe

File sharing apps may contain a trojan. It seems some versions of Grokster, Limewire and reportedly Kazaa contain a trojan called W32.DlDer Troja. Whilst I am aware that these apps often install scumware, this seems more serious.
posted by viama (25 comments total)

 
Wired News article on the same topic.
posted by pmurray63 at 10:13 AM on January 3, 2002


What an utterly arrogant end to an article; "we know better than to install software we know nothing about". What kind of fucking hack-writer would make such a moronic statement!?

Name one piece of software (which you have not, in any way, shape or form, worked on personally) that you can honestly say you know very much about! You can't! Because unless you have seen the source code, you're just going by what the creator / developer / publisher has said about it.

I'm sure that article was written by someone whose computer experience doesn't branch-out beyond playing Solitaire and sending e-mail to friends . (Or, possibly using an instant messenger when they're in a more daring frame of mind.) No one with any common sense would make such a stupid statement ... One would hope.
posted by Dark Messiah at 10:13 AM on January 3, 2002


you're not too happy about it then, Messiah?
posted by wibbler at 10:40 AM on January 3, 2002


Bastards... I'm getting sick of this stuff. Still, I'm pretty interested in what it does. The registry entries for clicktiluwin contained a URL for www.2001-007.com, and Symantec seemed to suggest it was sending User ID and IP addresses to this site.

DOMAIN CREATED : 2001-11-01 00:00:00
Registrant:
JohnCasey
John Casey (bgmny@mail.com)
702-664-3804
FAX: none
504 North 8th Street
Las Vegas, NV 89123
US
posted by dlewis at 11:25 AM on January 3, 2002


How is this more serious? It's just more spyware. The only difference I can see is that an antivirus company decided to call it a virus. All the other spyware apps out there are effectively trojans, too.
posted by whatnotever at 11:38 AM on January 3, 2002


The interesting thing is that their privacy statement pretty much admits all of this. Item number 18 is tons o' fun:
The uninstalling of the ClickTillUWin Game icon will eliminate access to the ClickTillUWin Game but will not eliminate the ability of ClickTillUWin to further communicate and identify user?s URLs and web-surfing habits.

If you know anybody who was caught up in this scam, you may want to encourage them to file a complaint on-line with the FTC. There are some good folks there (in the trenches), and this sounds like the sort of thing that may catch their attention.


posted by chipr at 11:48 AM on January 3, 2002


whatnotever - I'm not aware of any other spyware product that installs itself regardless of your preference. As far as I know, all others offer an opt-out during the install. 'Tho sometimes you need to squint really hard to see the teeny tiny checkbox to do so. I agree with your implication they are all scummy, but this is sinking to new depths.
posted by chipr at 11:51 AM on January 3, 2002


dakotapaul linked to this in the thread about the pay napster service.
as i said there, i'm still suspicious that the company "was unaware" that the advertiser included the trojan in their code. i think they should drop the advertiser, period.
posted by sixtwenty3dc at 12:13 PM on January 3, 2002


bastards! I even opted out!

Wish I didn't have to edit the reg to get rid of it - skeeves me out
posted by roboto at 12:16 PM on January 3, 2002


It's kind of funny that this thread currently appears adjacent to thread 13517...
posted by ParisParamus at 12:21 PM on January 3, 2002


Does anyone know if the open-source version of limewire has this? I had always assumed that since LimeWire was opensource it would be less likely to have spyware.

Otherwise, limewire is great, it is my number one choice for file sharing.
posted by phatboy at 1:47 PM on January 3, 2002


Look into AdAware if you get creeped out by this kind of commercial malware and you're not able or willing to go poking through the innards of your system environment to combat it.

I'd be surprised if this particular bit of software weren't detectable and removable with AdAware.

It's reprehensible that a company can surreptitiously install software like this without your consent to monitor and report your activities, but that if I as an individual were to do the same thing even on a far smaller scale, I would get a visit from a man with a dark suit, sunglasses, and an earbud. But bitching about special corporate protection from the law is a whole 'nother thread.
posted by majick at 2:11 PM on January 3, 2002


phatboy - Do you mean the download version on limewire.org as opposed to limewire.com? I believe the answer is, "No." The infection vector is thrid-party installers that are bundled with the commercial version. I'm running the Java client under Linux, and (I presume) it is free of spyware and trojans.
posted by chipr at 2:11 PM on January 3, 2002


chipr: Thanks, I'll try the limewire.org client. The funny thing is that I dropped BearShare because of its spyware.
posted by phatboy at 2:17 PM on January 3, 2002


Anyone here ever use NEOModis's Direct Connect? Any opinions/complaints?
posted by Nauip at 3:57 PM on January 3, 2002


bah, limewire doesn't even begin to satisfy my fansubbed anime needs.
posted by lotsofno at 4:16 PM on January 3, 2002


ah, posted too soon. doesn't satisfy my anime need, thus i have no use for it.. i'll stick to morpheus' popups.
posted by lotsofno at 4:33 PM on January 3, 2002


Morpheus has popups? I guess whatever ads it tries to serve up seem to be blocked by my copy of Proxomitron whenever IE is told to use it. And whatever that fails to catch, the JunkBuster proxy nails.

But then, I don't see advertisements in Kazaa, either, for the same reason and as well the Kazaa spyware is defanged with that AdAware I mentioned earlier. So I have my choice of FastTrack clients to choose from (which is good, because I've never had a successful Gnutella network download, even in the early early days, and both Freenet and MojoNation just plain suck from a usability standpoint).

Of course, I'm one of those nutbars who goes out of his way not to be advertised at, so maybe all these handy little utilities are of no use to anyone else. Do try them, though; I'm quite happy with both programs, and they're free.
posted by majick at 5:07 PM on January 3, 2002


phatboy - I suspect you may not want the open-source client on limeware.org. It's really intended as a programmer's library, with just a hacked command line interface on the front. If you like LimeWire, why not just pay the six bucks and get the ad-free client? Heck, I registered mine, and the Linux client doesn't even do ads.
posted by chipr at 5:53 PM on January 3, 2002


I use direct connect. It works pretty well, though there is a) no global search function, as it is organized by hubs, and b) you need to have files to trade them, because many hubs have share quotas
posted by Charmian at 6:08 PM on January 3, 2002


Messiah: Thomas C Greene happens to be quite a good "hack", imho, as a regular reader of theregister.

I think he was more getting at the developers including ClickTillUWin without knowing what it was, as opposed to the end user.
posted by robzster1977 at 8:56 PM on January 3, 2002


I accidently clicked on a vbs file I downloaded recently from Kazaa thinking it was an mp3 file. I was immediately in a battle for my computer with the LoveLetter@MM virus. I think I won. My computer's still operating. Thing is though, I don't think you can get a virus through programs like Kazaa unless you're exceptionally stupid. Like me. =) I mean you have to actually activate an executable that you download from the 'Net before it can infect the pooter.
posted by ZachsMind at 9:10 PM on January 3, 2002


Grokster has posted a utility to remove this, along with what seems a reasonable explanation.
posted by cedar at 8:17 AM on January 4, 2002


Messiah...the writer is from the Reg. and thus most likely knows what he's talking about a hell of a lot more than you do. Sure, it may've been a bit of a stupid comment but yours rates a close second in claiming that "I'm sure that article was written by someone whose computer experience doesn't branch-out beyond playing Solitaire and sending e-mail to friends."

Get a grip. If you don't know what you're talking about please shut the hell up.
posted by xochi at 10:40 AM on January 4, 2002


Hey ZachsMind,

For the virus included in Limewire, you don't have to do anything to lanuch it. In the installer, it adds a registry key to launch itself next time you reboot in:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
posted by smo at 11:59 AM on January 4, 2002


« Older Plot to undermine global pollution controls...   |   One Thousand Beards: A... Newer »


This thread has been archived and is closed to new comments



Post