Should KaZaA users beware?
November 8, 2001 10:46 PM   Subscribe

Should KaZaA users beware? Has anyone else using KaZaA media desktop been invaded with viruses? Students at the high school where I work have downloaded KaZaA on every PC that they could, and I've been going around deleting it as fast as I could, because of the pr0n files they were downloading along with the mp3's. Now we've come under siege by viruses, mostly nimda and loveletter, and they all came attached to files downloaded via KaZaA. It has made for a frantic couple of weeks at work, I can tell you. It seems that not only other parasite spyware programs, but also viruses are piggybacking on the service.
posted by Lynsey (14 comments total)
The viruses are spreading because most people don't know any better. They don't really know the difference between .mp3 and .mp3.vbs.

Unfortunately, I know this first hand.

I had a virus infection just two days ago on my desktop -- my younger sister got it inadvertently infected. And while I do think that P2P programs should some built-in filtering of possible viruses (I know that Morpheus/Kazaa has a filter for it... but the version I had defaulted to it being off?) - I don't blame the software for spreading the viruses. If I did that, then no way in hell would I be using Outlook.
posted by mkn at 11:01 PM on November 8, 2001

i used kazaa for about 2 months here at UGA untill the university had to shut down the kazaa/music city port because it was clogging the bandwith so much (i use gnucleas now). and, with only downloading mp3's, i never did have problems w/ viruses (though i have found .avi files now that don't play anything and redirect you to a web site). What really does annoy me, though, is the spyware. Drove me nuts when ZoneAlarm randomly found ezula always trying to access the Internet. I didn't even know it had installed all those other programs...arg. Also, Lynsey, have you thought of closing off the ports to file-sharing programs at school like they did here (i don't know if you need those ports for the network, or what though), or as they had a my HS, you had to log on w/ a user name (your school ID), and unless you really knew what you were doing, it was very difficult to install anything.
posted by jmd82 at 11:02 PM on November 8, 2001

I recently installed Kazaa and soon after that, my mouse started acting up. Just moving the mouse around would randomly bring up menus or start programs. I suspected a virus, but the problem is actually their absurd unceremonious popups at Kazaa. Sometimes the popup is configured improperly and causes the mouse to go all screwy. I grabbed the PopUp Stopper at PanicWare and the problem went away. Unless someone's changed the laws of reality on me while I stepped out for a beer and some live tunes, only if they actually download exe files from other Kazaa users can there be a virus problem. Mpegs can't contain viruses. Perhaps a sufficient hacker can somehow use Kazaa to force an exe on your computer remotely, but that's speculation. There's no evidence.

Other programs get installed with Kazaa, and unless they're careful (and I doubt these kids are being careful. They're probably saying yes to everything including the purple gorilla Bonzai Buddy piece of crap), these programs will act on a server almost as if they're viruses. Some of these programs cause problems with firewalls and do stuff in the background which would bring up alerts on the server. They're not viruses, but they're almost as annoying.

Still, if students are downloading Kazaa on high school computers without permission, there should be disciplinary action, but only if they can get caught which is doubtful. I know there's ways to restrict the kids from downloading programs off the Internet, but there's also ways around the restrictions. Some of those kids are probably smarter with the computer than you are and know how to work around anything you throw at them. A few years after they graduate you'll probably be calling them your boss. Disturbing, I know. Changing the sysadmin passwords on the server more often might help, but then the faculty will get on your case unless you tell them the password, and guess where your security leak is? Some teacher is telling the students what the admin password is, I'd bet a pack of cigs on it.

Worst case scenario, if the faculty isn't giving you proper authority to stop it, make hardcopy backups of the most important information daily, and then LET the system get infected by viruses and crash, to the point where it ticks off the faculty. THEN let them sweat a day before you tell them about the backups. That should get their attention.
posted by ZachsMind at 11:20 PM on November 8, 2001

I was using Kazaa for a little while, mostly downloading mp3s and never had a problem. Then I thought of a couple of programs that I wanted and looked to see if they were being shared. Sure enough, they were out there, and sure enough, that's when I got infected.

It's true that a lot of people out there aren't aware of what the extension .vbs can possibly mean to their system after downloading it, and still some people never look to check the extension at all, but you aren't always going to find an errant extension on the files you download, so using that as a way to check for a virus is useless.

And yeah, Nimda and Loveletter were exactly what I had. It's not a big deal on one single machine. If you've got a network that you'r trying to look after, Lynsey, with this kind of activity, then I feel for you.
posted by lizardboy at 3:10 AM on November 9, 2001

Kazaa and Morpheus are not the problem here. They're just another conduit for viruses to get into your computer.

Use of up to date anti-virus software will keep you safe most of the time.

Saying that I had a scary experience last week when my work PC became infected with a trojan via a script on a web page - Norton spotted it but didn't prevent it installing. A quick search revealed that my PC was susceptible because I'm running W2K with Service Pack 1 and not SP 2 (there's a good reason for this I'm assured..).

What freaked me out was that this webpage was able to install an .exe and a bunch of other stuff on my machine without my knowledge. If Norton hadn't been running I'd have had no idea that it had happened. And even then, Norton was unable to detect/remove it, once it had installed and I had to get rid of manually.
posted by jiroczech at 3:11 AM on November 9, 2001

Installed an exe from a web site? You MUST have agreed to it at some point. Otherwise it's highly unlikely.
posted by travis vocino at 5:00 AM on November 9, 2001

Actually, you don't have to "agree".
The web page could pop up a dialogue box that says "Yes" "No".
Click the "No" and it really means yes.
I've seen it happen and I've had it install an .exe on my computer before. Thankfully, I noticed it right away and no harm was done.
posted by Grum at 5:45 AM on November 9, 2001

It's the RIAA's new tactics.
posted by dlewis at 6:29 AM on November 9, 2001

travis, basically the 'virus' was an exploit of a bug in Microsoft's Virtual Machine, that in their own words, could "enable the malicious web site operator to take any desired action on the user’s machine". More info here.
As far as I can remember I didn't agree to anything - I'm usually pretty careful about stuff like that.
posted by jiroczech at 7:24 AM on November 9, 2001

Sounds like you need a firewall, updated security patches, updated virus software, and most of your troubles will go away.
posted by skallas at 12:17 PM on November 9, 2001

when i first ran into Kazaa i thought "wow, simple interface, stable app, huge user base-- sounds great!" then those ads started popping up out of nowhere, and today, nimba. maybe stealing music and software isn't as easy as i thought.
posted by gwint at 1:00 PM on November 9, 2001

I started using Kazaa a while back, but after the surreptitious installation of Gator and other pains in the ass the prog cause me, I concluded that it was a virus itself.
posted by adampsyche at 1:04 PM on November 9, 2001

Well if I hadn't used Kazaa, I would never have found the mp3s of the Buffy Musical episode. They're horridly pop but for some reason they warm my grinchy heart. I have no need for Kazaa any longer though so I'll be removing it soon. I too can't stand the popups it forces. Even with an anti-popup proggie, I can feel when a popup's being stopped. It lags me a couple seconds every time. Small inconvenience, but not worth having Kazaa on my machine. As for all the other crap it installs, I said no to everything and STILL got a shortcut to that obnoxious gorilla bonzai buddy thing.
posted by ZachsMind at 3:26 PM on November 9, 2001

"Students at the high school where I work have downloaded KaZaA on every PC that they could"

ummm, why dont you just lock down the machines so that the users can't install software?
posted by sawks at 4:07 PM on November 9, 2001

« Older Vintage American Terrorism   |   To concentrate chemicals in solution, just add... Newer »

This thread has been archived and is closed to new comments