List: dmca-discuss
Subject: Re: [DMCA_discuss] Popular file-share utilities contain Trojans
From: "Terry Austin" <taustin () hyperbooks ! com>
Date: 2001-01-03 16:15:49
[Download RAW message or body]
Fairly typical for a Register technical story: Horseshit.
Perhaps there have been versions of this software that
have included this spyware. Perhaps even the current
version. But certainly not all versions. A point that is
not mentioned.
And a real news organization does not insert editorial
comments (like the last paragraph) in their news stories.
----- Original Message -----
From: "Jei" <jei@cc.hut.fi>
To: <eurorights@eurorights.org>
Cc: <politech@politechbot.com>; "InfoSec News" <isn@c4i.org>;
<dmca_discuss@lists.microshaft.org>
Sent: Thursday, January 03, 2002 5:30 AM
Subject: [DMCA_discuss] Popular file-share utilities contain Trojans
http://www.theregister.co.uk/content/4/23532.html
Popular file-share utilities contain Trojans
By Thomas C Greene in Washington
Posted: 03/01/2002 at 08:26 GMT
Popular file-sharing software from Grokster and the Limewire Gnutella
Client contain the W32.DlDer Trojan, Symantec revealed last week.
According to several Reg readers, the KaZaA utility also contains the same
infection.
The Trojan here is a spyware application masquerading as a lottery game
called ClickTilUWin. When installing the Grokster or Limewire software,
and some versions of KaZaA, the user is given an option to enable the
ClickTilUWin feature. Regardless of whether one accepts or declines, the
Trojan is installed.
Grokster has offered an explanation of this embarrassing oversight on its
Web site:
"Some of you may be wondering why this Trojan was in our installer at
all," the company speculates wisely.
"We sometimes bundle advertiser applications with our installer in order
to help pay for our costs here at Grokster. We are normally given an
installer from the advertiser which we run during the installation of
Grokster. We have no access to the source code of these third-party
installers and so we rely on what our advertisers say these programs do.
To the best of our knowledge, this particular advertiser simply placed a
link to a free online lottery on the desktop. We were never informed that
it installed or was a Trojan."
The company has released a utility which it says will remove the Trojan,
and promises to have a clean version of its software available in a matter
of days.
Those who prefer to see to their own Trojan removal need only search for a
hidden directory under their \Windows directory called \Explorer. Simply
delete the \Windows\Explorer directory, along with the companion file
Dlder.exe in the \Windows directory.
The Trojan is not destructive, but does phone home to the ClickTilUWin Web
site with user data which, presumably, is used for marketing purposes, or
is perhaps forwarded to RIAA headquarters to assemble a database of
copyright scofflaws.
We don't know which; but we do know better than to install software we
know nothing about. ®
Related Stories
Recording industry exploits WTC tragedy to hack you
Recording industry 'copyright DoS attack' rumored
_______________________________________________
------------------------
http://www.anti-dmca.org
------------------------
DMCA_discuss mailing list
DMCA_discuss@lists.microshaft.org
http://lists.microshaft.org/mailman/listinfo/dmca_discuss
_______________________________________________
------------------------
http://www.anti-dmca.org
------------------------
DMCA_discuss mailing list
DMCA_discuss@lists.microshaft.org
http://lists.microshaft.org/mailman/listinfo/dmca_discuss
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic