There have been confirmed reports that a number of Audiogalaxy
installers have been infected with the Nimda virus, according
to users who recently downloaded the program. Besides spreading
through infected e-mail attachments, Nimda can be spread through
a flaw in the Internet Explorer browser as well as through open
file sharing networks. Nimda is a self replicating virus and
attempts to infect executable files on the victim's computer.
It is unclear as to how the Nimda virus was added to the Audiogalaxy
installers.
Nimda is a “very sophisticated” virus that has attack
propagation techniques similar to previous viruses like Melissa,
Love Letter, and Code Red. Nimda can infect not only Web servers
but also Internet users running any version of Windows. Nimda
copies itself to all HTML files on an infected system. Even
systems that have applied the proper security patch can be re-infected
by users visiting the site with certain vulnerable versions
of the Internet Explorer browser. The virus can actually worm
its way into Web sites running Java pages, which means users
can catch the bug simply by visiting Internet sites that are
already infected and is causing widespread Internet congestion.
The Gnutella Network is fertile ground for computer viruses.
In February 2001, the Mandragore worm infected the Gnutella
network and was spread to connected computers. Morpheus and
iMesh. Like Gnutella, Morpheus and iMesh create unnecessary
traffic on your company's network and compromise network security.
In addition, a malicious spyware trojan has been found within
a number of
Gnutella peer to peer
file sharing programs including Limewire, Bearshare, Kazaa and
and Grokster and there is reason to believe that it could be
included in IMesh, Audiogalaxy and Morpheus as well.
McAfee offers an online virus scan: Scan your PC for viruses now!
The spyware trojan is part of a third party advertising software
that was bundled within a number of file sharing programs by
Cydoor.
One of the add-on programs incorporated in Cydoor's bundle is
called "ClickTillUWin" which secretly included this
back door trojan in it's portion of the installation process.
After installation this two part trojan downloads an additional
file called explorer.exe and creates a startup key.
It has been reported that this trojan was installed on users
computers even when the user specifically denied permission
for the add-on programs to be installed and there have been
a number of reports that it can change the users firewall settings
to allow it to have access to the internet without permission.
Although it is registering as a virus by many newer anti-virus
programs this trojan's capabilities give it similar functions
to spyware and has been found to transmit the users IP address
and assigns the users computer a GUID.
It is unclear of exactly how many of the peer to peer programs
have been effected with this trojan however it has been confirmed
in Limewire, Grokster and Kazaa. When confronted with this problem
Limewire stated that they have no access to the source code
of the third party installers which are included in their software
and they rely on what the advertisers say regarding what these
programs do.
Although Limewire did take steps to remove "ClickTillUWin"
installation components in it's newer version, it was included
with Limewire 2.0.2 and these users have not been notified of
the problem. Limewire states that they do not maintain email
addresses and are therefore unable to contact users about this
new development. Grokster, another file swapping program which
was also effected took steps to address the problem and developed
a program which they state will remove the trojan from users
computers (http://www.grokster.com/files/trojan-remove.exe).
Neither Kazaa or BearShare have replied to requests for information
and as of this writing "ClickTillUWin" is still included
in Kazaa's Media Desktop and BearShare installers.
Spyware/Adware Concerns
Peer-to-peer file sharing programs, like Morpheus or KaZaA
can open up sections of users computers the users would never
share knowingly. Users sometimes unwittingly share their entire
hard drives, everything they have -- their email, the web pages
they’ve surfed, and the documents you've written. Depending
on the permissions & settings selected they can unknowingly
share everything a thief would need to steal an identity, all
available because of a supposedly fun file-sharing program downloaded
on their computer. This was excerpted from an ABC Action News
report 02/15/06
http://www.abcactionnews.com/stories/2006/02/060215p2p.shtml
Unfortunately programs like Go!Zilla and LimeWire, iMesh, Kazza
along with most file-sharing apps, also install several adware
applications to finance their development including TopText
and Gator, Cydoor, and BonziBuddy.
It is important to note that although the Gnutella network
makes claims that their network is completely anonymous, this
is not true for the third party adware that they get financial
support from. Many work in conjunction with a number of spyware
ad servers programs such as:
eZula's TopText,
Gator,
SaveNow,
VX2 - Transponder,
FlashTrack,
WebHancer,
Onflow,
Radiate/Aureate,
Conducent/Timesink,
Bonzi Buddy,
Cydoor and
Web3000, just to
name a few. These ad on programs do a lot more that serve up
pop-up ads. Many of these programs monitor and transmit information
regarding your keystroke activities, search engine queries,
and data you input into on-line form fields. This information
can at times include personal and private information about
you.
Morpheus now claims that they have updated their software and
that the new version is now free of spyware, saying that they
don't want the privacy of their users being violated. However,
although they did remove some of the "spyware" programs
they continue to install WurldMedia, which is a browser helper
object (BHO) plugin which keeps track of surfers through a GUID
and also has the ablility to manipulate the affilate strings
on other web sites so that they can "steal" the affliate
earnings from those sites.
For more information on new developments regarding KaZaa see
our article:
Concerns about KaZaa Media Desktop
| **
Spyware & Adware Test Scan **
If you are viewing this site with Internet
Explorer and see an alert displayed here then it is an indication
that your computer is infected with one or more spyware
programs that we can scan for. If you do not see any alert
displayed in the center of this notice then our scan did
not detect any of the 122 spyware programs we can scan for,
however, there are still many other programs out there that
we can not yet scan for.
Please note: Currently
we can scan for a 122 distinct spyware programs that can
effect PC users and the alert will only be display if a
specific targeted program is identified. Unfortunately,
we are limited to finding only certain types of spyware
and there are many other forms of spyware and adware that
we can not currently test for.
In addition, our test scan does not
work well with NetScape or other browsers, if you suspect
that you might have spyware on your computer please feel
free to check this page while using Internet Explorer.
Also, if you have a Personal FireWall installed it may
interfere with our ability to scan your computer for Parasite
Adware and Spyware. |
Security Risks
These file sharing "peer to peer" file exchange programs
pose a number of security risks, which was demonstrated by the
"Gnutella Worm". In fact, the embedded code within
the "Gnutella worm" specifically contained a warning
from the author that he could have used the worm to gather names,
email address and additional information and files on demand
from the infected computers. The Gnutella network allow almost
open access to each other's computers without any way of verifying
each other's identities or intentions. This can lead to malicious
hacking behavior and can allow for the spread of viruses from
user to user.
Security experts have warned that these types of unrestricted
file swapping programs can pose significant security risks for
the users. Recent security news reports have indicated they
uncovered security flaws within the file swapping program Morpheus
which has allowed access to thousands of files, including business-related
spreadsheets, password files, correspondence, browser cookies,
photographs and other private data. Reports indicated that access
was made to both corporate and personal computers.
A Gnutella servent can share any local files the user makes
available--including any network files to which the user has
rights. In addition, the Gnutella protocol specification can
bypass firewalls that are set up to block file downloads. For
example, users inside a company can configure the Gnutella application
to use ports that are allowed through the firewall, such as
port 80 (HTTP), 443 (HTTPS), 23 (Telnet), 25 (SMTP), or 110
(POP3).
Limit Your Peer-to-Peer applications
Turn off Peer-to-peer networking applications (such as Lime
Wire, iMesh, Morpheus, KaZaA) when not in use. These applications
by default share certain directories and run as resident services.
When you close the main window an icon remains on the taskbar
and the program is still sharing files. This can lead to a large
volume of traffic without the knowledge or consent of the user.
The best way to avoid this problem is to disable sharing altogether.
The Gnutella clients also act as network nodes even when sharing
is disabled. This means that the application monitors and routes
requests and searches which can generate a large amount of traffic.
The best way to avoid unexpected traffic from these applications
is to turn the application off completely.
By using the Gnutella network you are making youself more vulnerable
to hackers than is usual when connecting to the internet. Firstly
you are probably staying online for long periods of time to
download your favourite tracks, giving hackers more opportunity
to hack into your machine (which could lead to damage or stolen
personal information). Secondly you are publishing your IP address
to the Gnutella network.
Bandwidth Overhead
Gnutella hosts, which are called servents, establish a TCP
connection with each of the other servents on the Gnutella network.
After the connection is made, the other Gnutella servents send
their list of searches throughout the Gnutella network. This
traffic can run between 4,500 and 5,300 bytes per second. This
is why a great many hosting companies limit or restrict the
storing of MP3 files.
Parents
Another great concern with File swapping programs is that they
can bypass most web filtering programs which are primarilly
designed to filter the content of web sites. Since these file
sharing programs do not access web pages most filtering programs
are useless in limiting the type of files that can be accessed.
When tested in July, only Internet Guard Dog, Norton Internet
Security 2001 and Cyber Sitter could be adjusted to prevent
file sharing. Currently, none of the popular file sharing programs
screen for users ages and there are numerous reports of pornography
being downloaded by children while they are searching for games
and music. This includes a great deal of hard core pornographic
materials and vidios.
Unfortunatly, pornographic seems to be here to stay since attempts
to restrict online pornography have been repeatedly found unconstitutional.
and the Supreme court struck down the Communications Decency
Act in 1997 which attempted to make it illegal to distribute
pornography on the internet.
See our related editorial Children's Online File Swapping
Often Yields Porn and for informantion about programs that
can generate porn and porn popups please see our section Harassed
by Unwanted Porn?
There are a number of filtering products on the internet. Many
of the most popular parental-control filtering products, including
Net Nanny, Cyber Patrol and Cyber Snoop, are designed to target
sex-related Web sites and are not effective in blocking access
to pornography on peer-to-peer software programs, the report
found. America Online's parental controls worked only on dial-up
connections, not on high-speed connections such cable or a DSL
line.
Of the seven filtering products tested, only Internet Guard
Dog automatically blocked access to pornographic files, though
access to music files also was prevented, the report found.
Two others, Cyber Sitter and Norton Internet Security 2001, also could
be adjusted by parents to prevent file sharing. None could be
set up to block file sharing only of pornography. (McAfee's
Internet Guard Dog has been discontinued as a product on its
own. McAfee now sells a product called Internet
Security which has Internet Guard Dog as part of the package.)
Bono Introduces Spyware Legislation
July 30, 2003
By Roy Mark
U.S. Rep. Mary Bono (R.-Calif.) has introduced legislation requiring
companies using "spyware" to inform computer users
of their intent to install the invasive software and to obtain
permission before loading it onto a computer. Spyware allows
companies and individuals to monitor Internet activities and
sometimes makes it possible to gather personally identifiable
information.
Bono said H.R. 2929, the Safeguard Against Privacy Invasions
Act (SPI), makes users aware of the technology before they install
it on their computers. "The SPI Act helps consumers make
more informed decisions about the types of tracking devices
they are loading onto their PCs," Bono said. The bill is
co-sponsored by Representative Edolphus Towns (D-10-NY), who
said this legislation has important implications for the privacy
of Internet users.
http://dc.internet.com/news/article.php/2242311
P2P companies may face new scrutiny
Last modified: July 25, 2003, 3:44 PM PDT
By Lisa M. Bowman
Staff Writer, CNET News.com
A bill introduced Thursday in Congress would require file-swapping
companies to get parental permission before allowing minors
to use their services. The bill, called the Protecting Children
from Peer-to-Peer Pornography (P4) Act and sponsored by Reps.
Joe Pitts, R-Pa., and Chris John, D-La., would require the Federal
Trade Commission to regulate peer-to-peer networks and take
steps to ensure that children aren't accidentally coming across
porn. The bill's sponsors said as many as 40 percent of all
files traded on the networks are porn. "Our legislation
gives parents the tools they need to protect their children
from pornography and threats to privacy posed by peer-to-peer
file-trading networks," Pitts said in a statement. "By
working together to protect children, we are building a broad
and bipartisan coalition."
http://news.com.com/2100-1025-5055426.html?tag=nl
Please contact your representative
to support this new legislation
Congress cracks down on P2P porn
Last modified: March 12, 2003, 5:30 PM PST
By Declan McCullagh
Staff Writer, CNET News.com
The U.S. Congress is targeting peer-to-peer networks again--and
this time politicians aren't fretting over music and software
piracy. Searching for words such as "preteen," "underage"
and "incest" on the Kazaa network resulted in a slew
of images that qualify as child pornography, the General Accounting
Office said in a 37-page report, one of two obtained by CNET
News.com. The second report, prepared by staff from the House
Government Reform Committee, concluded that current blocking
technology has "no, or limited, ability to block access
to pornography via file-sharing programs."
http://news.com.com/2100-1028_3-992371.html?tag=st_rn
Please contact your representative
to support this new legislation
Additional Issues
Several of these adware and spyware marketers have been raising
a lot of eyebrows within the internet community. eZula, TopText,
Surf Plus, and Gator have all come under criticism for unethical
advertising and marketing practices.
Gator
is currently coming under a lot of scrutiny because of its unethical
advertising practices where by they literally switch authorized
paid advertising on web sites and replace them with ads of their
clients and do not pay the web site owners or the original sponsored
advertisers a dime. Now I ask you is this the type of company
you want crawling around inside of your computers let alone
trust with your bank account records and passwords!
While
eZula,
which is also distributing freeware to unsuspecting people includes
"smartlinks" plug-ins that work within the IE browser.
These TopText plug ins enable
the viewing of specially highlighted links which eZula uses
to misdirect consumers to their paying clients, however like
Gator, they are the only ones making money off these links which
are stealing web traffic right off the surface of unsuspecting
web sites.
Written by Debbie St.Clair
UnwantedLinks.com
Reproduction or distribution is prohibited without permission.
Spyware Free Safe Alternatives
http://www.shareaza.com/
http://www.winmx.com/
http://www.slsknet.org/
Related Links
(Update: Newsbytes.com has been taken over by the Washington
Post Company. The links to articles that were in the Newsbytes
archives are no longer active. Many of the articles are still
available on line through other news sources. Please feel free
to search google for additional links to articles originally
appearing on Newsbytes..
Special Alert! The Anti-spyware program Ad-Aware by LavaSoft
can be automatically removed by the multimedia player RadLight!
Any programs that include the RadLight player will automatically
delete Ad-Aware off your system. RadLight is also included with
many P2P file programs. If you have an older version Ad-Aware
please up date your version of Ad-Aware on your system!
Anti-spyware program targeted by multimedia player
By Brian McWilliams, Newsbytes.
Calling the tactic "malware at its worst," Lavasoft
said its privacy
software is being silently deleted when users install a third-party
multimedia player. Newsbytes has confirmed that installing RadLight
version 3.03 deletes Lavasoft's Ad-Aware program, as promised
in a warning
in the software's 1,100-word license agreement.
http://www.computeruser.com/news/02/04/24/news9.html
MP3 Files Not Always Safe With Top Media Players
By Brian McWilliams, Newsbytes
25 Feb 2002
A quirk in media players from Microsoft and RealNetworks could
enable attackers to hijack Web browsers and run scripts on the
computers of some MP3 music fans.
The trick has apparently been discovered by pornography sites
and spammers, which have been seeding some music file trading
services with bogus MP3 music files.
http://www.newsbytes.com/news/02/174747.html
Gator Digital Wallet Allows Hacker Back Doors
Feb 22, 2002
Gator, one of the bundled software products which is installed
with many popular file sharing programs such as AudioGalaxy.
contains a security flaw that could enable malicious sites to
take control of a user's computer. An ActiveX plug-in installed
with the Gator program can be hijacked by attackers and used
to place back-door software or other "malware" on
the victim's computer.
http://www.newsbytes.com/news/02/174709.html
(see our related information for additional information regarding Gator)
What They Know Could Hurt You
by Michelle Dello
Spyware trojan found in Gnutella applications
Wired News Jan 3, 2002
http://www.wired.com/news/privacy/0,1848,49430,00.html
An Unwanted Gift for Free File-Swappers
Spyware trojan found in Gnutella applications
Jan 3, 2002
http://www.businessweek.com/bwdaily/
No Exploit Required To Read Morpheus Users' Files
By Brian McWilliams, Newsbytes
04 Feb 2002, 2:54 PM CST
While reports of a new security vulnerability in the Morpheus
file sharing service remain unconfirmed, many fans of the network
are accidentally exposing the complete contents of their computers
to outsiders.
http://www.newsbytes.com/news/
Audiogalaxy Installer May Have Harbored Nimda Virus
By Brian McWilliams, Newsbytes
09 Jan 2002, 11:23 AM CST
Thousands of fans of Audiogalaxy Satellite, a popular alternative
to the Napster file-sharing application, may have been infected
with the Nimda virus, according to users who recently downloaded
the program.
http://www.newsbytes.com/news/02/173512.html
File-sharing may bring porn to kids
by Maxim Kniazkov
Aug 2001
http://ww.smh.comau/icon/0108/01/news3.html
File-sharing Network Has Trojan Visitor
By Steven Bonisteel, Newsbytes
05 Jun 2000, 1:34 PM CST
Virus-protection companies have reported the release of yet
another rogue program written in Microsoft's Visual Basic scripting
language. However, this one - unlike the infamous "Love
Letter" e-mail worm - is designed to be propagated through
the fast-growing file-sharing network known as Gnutella. The
Gnutella Worm apparently does no harm and it is being described
as a wake-up call for users who might be too quick to trust
those with whom they exchange files using the freely available
Gnutella software.
http://www.newsbytes.com/news/00/150081.html
Gnutella Users Warning: Beware of the Mandragore Worm!
Kaspersky Labs, an international data-security software-development
company, announces the discovery of a new worm "Mandragore"
spreading across the popular Gnutella file exchange network
that uses the Peer-to-Peer (P2P) technology.
http://www.net-security.org/
Check out our article:
Spyware: Do You Know Who’s
Watching You?
This is an indepth & documented Research Paper from California
Polytechnic State University & Computer Professionals
for Social Responsibility which demonstrates how the Radiate
spyware module can get installed without a users knowledge.
Authors: Rom Yatziv and Clark S. Turner, J.D., Ph.D.
Associate Professor of Computer Science
California Polytechnic State University
Abstract: Radiate, like many other companies since the creation
of the Internet, is relying on advertising and user information
for its income. In this particular case, however, it is possible
that users’ rights are being circumvented, and Radiate
may be poking its nose in private places without proper authorization.
This paper looks at Radiate and its software module, and attempts
to determine whether it is spyware, based on the ACM Software
Engineering Code of Ethics.
For your convenience since this article is quite long we are
also including this article as a downloadable PDF file Spyware-Radiate.pdf
In addition, we also are including the following PDF file as
a source of additional documentation regarding Radiate/Aureate
instillation practices. Although dated Feb 2000 it demonstrates
the process that Radiate uses without notification to the user
during normal instillation processes.
Aureate Press Statement.pdf
WebMasters & Web Site Owners
Many of these new forms of spyware have found ways to steal
your web traffic. Don't forget to check out our WebMaster Info to find out
how to protect your web sites from these new advertising threats!
I advise any parents out there to be on the alert for any words
that are highlighted Bright Yellow or blue/green while surfing
the web because that would indicate that the Surf+ links are back
up and running. For more information on this please see our
information on What is Browser
Linking, Featured Articles,
and Additional Editorials
Links
Please show your support by adding a link back to your site
on our Supporters page and help us raise awareness by displaying
one of our logo banners on your site
