Serious Concerns about KaZaa Media Desktop

For over a year now many in the internet community have been concerned about a number of KaZaa's partnership add-on components which are included within KaZaa Media Desktop software. KaZaa has partnered with several high powered, and in our opinion unethical advertising & marketing firms such as DoubleClick which has been the subject of a lot of controversy as well as litigation for violating consumer privacy (see our News Archives) as well as eZula's TopText which is profiting from a specialized Internet Explorer plug-in which can transform informational web text & hyperlinks into competitor links within unsuspecting web sites. These plug-ins will allow individuals browsing a web site to view unauthorized advertising hotlinks which are broadcasted to the infected browsers of consumers all over the world. eZula has been cashing in by selling key words and phrases on a large scale and profiting from the click through rates.

Peer-to-peer file sharing programs, like Morpheus or KaZaA can open up sections of the users computers the users would never share knowingly. Users sometimes unwittingly share their entire hard drives, everything they have -- their email, the web pages they’ve surfed, and the documents you've written. Depending on the permissions & settings selected they can unknowingly share everything a thief would need to steal an identity, all available because of a supposedly fun file-sharing program downloaded on their computer. This was excerpted from an ABC Action News report 02/15/06
http://www.abcactionnews.com/stories/2006/02/060215p2p.shtml

Place your mouse over the words TopText.
Notice how it highlights bright yellow and on a PC a description box generally opens up giving a description or information of the advertiser.
(Please note: These links are primarily displayed through PC Internet Explorer Browsers. They do not usually show up with NetScape or other browsers even if TopText is installed on the users computer.)

These links "steal" web traffic off of a site and send the viewers to one of eZula's paid advertisers!

Important Note: There is another spyware program called "ClientMan" which displays links very similar to TopText Links. Although it is not related to TopText it does display the yellow links in a similar way. It also opens pop-up ads. Its operator, odysseusmarketing, is Walt Rines, a notorious spammer. It claims to be written for him by nostrumindia.com, a software development company. I am waiting for more information on this new "pest", however, I have been told that the latest version of Spybot with the latest updates should be able to target it. Another alarming aspect of "ClientMan" is that it can by-pass ZoneAlarm's Firewall program. When "ClientMan" installs itself it automatically clicks to "yes" and "always" button of ZoneAlarm to allow it full access to the internet without the user knowing.

(See our WebMaster Section for more information

In addition, Kazaa includes Cydoor which tracks users with a unique GUID and was responsible for including a spyware Trojan called "ClickTillUWin" in their installers which was also included in a number of other P2P file sharing applications. (For more information see our section on the Gnutella Network) McAfee offers an online virus scan: Scan your PC for viruses now!

Now Kazaa has partnered with a company called Brilliant Digital Entertainment & their subsidiary Altnet. Although information on Kazaa's web site describes Brilliant Digital Entertainment software as merely ad serving software Altnet's purpose is to utilize end users personal computers as working & storage nodes in a vast new type of computer network for their own profit.

What is more alarming is the fact that based on current calculations of download figures from CNet.com KaZaa has been downloaded approximately 293 MILLION times!

There are a number of serious concerns about this new partnership one of which is the security of this vast new network which might be at risk of hackers being able to take over end users computers for their own purposes. Below we have included a number of links regarding these many concerns so that our viewers can judge for them selves. Our concern is how far will this go and what will they include next and what new partnerships will they develop which will exploit their unsuspecting users!

Written by Debbie St.Clair
UnwantedLinks.com
Reproduction or distribution is prohibited without permission.

P2P companies may face new scrutiny
Last modified: July 25, 2003, 3:44 PM PDT
By Lisa M. Bowman
Staff Writer, CNET News.com
A bill introduced Thursday in Congress would require file-swapping companies to get parental permission before allowing minors to use their services. The bill, called the Protecting Children from Peer-to-Peer Pornography (P4) Act and sponsored by Reps. Joe Pitts, R-Pa., and Chris John, D-La., would require the Federal Trade Commission to regulate peer-to-peer networks and take steps to ensure that children aren't accidentally coming across porn. The bill's sponsors said as many as 40 percent of all files traded on the networks are porn. "Our legislation gives parents the tools they need to protect their children from pornography and threats to privacy posed by peer-to-peer file-trading networks," Pitts said in a statement. "By working together to protect children, we are building a broad and bipartisan coalition."
http://news.com.com/2100-1025-5055426.html?tag=nl

Congress cracks down on P2P porn
Last modified: March 12, 2003, 5:30 PM PST
By Declan McCullagh
Staff Writer, CNET News.com
The U.S. Congress is targeting peer-to-peer networks again--and this time politicians aren't fretting over music and software piracy. Searching for words such as "preteen," "underage" and "incest" on the Kazaa network resulted in a slew of images that qualify as child pornography, the General Accounting Office said in a 37-page report, one of two obtained by CNET News.com. The second report, prepared by staff from the House Government Reform Committee, concluded that current blocking technology has "no, or limited, ability to block access to pornography via file-sharing programs."
http://news.com.com/2100-1028_3-992371.html?tag=st_rn

Not Brilliant, KaZaA's crackers
By John Leyden Posted: 08/04/2002
The bundling of distributed computing software within file sharing software used in the KaZaA network continues to generate controversy across the Internet. Since late last year KaZaA downloads have contained 'sleeper' software which let Brilliant Digital Entertainment, a 3D advertising and modeling software start-up to activate Altnet, its own P2P network. Altnet, which is yet to be switched on, is designed to allow the distribution of secure content or for complex number crunching tasks, using spare processing power, storage and bandwidth on users' PCs. The news has triggered a backlash from users of networks such as KaZaA.com and Grokster that the partners in the scheme had failed to get their informed consent before the software was downloaded onto their PCs. In an interview with ZDNet, Brilliant's chief executive, Kevin Bermeister, has pledged to be more "up front" about the future downloads of Altnet or the activation of the network.
http://www.theregister.co.uk/content/

How to: Uninstall Brilliant software
By John Borland
CNET News.com
April 3, 2002, 4:20 PM PT
Editors note: The information for this story was valid on the day of publication. However, elements of the software may have changed over time. Additional files or different files may now be installed along with Kazaa. To track exactly what's happening to your computer, use an installation monitoring program such as PC Magazine's InCtl5. Brilliant Digital Entertainment quietly installs its own software with every copy of the Kazaa file-swapping software. The Brilliant Digital software, which is being progressively distributed over the next few weeks, can later be remotely "turned on" to become part of a new network.
http://zdnet.com.com/2100-11-875278.html

New Kazaa Could Ignite More Controversy
The owner of the widely used Kazaa file-swapping software, Sharman Networks, has launched a significantly expanded version of its controversial P2P (peer-to-peer) application. Additionally, the company has signed an agreement with a European Internet service provider that will actively promote Kazaa. Users have downloaded the previous version of Kazaa about 119 million times, according to Sharman. The program enables users to download digital media files of all kinds from the hard drives of other Kazaa users. Billions of audio, video and other files have been downloaded by users scattered around the world. The new version includes a search tool that allows users to search for ordinary Web pages. P2P industry observers noted that this utility could mean Web surfers will spend more time using Kazaa. In conjunction with the launch of this feature, Sharman Networks will begin selling keywords to Web merchants and others who want to promote their goods and services by displaying them prominently in Web search results. The new Kazaa also includes a playlist tool that enables users to download entire albums as easily as they previously downloaded single songs.
Sept 2002
http://www.ecommercetimes.com/perl/story/19477.html

Altnet wakes up as worm spreads through KaZaA
By John LeydenPosted: 05/20/200
A worm is spreading through the KaZaA file sharing network: we hope it's unrelated to today's activation of the controversial Altnet piggy-back P2P network. The worm, dubbed Benjamin, creates a directory accessible to other users of the KaZaA network and regularly copies itself into this directory under a multitude of different names.
http://www.theregus.com/content/

So, is KaZaA/Brilliant Digital Entertainment ... Spyware?
This is a very interesting expose detailing the backdoor installaion process of Brilliant Digital Entertainment software which is included with Kazaa Media Desktop.
http://www.imilly.com/kazaa.htm

Kazaa exec defends sleeper software
By John Borland
Staff Writer
April 3, 2002, 12:50 PM PT
Two days after disclosures that file-swappers using Kazaa were unwittingly downloading software that could turn their computers into part of a new network, Kazaa's owner spoke up to defend the company's actions.
As previously reported, Kazaa quietly has been bundled for two months with software that contains the core of a new peer-to-peer network. This software, from a California company called Brilliant Digital Entertainment, has been installed on potentially tens of millions of computers. Brilliant Digital plans to "turn on" this software in four to six weeks, tapping the resources of potentially tens of millions of ordinary PCs to distribute content or advertising or to run complicated computer tasks.
http://news.com.com/2100-1023-875016.html

Stealth P2P network hides inside Kazaa
By John Borland
Staff Writer
April 1, 2002, 5:35 PM PT
A California company has quietly attached its software to millions of downloads of the popular Kazaa file-trading program and plans to remotely "turn on" people's PCs, welding them into a new network of its own.
Brilliant Digital Entertainment, a California-based digital advertising technology company, has been distributing its 3D ad technology along with the Kazaa software since late last fall. But in a federal securities filing Monday, the company revealed it also has been installing more ambitious technology that could turn every computer running Kazaa into a node in a new network controlled by Brilliant Digital.
http://news.com.com/2100-1023-873181.html

How to uninstall Brilliant Digital's software
By John Borland
Staff Writer
April 3, 2002, 4:10 PM PT
Editors note: The information for this story was valid on the day of publication. However, elements of the software may have changed over time. Additional files or different files may now be installed along with Kazaa. To track exactly what's happening to your computer, use an installation monitoring program such as PC Magazine's InCtl5.
Brilliant Digital Entertainment quietly installs its own software with every copy of the Kazaa file-swapping software. The Brilliant Digital software, which is being progressively distributed over the next few weeks, can later be remotely "turned on" to become part of a new network.
http://news.com.com/2100-1023-875274.html

KaZaA sneakware stirs inside PCs
By Tom Spring
(IDG) -- It sounds like a "B" movie plot: Return of the PC Snatchers.
Millions find their PCs' bandwidth and hard disk space siphoned for mysterious but worthy-sounding scientific projects, just because they downloaded the client for a music- and file-swapping program.
But wait, there's more: The increasingly popular KaZaA file-sharing network will reap fees for allowing a partner to piggyback its dormant software on downloads of KaZaA's client. Within weeks, KaZaA users will see the premiere of ads offering Altnet audio and video content for sale. The selection will appear alongside -- but distinguishable from -- KaZaA content on the KaZaA Media Desktop, says Kevin Bermeister, chief executive of Brilliant Digital, parent company of Altnet.
The new offerings will appear in the company of banner ads from online advertising behemoth DoubleClick, with which KaZaA recently cut a deal. And if your PC shares its downtime processing cycles with Altnet, you could be paying for KaZaA Media Desktop services with a chunk of your PC rather than a lump of cash.
http://www.cnn.com/2002/TECH/internet/

Peer to Peer File Sharing Nets Nimda
Virus & Trojan Horses!
Users of popular file sharing applications have gotten an lots of unwanted extra Surprizes! Many Gnutella applications have been infected with Spyware Trojans and the Nimda Virus in addition to pornography and security breaches.
By D. Stclair
unwantedlinks.com

The Dirty Little Secret About
KaZaa and iMesh
Do you love mp3 and utilize file swapping programs like these then beware of the added features.
Bob Baker is the author of "Poor Richard's Branding Yourself Online,"
"The Guerrilla Music Marketing Handbook" and "Ignite Your Creative Passion."
Visit http://www.bob-baker.com/ for free self-promotion tips.

(Update: Newsbytes.com has been taken over by the Washington Post Company. The links to articles that were in the Newsbytes archives are no longer active. Many of the articles are still available on line through other news sources. Please feel free to search google for additional links to articles originally appearing on Newsbytes..

Special Alert! The Anti-spyware program Ad-Aware by LavaSoft can be automatically removed by the multimedia player RadLight! Any programs that include the RadLight player will automatically delete Ad-Aware off your system. RadLight is also included with many P2P file programs. If you have an older version Ad-Aware please up date your version of Ad-Aware on your system!

Anti-spyware program targeted by multimedia player
By Brian McWilliams, Newsbytes.
Calling the tactic "malware at its worst," Lavasoft said its privacy
software is being silently deleted when users install a third-party
multimedia player. Newsbytes has confirmed that installing RadLight
version 3.03 deletes Lavasoft's Ad-Aware program, as promised in a warning
in the software's 1,100-word license agreement.
http://www.computeruser.com/news/

MP3 Files Not Always Safe With Top Media Players
By Brian McWilliams, Newsbytes
25 Feb 2002
A quirk in media players from Microsoft and RealNetworks could enable attackers to hijack Web browsers and run scripts on the computers of some MP3 music fans.
The trick has apparently been discovered by pornography sites and spammers, which have been seeding some music file trading services with bogus MP3 music files.
http://www.newsbytes.com/news/

Gator Digital Wallet Allows Hacker Back Doors
Feb 22, 2002
Gator, one of the bundled software products which is installed with many popular file sharing programs such as AudioGalaxy. contains a security flaw that could enable malicious sites to take control of a user's computer. An ActiveX plug-in installed with the Gator program can be hijacked by attackers and used to place back-door software or other "malware" on the victim's computer.
http://www.newsbytes.com/news/

What They Know Could Hurt You
by Michelle Dello
Spyware trojan found in Gnutella applications
Wired News Jan 3, 2002
http://www.wired.com/news/privacy/

No Exploit Required To Read Morpheus Users' Files
By Brian McWilliams, Newsbytes
04 Feb 2002, 2:54 PM CST
While reports of a new security vulnerability in the Morpheus file sharing service remain unconfirmed, many fans of the network are accidentally exposing the complete contents of their computers to outsiders.
http://www.newsbytes.com/news/

Audiogalaxy Installer May Have Harbored Nimda Virus
By Brian McWilliams, Newsbytes
09 Jan 2002, 11:23 AM CST
Thousands of fans of Audiogalaxy Satellite, a popular alternative to the Napster file-sharing application, may have been infected with the Nimda virus, according to users who recently downloaded the program.
http://www.newsbytes.com/news/

File-sharing Network Has Trojan Visitor
By Steven Bonisteel, Newsbytes
05 Jun 2000, 1:34 PM CST
Virus-protection companies have reported the release of yet another rogue program written in Microsoft's Visual Basic scripting language. However, this one - unlike the infamous "Love Letter" e-mail worm - is designed to be propagated through the fast-growing file-sharing network known as Gnutella. The Gnutella Worm apparently does no harm and it is being described as a wake-up call for users who might be too quick to trust those with whom they exchange files using the freely available Gnutella software.
http://www.newsbytes.com/news/

Gnutella Users Warning: Beware of the Mandragore Worm!
Kaspersky Labs, an international data-security software-development company, announces the discovery of a new worm "Mandragore" spreading across the popular Gnutella file exchange network that uses the Peer-to-Peer (P2P) technology.
http://www.net-security.org/text/articles/

Spyware: Do You Know Who’s Watching You?
This is an indepth & documented Research Paper from California Polytechnic State University & Computer Professionals for Social Responsibility which demonstrates how the Radiate spyware module can get installed without a users knowledge.
Authors: Rom Yatziv and Clark S. Turner, J.D., Ph.D.
Associate Professor of Computer Science
California Polytechnic State University

Abstract: Radiate, like many other companies since the creation of the Internet, is relying on advertising and user information for its income. In this particular case, however, it is possible that users’ rights are being circumvented, and Radiate may be poking its nose in private places without proper authorization. This paper looks at Radiate and its software module, and attempts to determine whether it is spyware, based on the ACM Software Engineering Code of Ethics.
For your convenience since this article is quite long we are also including this article as a downloadable PDF file Spyware-Radiate.pdf

In addition, we also are including the following PDF file as a source of additional documentation regarding Radiate/Aureate instillation practices. Although dated Feb 2000 it demonstrates the process that Radiate uses without notification to the user during normal instillation processes.
Aureate Press Statement.pdf

Many of these new forms of spyware have found ways to steal your web traffic. Don't forget to check out our WebMaster Info to find out how to protect your web sites from these new advertising threats!

I advise any parents out there to be on the alert for any words that are highlighted Bright Yellow or blue/green while surfing the web because that would indicate that the Surf+ links are back up and running. For more information on this please see our information on What is Browser Linking, Featured Articles, and Additional Editorials Links