File-sharing programs carry Trojan horse
Published: 03 Jan 2002 10:37 GMT
A pair of popular file-sharing programs have become privacy time bombs, according to computer experts.
Antivirus company Symantec last week reported the presence of "spyware" bundled with Grokster and Limewire, two popular file-swapping downloads. The code evidently does not damage computers, but it surreptitiously sends personal information such as user ID names and the Internet address of computers to another Web address.
Advertising software called "Clicktilluwin" that comes bundled with the file-swapping programs carries a program called "W32.DIDer," which Symantec has classified as a Trojan horse -- a piece of code that takes over parts of a person's computer unseen in order to carry out its own instructions.
Although unrelated advertising programs are routinely bundled with free file-swapping programs -- and have prompted some user criticism in the past -- this appears to be the first time one of them has included a program classified as a Trojan horse by security experts.
The Trojan horse software installs itself even if a computer user selects an option that appears to block Clicktilluwin's installation. For this reason, antivirus companies are warning people to scan their computers after installing these products to ensure the code is removed.
On the heels of the Symantec warning, some consumers complained of similar problems with FastTrack's Kazaa Media Desktop. CNET News.com could not duplicate the problem in a test of that product on Wednesday.
A spokesman for Limewire said the version with Clicktilluwin included had been replaced with a clean version by Tuesday.
"It was not what we thought this was," said Greg Bildson, Limewire's chief technical officer. "It was supposed to be a promotional tool...not blatant spyware."
Grokster has gone one step further, apologising and providing its users with a program that will remove the offending bits of code from personal computers
"We have no access to the source code of these third-party installers and so we rely on what our advertisers say these programs do," the company wrote on its Web site Wednesday. "Now that we have learned of the Trojan, we are doing everything we can to minimise its impact on our users."
Because software programs are among the most popular downloads on the Net, the Trojan horse could potentially find its way onto a large number of computers. Kazaa, for example, is one of the most popular pieces of software available through CNET Download.com, a site operated by ZDNet UK's parent company, with more than 1.3 million downloads in the last week of December alone.
Bitter warnings about the code spread through consumer bulletin boards on several different Web sites last week.
"Make sure you have a good virus utility if you must install this," one person wrote on Download.com's Grokster reviews.
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.
Let the editors know what you think in the Mailroom. And read other letters.
Did you find this article useful?
35 out of 70 people found this useful
- Share this article:
