-Caveat Lector-
http://www.businessweek.com/print/bwdaily/dnflash/jan2002/nf2002013_56
27.htm?mainwindow
ANUARY 3, 2002
NEWS ANALYSIS
An Unwanted Gift for Free File-Swappers
A Trojan horse unknowingly tucked into software of peer-to-peer
services such as Grokster may now be on millions of hard drives
Like thousands of other music lovers, Scott Hurring recently
downloaded a Napster-like music file- sharing program called Grokster
to test drive for chasing tunes. A programmer at advertising services
agency Graphic Type and a Net veteran, Hurring disliked the program
and uninstalled it. Or so he thought.
On Dec. 27, he noticed a small program titled "DLDER.exe" on his hard
drive. Hurring studied the program and learned that it was associated
with a piece of software called "Clicktilluwin" that Grokster had
packaged with its basic installer. Trouble was, Clicktilluwin is
supposedly an optional piece of online-sweepstakes software. Hurring
had opted out, but the software had installed anyway against his
wishes.
That bothered him, as well it should have. Turns out that the
persistent piece of software was a Trojan horse -- that is, it
appeared to be one thing but in reality was another. In fact, it
placed software on Hurring's hard drive that recorded every URL he
visited, as well as some of the user IDs he employed on his Web
travels.
NOT ISOLATED. The software then may have broadcast this information
from his machine over the Internet to a still-unidentified Web
server. When he dissected the program, Hurring found that it was
designed to launch anytime he started his PC. His discovery has since
been corroborated by several antivirus companies.
Hurring's experience was no isolated case. The Trojan horse he
discovered appears to have been packaged in official download
versions of not only Grokster but other popular peer-to-peer (P2P)
products including LimeWire, KaZaa, and BearShare, according to
numerous postings spreading on bulletin boards across the Internet.
LimeWire alone recorded 150,000 downloads of the infected software.
KaZaa's client software is downloaded more than 1 million times each
week, according to Cnet's download.com. If you add in Grokster and
BearShare, the reach of this still-mysterious Trojan horse may be in
the millions -- representing more than 50% of the file-sharing market
for free music.
KaZaa and BearShare could not be reached for comment for this story.
But Grokster and LimeWire say they included the Clicktilluwin
software, thinking it was only an installer package and were unaware
that it harbored such secret behaviors. To date, no one seems to know
what entity is responsible. The maker of the Clicktilluwin software
is still unclear. Greg Bildson, chief technology officer of LimeWire,
says he believes it came from an I
sraeli online advertising software company called Cydoor. Repeated efforts to try to
contact Cydoor were unsuccessful. LimeWire has since removed the Trojan Horse from its
download package.
"NO CLUE." The Clicktilluwin incident comes at a bad time for the remaining free
file-sharing vanguard. In December, the Big Five record labels launched their own paid
music subscription services, Pressplay and MusicNet (
see BW Online, 12/28/01, "Pay-to-Play Music: Lots of Missed Notes"). These new
services could provide the first legal competition to the remaining P2P networks. With
threats of lawsuits from the Recording Industry Associa
tion of America already hanging over their heads, these fledglings could now face a
backlash from angry users who may have downloaded a Trojan program. "I have no clue
what this software is doing to my system," says Hurri
ng via e-mail.
Anytime software is compromised at the source, it's usually a indicator of larger
problems. In this case, the problem is associated with so-called freeware downloads.
Some big-name programs, such as the LINUX operating sy
stem, are freeware, but they receive intense scrutiny before release. Many
lower-profile downloads, however, aren't tightly vetted.
That's because small freeware startups often rely on third parties to provide key
pieces of their software and then bundle them into the package. In the case of the
DLDER.exe Trojan, that software was an installer that co
nfigured the P2P program on the user's computer. "It seems that a huge amount of the
P2P world was taken in by this bundle," says LimeWire's Bildson.
"NEFARIOUS STUFF." Small P2P file-sharing companies such as LimeWire, which has only a
handful of programmers, just don't have the time or manpower to look through the code
for themselves to vet it for any potential probl
ems. "We were paid to distribute a Clicktilluwin installer. All it was supposed to do
was drop an icon and install. Apparently it was downloading some nefarious stuff in
the background," says Bildson.
How serious a breach remains an open question. Antivirus companies are ho-hum about
the threat, saying they haven't yet seen any direct harm. While the DLDER.exe Trojan
may have recorded Web-surfing habits, no direct evid
ence has been found that it has broadcast this info to any specific cybersnoopers. Nor
is there any evidence that the program has done something harmful, such as erase a
hard drive. "This program is much more along the li
nes of 'spyware' than a 'virus.' Any likelihood of any damage to a user's computer
files is remote," says a Grokster spokesperson via e- mail.
Tiny freeware companies aren't alone in running risks such as this one. Big commercial
entities have gotten caught distributing malicious code in supposedly trusted
downloads. Witness an embarrassing incident last April,
when Microsoft inadvertently distributed the "FunLove" virus from its own download
servers when it contracted the pathogen after mistakenly leaving antivirus protection
turned off.
BAD TASTE? Unfortunately, LimeWire and the other P2P companies don't record the e-mail
addresses of downloaders so they have no way to warn them of the possible security
risks. And they may not be able to get much help fr
om the smaller programming companies they rely on for support. "It is hard to monitor
the behavior of bundled software over the life of that software. Changes can be made
on the servers that interface with software which
allow the software to become dangerous," says Bildson.
At the least, the incident could leave a bad taste in the mouths of digital-music
lovers used to getting a free ride with little to fear from rollicking P2P networks.
One more sign that the happy times of unrestricted fil
e-sharing may be coming to an end, as the kind of threat security experts have long
warned about may be coming true. The lesson? Be very careful what you download -- free
software can give you more than you bargained for.
By Alex Salkever
Edited by Douglas Harbrecht
Copyright 2000-2001, by The McGraw-Hill Companies Inc. All rights
reserved.
Terms of Use Privacy Policy
~~~~~~~~~~~~~~~
Forwarded as information only; no endorsement to be presumed
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
In accordance with Title 17 U.S.C. section 107, this material
is distributed without charge or profit to those who have
expressed a prior interest in receiving this type of information
for non-profit research and educational purposes only.
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
The only real voyage of discovery consists not in seeking
new landscapes but in having new eyes. -Marcel Proust
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
"Do not believe in anything simply because you have heard it. Do not believe
simply because it has been handed down for many generations. Do not
believe in anything simply because it is spoken and rumored by many. Do
not believe in anything simply because it is written in Holy Scriptures. Do not
believe in anything merely on the authority of Teachers, elders or wise men.
Believe only after careful observation and analysis, when you find that it
agrees with reason and is conducive to the good and benefit of one and all.
Then accept it and live up to it."
The Buddha on Belief, from the Kalama Sutta
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
A merely fallen enemy may rise again, but the reconciled
one is truly vanquished. -Johann Christoph Schiller,
German Writer (1759-1805)
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
It is preoccupation with possessions, more than anything else, that
prevents us from living freely and nobly. -Bertrand Russell
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
"Everyone has the right...to seek, receive and impart
information and ideas through any media and regardless
of frontiers."
Universal Declaration of Human Rights
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
"Always do sober what you said you'd do drunk. That will
teach you to keep your mouth shut."
--- Ernest Hemingway
<A HREF="http://www.ctrl.org/";>www.ctrl.org</A>
DECLARATION & DISCLAIMER
==========
CTRL is a discussion & informational exchange list. Proselytizing propagandic
screeds are unwelcomed. Substance—not soap-boxing—please! These are
sordid matters and 'conspiracy theory'—with its many half-truths, mis-
directions and outright frauds—is used politically by different groups with
major and minor effects spread throughout the spectrum of time and thought.
That being said, CTRLgives no endorsement to the validity of posts, and
always suggests to readers; be wary of what you read. CTRL gives no
credence to Holocaust denial and nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://peach.ease.lsoft.com/archives/ctrl.html
<A HREF="http://peach.ease.lsoft.com/archives/ctrl.html";>Archives of
[EMAIL PROTECTED]</A>
http:[EMAIL PROTECTED]/
<A HREF="http:[EMAIL PROTECTED]/";>ctrl</A>
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
