Spyware in Kazaa, Limewire, Grokster

BigMacMike writes: "The San Francisco Chronicle (via the sfgate.com website) has a story that Kazaa, LimeWire, and others have secretly hidden software in their applications that track users' browsing habits." Not the first time. The corporate response is that they literally didn't know what was in these secondary applications that they were providing to be downloaded and installed alongside their primary program. Believe it if you wish.

Double Edged Sword...

[11thangel]

Take your pick. Let people know what you download, or don't download things. Free music has a price, and it's really not all that bad if your computer doesnt have anything REALLY incriminating on it. No, I'm not saying spyware is good, I'm saying that given the choices, it's not THAT bad.

That and linux kazaa run as a restricted user would yield some interesting spyware data :)

morpheus

[MiTEG]

If you don't like spyware, try out MusicCity Morpheus. Almost the same thing as Kazaa, but on the front page, they guarantee "no spyware". I'd say to vote with your $$, but since both services are free, you'll have to vote with banner-clicking.

Re:morpheus

[Fecal+Troll+Matter]

Incorrect. You can close the adverts by clicking the 'x' in the corner. Some of them are more annoying than others - I recently woke up to a jingle for some shitty Canadian Cocksucker Club, or something.

Re:morpheus

[MushMouth]

I thought you guys were sophisticated.

add this to your "hosts" file

127.0.0.1 ads.musiccity.com

(if you don't know where that is do a find hosts, it is somewhere in your windows directory. Morpheus will no longer pop up any ads

Re:morpheus

A much simpler way to do this would be to add ads.musiccity.com to the Restricted Sites zone in IE. This will disable scripting in ads, which will get rid of popups and annoying ads, but will leave images alone.

As if We Didn't know already

[justanyone]

use Ad Aware and discover what we already should have known. Bearshare and AudioGalaxy do, too. Big deal.

Zonealarm shows it's doing funky stuff.

The solution to this is: don't use them. Or, use a version of them that doesn't have the spyware. Limewire version 1.3 is a little slower but doens't have ads or spyware (but 1.7+ does).

-- Kevin

get rid of all spy ware

[flynt]

Download the acclaimed Ad Aware program (link provided) here. It searches your registry and all your drives for running and installed spyware programs. It works great.

A few things

[loraksus]

First - the worst spyware/malware/virus.

Fucking Bonzai Buddy
I swear that fucker resides in the MBR it is such a pain to get rid of. Once it is gone, windows is unstable (yeah, yah troll on, 2k is damn stable before this shit is installed)

Second, the exec lies thru his teeth.
And the clicktilluwin "not do anything until activated" motto is pure bullshit, this thing starts sending data from the moment it is installed beside limewire.

Of course, http://www.lavasoftusa.com/index.html is an awesome prog - ad aware lets you know what shit you have on your system and then removes it usually quite effectively. To be honest, shit like this might actually be a good arguement for open source, how many "features" are installed in popular programs that we have no idea of - i.e. they have been integrated into the program. Its also a really fucking good arguement for using opera (BTW, you know /. says that a majority of people are using ie 5.0, opera allows you to change its settings so it looks like it is ie (for the fucking sites that wont let other browers in) I switched, i dunno about others..

One last thought: Clicktilluwin
It was classified as a trojan horse, because that is what it is - think of this - if the av manufacuters bent over a desk for these fuckers (declassifying this "program" as a trojan), you think that they would protect you from the FBI?!?!!?
Shit, if the threat of a lawsuit is all it takes, someone could make a virus, sue all the av companies that made solutions, and then sell "protection"...

Re:Mac versions

[christurkel]

No, the program seems to be Windows only, according to LimeWire.

What makes you think they only log downloads?

[Carnage4Life]

I wrote an article on Kuro5hin entitled The Spyware Invasion when I found out that there was a piece of Spyware(WebHancer) on my machine that was logging EVERY URL I VISITED. It turns out that this company sells these statistics that they obtain from over 16 million unsuspecting users to businesses for over $12,000 a pop.

What bothered me in particular about this approach is that I know a few websites that log users in with their pasword in the URL (Slashdot is one of them) and I wondered exactly how many of my passwords and userIDs had been sent to webHancer over the past weeks I had it unknowingly running on my machine. Of course, I quickly ran Ad-Aware on my machine and changed all my online passwords.

PS: The offending application that installed this spyware was AudioGalaxy.

Re:What makes you think they only log downloads?

[Kanon]

Audiogalaxy have since mended their ways. The current installer asks if you want to install any of the spyware (1 at a time) and doesn't if you say no (I checked this with adaware).

In the past they did install webhancer without asking.

Kazaa has it big time...

[tcc]

AD-AWARE (current 5.62) is one of the BEST ad removal tools for windows computer, grab it at Lavasoft. It's free, it has updates (download the latest definition file after installing the 5.62 version) and I've tracked it's every move with a filesystem scanner, and it doesn't put thrash anywhere in your system.

It scans Registry, cookies, files, dlls, and it found the Kazaa backdoor installed in my system. Usually when you put a software you can remove it's tracking bugware and the main software will still run (I remember posting an article here over a year ago about bearshare having that same type of crap that Kazaa is using right now but it got rejected). What's interresting about Kazaa is if you remove the offending DLL (which is Cydoor bugtracking stuff), Kazaa won't start anymore, this really shows how BAD they want to track your moves.

While I don't have anything against software companies making a buck by selling tracked info, I do have something against companies being hypocritical about it. When you install Kazaa, it offers you a lot of "free stuff" that any above average users knows that it means advertising stuff, spamming and tracking. This is okay in my book at LEAST it's part of the installer and if you don't know and say yes, well that becomes your problem. What I find really hypocritical is i've unselected EVERYTHING exept "Kazaa needed files" and it STILL installed that bugware thing, and it's not mentionned anywhere CLEARLY in the installer. People get pissed at microsoft activation process which is clear, known and way less intrusive than that, but they let that pass in exchange of leeching free MP3, vids, p0rn and warez. If one day the big suppliers of content on that services have an FBI raid at their places, they'll scream justice and claim that FBI couldn't use the informatin that Kazaa was getting from them because it's not constitutionnal. Well I'd say, make up your mind, if you want P2P and privacy, go to some other service, an example, Download winMX, run Ad-aware in case there's anything installed with the newer versions, and it will probably still run after the cleaning process (I use winMX I love it). Don't support crooks like Kazaa and bearshare that are trying to look friendly, on your side, and pro this and that, while they turn around and sell your browsing habbits without your knowledge.

Also, notice when you're not uploading or downloading, but kazaa is running.. your drive burps every 5 seconds.... I'm still trying to figure out why.. it doesn't stop even after an hour.. it's not "windows-typical" drive burping.

Anyways... hope that helps anyone out there.

Re:Kazaa has it big time...

[LiENUS]

problem is kazaa wont run unless cd_Clint.dll exists, www.cexx.org has a cd_clint dummy dll file that will deactivate it and let kazaa continue to run.

Re:Kazaa has it big time...

[Reziac]

Someone kindly informs us,

What's interresting about Kazaa is if you remove the offending DLL (which is Cydoor bugtracking stuff), Kazaa won't start anymore, this really shows how BAD they want to track your moves.

One might check said .DLL for any plaintext IP addresses, and armed with your trusty hex editor, replace any found therein with the time-honoured 127.0.0.0

BTW having read the Kazaa bug-report forums for a while, it became clear to me this is a company that doesn't give a tinker's damn what it does to users, so long as it makes a buck.

Re:Kazaa has it big time...

[Tackhead]

> Also, notice when you're not uploading or downloading, but kazaa is running.. your drive burps every 5 seconds.... I'm still trying to figure out why.. it doesn't stop even after an hour.. it's not "windows-typical" drive burping.

I don't use spyware, so I never installed Kazaa, so I can't help you. But I'm curious, too. (I hate advertisers, and anything that threatens to kick over the rocks under which they grow is k00l by me ;)

So try a utility like this one: Sysinternals' filemon.exe

Could be as innocent as your swap file, 'cuz some Windoze proggies leak memory like sieves. Could be something less-than-innocent. Let us know!

It's ClickTillUWin

[Kman_xth]

Here's a (dutch :P) site about this thing, with more details http://www.zdnet.nl/News.cfm?id=14504 The article says that LimeWire 2.0.2 and Grokster ask on installation if you want to install a certain 'service' or program called 'ClickTillUWin'. Whether or not you confirm or deny this request, it secretly DOES install it on your pc. This so-called online lottery game contains the trojan. If you go to clicktilUwin.com you'll see that there are possibly more programs 'infected' by this trojan (check the partners section). What is basically does (according to the above article) is install a file called Dlder.exe. When you start the p2p program it came with, dlder.exe will automatically start too and download a second piece, called explorer.exe (and no, not the same one windows users normally have). This program then does some things to the windows registry and sends usernames and your ip adress to http://www.2001-007.com. Symantec (the guys of Norton Antivirus) have called this thing a trojan horse and all of their antivirus applications will regognize it as one. The above article also states that other antiviruscompanies have also already updated their software (waiting for you to press the 'update button' that is :)

Some Good Advice, Again....

[thumbtack]

It's been put up here lord knows how many times, but here goes again. I use the Lavasoft software Ad-Aware to check and clean my system on a regular basis. Not only do I use it, if I have a friend who is having problems with their system, I usually will run it there as well. nine times out of ten they have a program that is running in the background, that Adware classifies as "Spyware". Removing the "spyware" components my the friends system often fixes the problems they are having. It always finds things that shouldn't be on their system. We can debate cookies forever, but I'm talking about software that serves ads, sends information, or otherwise takes control of your system or partially takes control.

The old sage about not installing software from unknown sources applies more than ever, I don't know who these people are, but from reports I've seen and heard I wouldn't even consider installing them.

. If I do download software and install it (it inevitable) I scan the download for viruses and trojans, backup my registry, install it and then run Ad-Aware. If Ad-Aware detects anything from the program, i uninstall the sucker. Then I reboot and run the old registry as well.

Re:How can you tell if it's installed?

[kubla2000]

You can also do as The Register's oft-quoted article suggests:

Those who prefer to see to their own Trojan removal need only search for a hidden directory under their \Windows directory called \Explorer. Simply delete the \Windows\Explorer directory, along with the companion file Dlder.exe in the \Windows directory.

More information.

[milkman1]

This was originally noted on the vuln-dev list in late december. For your amusement here are some links:

Grokster and possible trojan

Clicktilluwin DLDER Trojan"

Burn All SpyWare!

I see a lot of people don't care about SpyWare. I think everyone should. Maybe it's not that bad, but it's the principle - What they are doing is spying on you. Monitoring you.
If you don't do anything about it, it's only gonna get worse. Feed them a crumb, and they'll take the entire arm! Or whatever the saying is.

Cexx.org has a nice article on how to neutralize spyware.

For those interested, KaZaA utilizes spyware by the name of CyDoor - That article on cexx.org explains what it does.

For those of you who care about privacy, and can't live without KaZaA, this may interest you: Dummy Files for use with KaZaA - or ANY other app that uses the CyDoor spyware rendering it harmless.
They Uncymesh file on the same page kills the spyware when i.e. KaZaA is not in use (when it is it's active!).

All in all I can recommend going through cexx.org, lots of interesting stuff. And yeah, support Ad Aware!

Intentionally Anonymous Counter Exploiter

SpyWare

[NetNinja]

As the previous post mentioned above "Ad-aware" is a great program to snif your winblows boxes for spyware.
The January issue of "Smart Computing" has a great article describing which programs are spying on you and some other recommended programs to protect your machine.

If you want to use Kazaa w/o the spyware...

[AnimeFreak]

Use Morpheus. I have known about Kazaa and it's spyware built-in for quite some time now, yet Morpheus is better as it doesn't have spyware and it also allows you to download MP3s larger than 128 kbit.

Getting older versions of Limewire also allows you to defeat the spyware.

Re:How about CometCursor?

[Zalgon+26+McGee]

Has she ever clicked on "Always trust content from Comet Cursor"? That may be the reason.

AudioGalaxy & VX2

[Tony.Tang]

AudioGalaxy's software unfortunately now installs VX2 by default. We didn't know this when we installed AG, and were subject to a pop-up ad so frequently, it was unbelievable. At first, I suspected the sites we were visiting, but they were even coming up on Google!

The big throw was that the ads that were being served up always seemed to come from different places. One day, I decided to look into it, and discovered that all the ads were being downloaded from VX2.

VX2 is a very devious piece of sofwtare, logging every one of the sites you visit, and then popping an ad every once in a while. If you surf quickly, throttles itself; surf slowly, and it pops for every site. Quite devious, really.

• VX2's site - fairly informative
• Cexx's site - VERY informative -- tells you everything you need to know about vx2

I recommend downloading some of the software that's already been mentioned (e.g. adaware) -- they do a very good job of getting rid of all sorts of garbage.

Re:Google Toolbar is spyware

[PhunkySchtuff]

Yes, the Google Toolbar _IS_ spyware, and they tell you in no uncertain terms that it is.
If you read the description of it before happily clicking OK, OK, OK, you would know exactly what information is transmitted back to Google, and why.
That groovy little "Page Rank" bar you have on the toolbar, needs to know what URL you are on, so it can give you the pagerank.
If you chose to install without the advanced features, then it wouldn't report anything back to google at all.
-- kai

What address do these trojans contact?

[EMIce]

I'd like to set my private dns server to resolve them to 127.0.0.1 - I am especially interested in the kazaa one, since I use morpheus. I've already redirected sites like auto.search.msn.com, since every incorrectly url typed into IE is sent there.

Here is a comprehensive Hosts File that blocks em

[sh0rtie]

here is a really comprehensive hosts file that blocks morpheus,bearshare,hotline and 10,000 advert servers, daily updates, instructions and works on all platforms including Linux/beos/macs ;)

There _IS_ a opensource gnutella client for win32

[Ilgaz]

First of all I wonder how people get shocked about those companies making evil things...

Second is, I sure wonder how Gnucleus ( http://www.gnucleus.com ) which is a full open source program works perfectly on win32 platform isn't mentioned on messages.

The coder guy(s) say now it has even multi-source downloading, just like fasttrack.

There is also another problem, as those programs are closed source, how come they won't have _native_ spying? e.g. Morpheus sending current URL of IE easily from urlmon.dll to that dutch company? I mean, anyone checked it yet?

How it works (the real facts)

[DABANSHEE]

1st a quote..

"F-Secure Virus Descriptions

NAME: DlDer
ALIAS: Trojan.Win32.DlDer, Troj_DlDer

This two-component trojan was discovered in the end of December 2001. The trojan being installed on a user's system constantly upgrades its main component that connects to 2001-007.com website and reports user's ID, web browser a user is using and all URLs that a web browser and all its child windows open. The trojan violates user's privacy and opens a security hole in a system by downloading and activating executable files.

The main component of the trojan is Explorer.exe file that is located in Windows folder in \Explorer\ subfolder (do not mix with the original Windows' Explorer.exe). This component is constantly upgraded by the second trojan component that has the name 'DlDer.exe' and is located in Windows folder.

The DlDer.exe file is most likely dropped to user's system by ActiveX applet or Javascript code that a user doesn't notice when he is browsing Internet. The exact way how this file is dropped is not yet known. The case is under investigation.

The DlDer.exe file when it is started downloads Explorer.exe file from a website and puts it to \Windows\Explorer\ folder. Then the trojan creates a startup key for Explorer.exe file. On next System restart the Explorer.exe file is activated and it creates a startup key for DlDer.exe file and starts to connect to 2001-007.com website and report user's ID, web browser and all URLs that a user visits to there.

We recommend to delete both trojan components from an infected system. If these components can't be deleted (locked files) they should be deleted from pure DOS (in case of Windows 9x system) or renamed with different extensions (EXA for example) with immediate system restart (in case of Windows NT/2000/XP system).

[F-Secure Anti-Virus Research Team, December 28th, 2001]"

Now some links

Astechnica Forum - "Is download.com infected with a virus???"

Arstechnica Forum - "explorer.exe and Explorer.exe"

Computing.Net Forum - "How to delete trojan in explorer.exe"

Gnutella Forum - "p2p Trojan info"

C:\WINNT\system32\drivers\etc\hosts

they probably wont mod up a helpful windows post, so the answer for windows users is in the subject line. ad-haters might like to add all these:

127.0.0.1 ads.x10.com
127.0.0.1 ads.musiccity.com

127.0.0.1 207-87-18-203.wsmg.digex.net
127.0.0.1 Garden.ngadcenter.net
127.0.0.1 Ogilvy.ngadcenter.net
127.0.0.1 ResponseMedia-ad.flycast.com
127.0.0.1 Suissa-ad.flycast.com
127.0.0.1 UGO.eu-adcenter.net
127.0.0.1 VNU.eu-adcenter.net
127.0.0.1 a32.g.a.yimg.com
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.webprovider.com
127.0.0.1 ad08.focalink.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreatives.imaginemedia.com
127.0.0.1 adex3.flycast.com
127.0.0.1 adforce.ads.imgis.com
127.0.0.1 adforce.imgis.com
127.0.0.1 adfu.blockstackers.com
127.0.0.1 adimage.blm.net
127.0.0.1 adimages.earthweb.com
127.0.0.1 adimg.egroups.com
127.0.0.1 admedia.xoom.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 adremote.pathfinder.com
127.0.0.1 ads.admaximize.com
127.0.0.1 ads.bfast.com
127.0.0.1 ads.clickhouse.com
127.0.0.1 ads.enliven.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.fool.com
127.0.0.1 ads.freshmeat.net
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.i33.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.link4ads.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.madison.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.smartclicks.net
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.x10.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.zdnet.com
127.0.0.1 ads01.focalink.com
127.0.0.1 ads02.focalink.com
127.0.0.1 ads03.focalink.com
127.0.0.1 ads04.focalink.com
127.0.0.1 ads05.focalink.com
127.0.0.1 ads06.focalink.com
127.0.0.1 ads08.focalink.com
127.0.0.1 ads09.focalink.com
127.0.0.1 ads1.activeagent.at
127.0.0.1 ads10.focalink.com
127.0.0.1 ads11.focalink.com
127.0.0.1 ads12.focalink.com
127.0.0.1 ads14.focalink.com
127.0.0.1 ads16.focalink.com
127.0.0.1 ads17.focalink.com
127.0.0.1 ads18.focalink.com
127.0.0.1 ads19.focalink.com
127.0.0.1 ads2.zdnet.com
127.0.0.1 ads20.focalink.com
127.0.0.1 ads21.focalink.com
127.0.0.1 ads22.focalink.com
127.0.0.1 ads23.focalink.com
127.0.0.1 ads24.focalink.com
127.0.0.1 ads25.focalink.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads5.gamecity.net
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserver.dbusiness.com
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.merc.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 antfarm-ad.flycast.com
127.0.0.1 au.ads.link4ads.com
127.0.0.1 banner.media-system.de
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 banners.easydns.com
127.0.0.1 banners.looksmart.com
127.0.0.1 banners.wunderground.com
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 beseenad.looksmart.com
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bn.bfast.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 califia.imaginemedia.com
127.0.0.1 cds.mediaplex.com
127.0.0.1 click.avenuea.com
127.0.0.1 click.go2net.com
127.0.0.1 click.linksynergy.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 counter.hitbox.com
127.0.0.1 crux.songline.com
127.0.0.1 erie.smartage.com
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 fp.valueclick.com
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 gm.preferences.com
127.0.0.1 gp.dejanews.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 image.click2net.com
127.0.0.1 image.eimg.com
127.0.0.1 images2.nytimes.com
127.0.0.1 jobkeys.ngadcenter.net
127.0.0.1 kansas.valueclick.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 media.preferences.com
127.0.0.1 mercury.rmuk.co.uk
127.0.0.1 mojofarm.sjc.mediaplex.com
127.0.0.1 nbc.adbureau.net
127.0.0.1 newads.cmpnet.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 realads.realmedia.com
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 regio.adlink.de
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 s2.focalink.com
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 spin.spinbox.net
127.0.0.1 static.admaximize.com
127.0.0.1 stats.superstats.com
127.0.0.1 sview.avenuea.com
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tracker.clicktrade.com
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 v0.extreme-dm.com
127.0.0.1 v1.extreme-dm.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 view.accendo.com
127.0.0.1 view.avenuea.com
127.0.0.1 w113.hitbox.com
127.0.0.1 w25.hitbox.com
127.0.0.1 web2.deja.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.admex.com
127.0.0.1 www.alladvantage.com
127.0.0.1 www.commission-junction.com
127.0.0.1 www.freestats.com
127.0.0.1 www.imaginemedia.com
127.0.0.1 www.netdirect.nl
127.0.0.1 www.oneandonlynetwork.com
127.0.0.1 www.targetshop.com
127.0.0.1 www.teknosurf2.com
127.0.0.1 www.teknosurf3.com
127.0.0.1 www.websitefinancing.com
127.0.0.1 www2.burstnet.com
127.0.0.1 www4.trix.net
127.0.0.1 www80.valueclick.com
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.extreme-dm.com
127.0.0.1 toolbar.netscape.com
127.0.0.1 actionsplash.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ads.belointeractive.com
127.0.0.1 ads.bluefish.com
127.0.0.1 ads.doubleclick.net
127.0.0.1 ads.inet.com
127.0.0.1 ads.inet1.com
127.0.0.1 ads.intelliads.com
127.0.0.1 ads.realcities.com
127.0.0.1 ads.ucomics.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 adserver1.harvestadsdepot.com
127.0.0.1 ads1.intelliads.com
127.0.0.1 cj.com
127.0.0.1 clickhereforcellphones.com
172.0.0.1 clickheretofind.com
127.0.0.1 clickthrutraffic.com
127.0.0.1 connect.247media.ads.link4ads.com
127.0.0.1 content.uclick.com
127.0.0.1 hitbox.com
127.0.0.1 kr123.com
127.0.0.1 qksrv.net
172.0.0.1 rmedia.boston.com
127.0.0.1 servedby.advertising.com
127.0.0.1 www.actionsplash.com
127.0.0.1 www.clickhereforcellphones.com
127.0.0.1 www.clickheretofind.com
127.0.0.1 www.clickthrutraffic.com
127.0.0.1 www.cj.com
127.0.0.1 www.kr123.com
127.0.0.1 www.qksrv.net
127.0.0.1 w26.hitbox.com
127.0.0.1 ads.nextlevel.com

How to Block all Banner Ads

[titansfreak]

See this for a complete list plus instructions (you still need to add ads.musiccity.com):

http://www.ecst.csuchico.edu/~atman/spam/adblock.s html

Re:Why is this flamebait??

[ThatComputerGuy]

I see you haven't read /. much lately...

The Slimeball Shuffle

[BillX]

Just finished reading the SFGate article on the subject. What particularly struck my interest was the interview with Robert Regular--the name sounded familiar as I got into it with this very same marketing stiff last year, when his company's (Conducent Technologies at that time) TSADBOT spyware somehow got onto my system. (I must admit, as the webmaster of a semi-popular spyware information site, having one go undetected on my own system for nearly a month was rather embarassing.) At any rate, Mr. Regular's answers to my "clueless user" inquiries--not letting on that I had already dissected Conducent's app with a fine-toothed hex editor--led me to almost suggest that he drop the spyware biz in favor of a more lucrative position speechwriting for a certain ex-President.

Rather than redefining "is", it seems that our old friend has found a new home at Cydoor Technologies, makers of another KaZaA-transmitted disease, who are now pushing the ClickTilUWin trojan to spyware-friendly companies.

To quote the article:

• Greg Bildson, chief technology officer of Lime Wire LLC, said the company was led to believe the program did no more than link to a game, making the permission request unnecessary.

• Robert Regular of Cydoor Technologies Inc., which distributed the ClickTillUWin software to the file-sharing companies, said the program wasn't supposed to collect information until users activated it -- and had an opportunity to be notified and decline if they so choosed.

  Regular said he did not believe deception was intended by any of the parties.

I guess some things never change.