Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware in Kazaa, Limewire, Grokster

Posted by michael on from the comp.risks dept.

BigMacMike writes: "The San Francisco Chronicle (via the sfgate.com website) has a story that Kazaa, LimeWire, and others have secretly hidden software in their applications that track users' browsing habits." Not the first time. The corporate response is that they literally didn't know what was in these secondary applications that they were providing to be downloaded and installed alongside their primary program. Believe it if you wish.

16 of 364 comments (clear)

  1. Hm..... by bleckywelcky · · Score: 2, Interesting



    Does it really matter all the much? Most of the stuff spyware could obtain from my uses would be pretty useless anyhow.

    1. Re:Hm..... by psxndc · · Score: 2, Interesting
      Not useless to the marketing people, especially if the RIAA or MPAA say "Hey kazaa, we'll make your life hell" (like they're already trying to do, but can't, etc) and kazaa says "please don't hurt us. How about all this free data on people's downloading habits in exchange for easing a little pressure. What movies they download, what songs they listen to, etc?"

      psxndc

      --

      The emacs religion: to be saved, control excess.

    2. Re:Hm..... by FFalcon · · Score: 3, Interesting

      I don't know about anyone else, but anytime I install an app and I see that it has installed other crap without my permission, I dump it.

      Netscape 6 pulled the same trick, covering my desktop with AOL ads. It lasted about 5 minutes before I got fed up and unintalled (only later found out about Mozilla).

      It's time for distributors of software to be up-front about the adware/spyware/sleazeware that they bundle with their product. Until then, we'll have to vote with our disk space by not using these programs. Instead of Kazaa, check out Morpheus, which performs the same function but without the "Clicktilluwin" garbage.

      --
      The Day Our Eyes Were Opened
  2. Mac versions by anfloga · · Score: 2, Interesting

    Does anyone know if this applies to Mac versions of Limewire?

  3. A dangerous precident by GSAlien · · Score: 2, Interesting

    I was under the impression that it was illegal for companies to install this sort of spyware. Is it legal for companies to write software that reports back to the creator. If so, is it illegal under the DMCA to block those reporting mechanisms in your firewall?

  4. Death Knell for Closed Source Software by Black+Parrot · · Score: 3, Interesting


    IMO, spyware is the single issue that is going to weigh heaviest in the scales in the eventual switch of businesses (and sensible users) from CSS to OSS.

    It's a real shame, though, that most businesses can't seem to see any value in the internet beyond collecting data about consumers.

    --
    Sheesh, evil *and* a jerk. -- Jade
  5. BearShare by MoceanWorker · · Score: 5, Interesting

    another program that gives a user access to the gnutella network comes with 3 spyware programs to spy on users...

    first being Onflow Media Player... it is a Flash-like browser plug-in which displays animations and transmits user behavior information (not further specified) to the Onflow central servers.

    second being SaveNow... SaveNow displays context-related shopping pop-up windows in IE... the context information seems to reside on the client side so that no information has to be transmitted to the central server

    third being New.net, which is an alternative Domain Name Service which allows you to connect to TLDs like .free , .shop, .game and .xxx, etc, etc.... also, as they have to query an alternative DNS to let you access these sites, they will be able to track every visit to new.net-"powered" sites.

    not to mention all of these programs have silent auto-updates...

    why can't we all just use FreeNet? :-\

    --


    "The ones who dont do anything are always the ones who try to pull you down" -- Henry Rollins
  6. That's why I use the other Fasttrack client by xX_sticky_Xx · · Score: 2, Interesting

    I've seen the discussions on the Fasttrack forums about this problem. The creators have consistently denied knowledge that the programs were indeed spyware. My question: when the sales people from these spyware vendors were offering Kazaa et al money to include these programs in the clients, what did the Kazaa creators THINK the purpose of said programs were? It seems just a little too easy to claim total ignorance on this.

    --

    ---

    I didn't want to leave this space blank.
  7. Here's an article by alleria · · Score: 2, Interesting

    from The Register as well about this.

  8. Re:originally called a trojan by H310iSe · · Score: 5, Interesting

    It was in the register (my other regular read who scoops slashdot at least 1/2 the time BTW) - and people above seem to have been missing the point, yes, this is not gator or some other silly thing, it's spyware classified as a trojan by antivirus vendors because, it appears, no-one knows what exactly it does.
    LINKS: - the register article
    zdnet on the trojan
    symantec listing the file as a trojan

    --
    closed minded is as closed minded does
  9. Re:Corporate ramifications by Bert64 · · Score: 2, Interesting

    P2P isn`t illegal, nor is the mp3 format... but that`s not what a lot of people seem to believe.. I was told to delete ALL mp3 files from my computer at work, I even had a personal visit to my office by someone assigned to task of deleting mp3s. I had mp3s of my own creation, aswell as mp3s of some friends music, where i know the artists well, and perfectly legal posess mp3s of their work. But because of the public branding of mp3s as being "pirated" music files, i couldn`t convince the people at work, and the files were deleted. They then had the nerve to pass me a catalog and ask me to buy some CD`s to listen to at work.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  10. limewire by Cardhore · · Score: 3, Interesting

    It seems the spyware is windows only. Also worth mentioning is that you can compile Limewire from CVS and doing that you will not compile the spyware. However...

    Limewire (for Windows) installs spyware even if you uncheck the box!

    --
    Got friends?
  11. Re:Data protection.... by Bert64 · · Score: 2, Interesting

    Some people are on lines which charge for data transfer volume, leased lines and corporate ADSL in germany for instance, charging upto 35DM per gigabyte, but spyware would have to transfer a lot of data to start costing the victims money.
    Perhaps someone should reverse engineer the protocols used by these tools, and create a program for people to run, which sends random/garbage data back to the central server.. It would be amusing to know i am visiting http://ybgqjXimzgsrcgggz2Bjzt7mminfhy/jJsb94Vag a lot...

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  12. Double standard by Random+Feature · · Score: 2, Interesting

    What I find most disconcerting about this entire situation is that if I do something like this I'm a "bad girl" and face possible charges under vague federal law but when a company does it nothing happens to them - they issue an "apology" and it's over.

    -------

    --
    I don't have a solution, but I certainly admire the problem.
  13. Spyware in Mozilla by rasilon · · Score: 2, Interesting

    Although it hides as the "What's Related" feature, Mozilla does exactly the same thing. Every URL you visit is sent to xslt.alexa.com. Just try it: add "127.0.0.1 xslt.alexa.com" to your /etc/hosts, fire up apache and Mozilla and tail the logfile...

    127.0.0.1 - - [06/Jan/2002:10:58:03 +0000] "GET /data?cli=17&dat=nsacdt=t%3D1%26pane%3Dnswr6%26wid %3D4832&url=http://www.google.com HTTP/1.1" 404 276 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011012"
    127.0.0.1 - - [06/Jan/2002:10:58:08 +0000] "GET /data?cli=17&dat=nsacdt=t%3D0%26pane%3Dnswr6%26wid %3D4832&url=http://www.google.com/search HTTP/1.1" 404 276 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011012"

  14. Re:Spyware risks by netringer · · Score: 2, Interesting

    It was only when my system started slowing down(sluggish games , slow window redraws) that I noticed that it has a loaded a spyware(SaveNow).

    Yeah. The home PC is Pentium II 350. It works fine unless there are a half dozen .DLLs running in the background and/or intercepting every CPU instruction for whatever reason. What I'm endlessly tracking down and stomping out is ANY unneeded .DLL that is taking CPU cycles. I remove and unstart virus scanners, add-ons. and plug-ins until the system peps up and seems usuable again.

    I just had I.E. lock-up fairly often- not even the scroll bars worked. I finally figured out that it was just pegging the CPU. Now I I know that it was because I had the damned CyDoor .DLL desparately trying to send off stolen spy data on the last few URLs I went to.

    I don't suppose the programmers hired by these scum put any emphasis on getting the spyware to be effecient code that will behave well. You know they write and test it on a current 1GHz Intel and if it works mostly OK there it goes out to infect the unsuspecting masses.

    I'll have a new AMD Athlon desktop system real-soon-now. It's sad that you have to add CPU horsepower just to have a viable system that can defend itself from these scum buckets.

    Before you hit reply to tell me to run a real O/S and a real browser, know that I use Opera, Netscape, and Mozilla. I also use those to check on where a bottleneck is. It is good to know that these scumbags don't write .DLLs to intercept those. I need IE for sites I tolerate where Java is .asp-Java-on-Windows-with-IE. I also dual-boot the PC to Mandrake.

    --
    Ever dream you could fly? Get up from the Flight Sim. I Fly