EDIT: Thanks RenGx for posting this story in our forum.
Popular file-sharing software from Grokster and the Limewire Gnutella Client contain the W32.DlDer Trojan, Symantec revealed last week.
According to several The Reg readers, the KaZaA utility also contains the same infection.
The Trojan here is a spyware application masquerading as a lottery game called ClickTilUWin. When installing the Grokster or Limewire software, and some versions of KaZaA, the user is given an option to enable the ClickTilUWin feature. Regardless of whether one accepts or declines, the Trojan is installed.
Grokster has offered an explanation of this embarrassing oversight on its Web site:
"Some of you may be wondering why this Trojan was in our installer at all," the company speculates wisely.
"We sometimes bundle advertiser applications with our installer in order to help pay for our costs here at Grokster. We are normally given an installer from the advertiser which we run during the installation of Grokster. We have no access to the source code of these third-party installers and so we rely on what our advertisers say these programs do. To the best of our knowledge, this particular advertiser simply placed a link to a free online lottery on the desktop. We were never informed that it installed or was a Trojan."
The company has released a utility which it says will remove the Trojan, and promises to have a clean version of its software available in a matter of days.
Those who prefer to see to their own Trojan removal need only search for a hidden directory under their Windows directory called Explorer. Simply delete the WindowsExplorer directory, along with the companion file Dlder.exe in the Windows directory.
The Trojan is not destructive, but does phone home to the ClickTilUWin Web site with user data which, presumably, is used for marketing purposes, or is perhaps forwarded to RIAA headquarters to assemble a database of copyright scofflaws.
Download: Grokster - Trojan remover
View: Symantec - Information on W32.DIDer Trojan
News source: The Register - Popular file-share utilities contain Trojans
Popular file-sharing software from Grokster and the Limewire Gnutella Client contain the W32.DlDer Trojan, Symantec revealed last week.
According to several The Reg readers, the KaZaA utility also contains the same infection.
The Trojan here is a spyware application masquerading as a lottery game called ClickTilUWin. When installing the Grokster or Limewire software, and some versions of KaZaA, the user is given an option to enable the ClickTilUWin feature. Regardless of whether one accepts or declines, the Trojan is installed.
Grokster has offered an explanation of this embarrassing oversight on its Web site:
"Some of you may be wondering why this Trojan was in our installer at all," the company speculates wisely.
"We sometimes bundle advertiser applications with our installer in order to help pay for our costs here at Grokster. We are normally given an installer from the advertiser which we run during the installation of Grokster. We have no access to the source code of these third-party installers and so we rely on what our advertisers say these programs do. To the best of our knowledge, this particular advertiser simply placed a link to a free online lottery on the desktop. We were never informed that it installed or was a Trojan."
The company has released a utility which it says will remove the Trojan, and promises to have a clean version of its software available in a matter of days.
Those who prefer to see to their own Trojan removal need only search for a hidden directory under their Windows directory called Explorer. Simply delete the WindowsExplorer directory, along with the companion file Dlder.exe in the Windows directory.
The Trojan is not destructive, but does phone home to the ClickTilUWin Web site with user data which, presumably, is used for marketing purposes, or is perhaps forwarded to RIAA headquarters to assemble a database of copyright scofflaws.
Download: Grokster - Trojan remover View: Symantec - Information on W32.DIDer Trojan News source: The Register - Popular file-share utilities contain Trojans
ADDITIONAL INFORMATION
You can read more about these browser security issues at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-055.asp
For more information about recommended online security practices, go to:
http://www.microsoft.com/privacy/safeinternet/security/best_practices/default.htm
IF CLICKING A LINK DOESN'T WORK...
Copy it, and then paste it into your browser's address bar.
Select the entire link (which starts with http:// and may include more than one line) and then copy it, usually by clicking the "Edit" menu item and then clicking "Copy". Next, open your browser and click in the box where you usually see the Web page address. Paste the link into this box (usually by clicking "Paste" in the "Edit" menu) and click "Go" or "Enter".
NET Passport is committed to protecting your privacy. We encourage you to review our privacy statement at: http://www.passport.com/privacypolicy.asp
As with all security issues, Microsoft is committed to keeping its customers informed. Again, thank you for using your .NET Passport.
NET Passport Customer Support
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.