Saturday, December 03, 2005

Shareaza spyware?

I was using the P2P program Shareaza the other day (downloading non-copyrighted files, I assure you) and I noticed that my anti-virus software was filtering outgoing mail. The strange part about that is that I don't have a web client configured (I use Gmail). I began trying to figure out which application was trying to send the mail and it turned out that it was Shareaza which is not supposed to have any spyware. The scary part was that the message was being sent to a Russian domain.

I couldn't find the e-mail that was trying to be sent (by checking in AVG's outbox), and after a quick search through the source code, I couldn't find any reference to a .ru address. I'm going to assume that the application has been hijacked somehow, but I used the opportunity to wipe the hard drive and make sure my file system was intact.


UPDATE: after doing some searching on spyware in Shareaza, I managed to find these comments suggesting that it does, in fact, contain spyware:
http://www.download.com/Shareaza/3641-2166_4-9062723.html

UPDATE 2: I managed to find this posting on Shareaza's Wiki:
http://wiki.shareaza.com/static/Troubleshoot.Email
Basically, a computer that Shareaza is trying to connect to is using port 25 as it's "listening" port. This is reserved for SMTP, but when you put Shareaza into "Random Port mode", 25 could occasionally come up. Based on this info, Shareaza does NOT (currently) have spyware.

UPDATE 3: In case you didn't know, the Shareaza domain has been hijacked by scammers, and they have released a version of Shareaza that is loaded with spyware. Do not use Shareaza unless you get it from Sourceforge

http://torrentfreak.com/scammers-move-to-seize-shareaza-trademark-080302/

According to Wikipedia, here is the latest info:

Domain takeover / transfer

On 19 December 2007, the project's domain name, shareaza.com, was redirected to an unrelated site, promoting the download of an spyware client known as ShareazaV4.[4] As a result, the original project was forced to move their home page to SourceForge.net.

Since 1 January 2008, the new domain takes advantage of Shareaza's built-in automatic update feature to suggest to users that the ShareazaV4 application is an update to Shareaza. This vulnerability was fixed in Shareaza 2.3.1.0.[5]

The La Societe Des Producteurs De Phonogrammes En France (SPPF), the representative of recording labels in France, has taken legal action against Jonathan Nilson since his name was under the domain shareaza.com at the time.

Attempted trademark takeover

On January 10, 2008, the new owners of Shareaza.com, Discordia Ltd (iMesh Inc.[6]), filed for trademark registration of the Shareaza name, claiming that the first-ever use of this name was on December 17, 2007.[7] The Shareaza Development Team urged users of the program to send Letters of Protest to the patent office and set up a legal defense fund.[8]

2 comments:

Joao Esc said...

Hello Chris Clark. I was doing the same research you did but according to the german anti spyware a-squared Shareazza is packed with medium risk trace cookies. More than sixty... I used Shareazza for some time but I think it is extremely invasive. I had to use the registry level to delete all Shareazza files and took hours because I've found Shareazza nearly everywhere. Besides this problem I think it may probably have a global hook, just like Real Player. The firewall Comodo showed me that it might be the case. Anyway, Shareazza also came to me with to trojans and I wonder whether Shareazza itself is not a disguised
spyware. I wont use nevermore.
Gook luck anyway,
joao esc.

Unknown said...

Yes, you are correct. The original post was from a couple of years ago, but the Sharaza name has been hijacked by some cock suckers that only want to spread their shit around the world. They somehow stole the domain name, then took the open source Shareaza and jammed it with their shit and are infecting computers all over the world. Thanks for reminding me about this post, I'll add a new update.