Feeds

Popular file-share utilities contain Trojans

The rising cost of free music

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Popular file-sharing software from Grokster and the Limewire Gnutella Client contain the W32.DlDer Trojan, Symantec revealed last week.

According to several Reg readers, the KaZaA utility also contains the same infection.

The Trojan here is a spyware application masquerading as a lottery game called ClickTilUWin. When installing the Grokster or Limewire software, and some versions of KaZaA, the user is given an option to enable the ClickTilUWin feature. Regardless of whether one accepts or declines, the Trojan is installed.

Grokster has offered an explanation of this embarrassing oversight on its Web site:

"Some of you may be wondering why this Trojan was in our installer at all," the company speculates wisely.

"We sometimes bundle advertiser applications with our installer in order to help pay for our costs here at Grokster. We are normally given an installer from the advertiser which we run during the installation of Grokster. We have no access to the source code of these third-party installers and so we rely on what our advertisers say these programs do. To the best of our knowledge, this particular advertiser simply placed a link to a free online lottery on the desktop. We were never informed that it installed or was a Trojan."

The company has released a utility which it says will remove the Trojan, and promises to have a clean version of its software available in a matter of days.

Those who prefer to see to their own Trojan removal need only search for a hidden directory under their \Windows directory called \Explorer. Simply delete the \Windows\Explorer directory, along with the companion file Dlder.exe in the \Windows directory.

The Trojan is not destructive, but does phone home to the ClickTilUWin Web site with user data which, presumably, is used for marketing purposes, or is perhaps forwarded to RIAA headquarters to assemble a database of copyright scofflaws.

We don't know which; but we do know better than to install software we know nothing about. ®

Related Stories

Recording industry exploits WTC tragedy to hack you
Recording industry 'copyright DoS attack' rumored

Secure remote control for conventional and virtual desktops

More from The Register

next story
Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really
Windows NEIN skipped, tech preview due out on Wednesday
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
'Google is NOT the gatekeeper to the web, as some claim'
Plus: 'Pretty sure iOS 8.0.2 will just turn the iPhone into a fax machine'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.