Spyware Trail Leads to Kazaa, Big Advertisers

eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The StopBadware.org coalition, funded by Google, has listed the Kazaa file-sharing application at the top of a list of noxious software programs that present a threat to business and consumer users.

The coalition, which counts Sun Microsystems and Lenovo among its sponsors, will recommend in its inaugural Badware Report that users stay away from Kazaa and three other programs that can be combined with Trojans and bots for use in data theft attacks.

Adware and spyware programs that come bundled with peer-to-peer applications present a huge security risk to corporate networks, and StopBadware.org says Kazaas claim to be spyware-free cannot be trusted.

“[Kazaa] does not completely remove all components during the uninstall process, interferes with computer use, and makes undisclosed modifications to other software,” the group said in the report, which is scheduled for release on March 22.

In addition to Kazaa, StopBadware.org said computer users should stay away SpyAxe, a rogue anti-spyware program; MediaPipe, a download manager that offers access to media content; and Waterfalls 3, a screensaver utility.

/zimages/1/28571.gifRead more here about Googles backing of the StopBadware coalition.

In Kazaas case, the report said the P2P agent comes bundled with several annoying and potentially dangerous adware and spyware programs, including TopSearch, AltNet Peer Points manager, BullGuard P2P, Cydoor, The Best Offers, InstaFinder and RX Toolbar.

Some of these third-party software applications cannot be closed by the average user and, in some cases, the uninstallation process does not eliminate all components related to Kazaa and its bundled programs, the report said.

After the uninstaller was run, the coalitions testers found that executables and system components still remained, including the Kazaa Plus Installer. Additionally, the group found that Kazaa and its bundled applications added new links to the Windows Desktop without disclosure during the installation process.

InstaFinder, one of the applications bundled with Kazaa, even changed the default 404 page and DNS (Domain Name System) error pages in Internet Explorer without disclosing the modification to the user, the group said.

/zimages/1/28571.gifDo anti-spyware suits mean a new era for the security industry? Click here to read more.

The report also recommends that Sharman Networks, the company that distributes Kazaa, stop claiming that the software is spyware-free and ensure that Kazaa is not bundled with programs that cannot be closed by the user.

Sharman is also urged to remove all executables, system components and registry keys during the uninstall process and to notify the user about changes to the desktop and other software modifications.

Next Page: Big advertisers fund adware.

Big Advertisers Fund Adware

MediaPipe, which is distributed by London-based Net Publican, also found a place on the badware list because it does not fully disclose what it is installing, does not completely remove all components and “obligations” during the uninstall process, and modifies other software without disclosure, the coalition said.

SpyAxe, which is regularly flagged by anti-virus researchers as a dangerous malware threat, also made the list because it fails to uninstall completely, is difficult to exit without purchasing the full version of the product, interferes with computer use and modifies other software without disclosure.

The group also warned that Waterfalls 3 from Screensaver.com is a potential spyware threat that is bundled with a Trojan-like program and modifies other software without disclosure.

/zimages/1/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

The release of the StopBadware.org report comes on the heels of a report from the Washington-based CDT (Center for Democracy and Technology) that identified several large, well-respected companies that are helping to fund the virulent spread of unwanted and potentially harmful adware by paying for advertisements generated by those programs.

The CDT report, here in PDF format, titled “Following the Money: How Advertising Dollars Encourage Nuisance and Harmful Adware and What Can Be Done to Reverse the Trend,” shows how major advertisers take advantage of a complicated network of middlemen to advertise products and services though pop-ups and other ads generated by adware.

According to CDT deputy director Ari Schwartz, the Center contacted 18 advertisers that had advertisements served by 180Solutions, a company that is being sued for unfair and deceptive practices, to ask if those businesses had any policies that address nuisance or harmful adware.

/zimages/1/84833.gifZiff Davis Media eSeminars invite: Learn to proactively shield your organizations against threats at all tiers of the network, Symantec will show you how, live on March 21 at 4 p.m. ET. Sponsored by Symantec.

Schwartz said 11 of the 18 companies did not respond, and identified them as NetZero, People PC, Altrec, Waterfront Media, LetsTalk.com, uBid, GreetingCards.com, True.com, PerfectMatch, Club Med Americas and ProFlowers.

The CDT report also reported on discussions with some companies that did respond to the questions, including Netflix and eHarmony.

Anti-spyware critic and security researcher Ben Edelman has also published findings on advertisers that use 180Solutions, including several screenshots that show pop-up advertising from the list of advertisers mentioned in the CDT report.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.