File-sharing programs carry Trojan horse

Popular file-sharing programs Grokster and LimeWire are privacy time bombs, say computer experts who found "spyware" bundled with the downloads.

John Borland Staff Writer, CNET News.com
John Borland
covers the intersection of digital entertainment and broadband.
John Borland
2 min read
A pair of popular file-sharing programs have become privacy time bombs, according to computer experts.

Antivirus company Symantec last week reported the presence of "spyware" bundled with Grokster and LimeWire, two popular file-swapping downloads. The code evidently does not damage computers, but it surreptitiously sends personal information such as user ID names and the Internet address of computers to another Web address.

Advertising software called "Clicktilluwin" that comes bundled with the file-swapping programs carries a program called "W32.DIDer," which Symantec has classified as a Trojan horse--a piece of code that takes over parts of a person's computer unseen in order to carry out its own instructions.

Although unrelated advertising programs are routinely bundled with free file-swapping programs--and have prompted some user criticism in the past--this appears to be the first time one of them has included a program classified as a Trojan horse by security experts.

The Trojan horse software installs itself even if a computer user selects an option that appears to block Clicktilluwin's installation. For this reason, antivirus companies are warning people to scan their computers after installing these products to ensure the code is removed.

On the heels of the Symantec warning, some consumers complained of similar problems with FastTrack's Kazaa Media Desktop. CNET News.com could not duplicate the problem in a test of that product Wednesday.

A spokesman for Lime Wire, the company behind the LimeWire program, said the version with Clicktilluwin included had been replaced with a clean version by Tuesday.

"It was not what we thought this was," said Greg Bildson, Lime Wire's chief technical officer. "It was supposed to be a promotional tool...not blatant spyware."

Grokster has gone one step further, apologizing and providing its users with a program that will remove the offending bits of code from personal computers

"We have no access to the source code of these third-party installers and so we rely on what our advertisers say these programs do," the company wrote on its Web site Wednesday. "Now that we have learned of the Trojan, we are doing everything we can to minimize its impact on our users."

Because software programs are among the most popular downloads on the Net, the Trojan horse could potentially find its way onto a large number of computers. Kazaa, for example, is one of the most popular pieces of software available through CNET Download.com, a site operated by News.com's parent company, with more than 1.3 million downloads in the last week of December alone.

Bitter warnings about the code spread through consumer bulletin boards on several different Web sites last week.

"Make sure you have a good virus utility if you must install this," one person wrote on Download.com's Grokster reviews.