Bugtraq mailing list archives

RE: KaZaA

From: "Christopher Wagner" <chrisw () pacaids com>
Date: Fri, 18 Oct 2002 10:44:03 -0700

These ads are most likely "safe" as far as trojans go, depending on your
definition of trojan.  Most of them, however, use ad tracking and
"phone-home" to the originating company.  Many will install cookies and some
will even install other pop-up software on your computer without your
knowledge to pop-up ads based on the content of other sites you visit.

For instance, some pop-up programs will see you going to
"www.competitorswebsite.com" and replace in-line content with content of
their choice or pop-up ads for their site.  Pop-up ads are becoming VERY
intrusive to the end-users' computer.

I recommend not using KaZaA, or getting the "ad-free" version (KaZaA Gold I
think?) of their software.  In addition, I use Lavasoft's Ad-Aware to scan
my system for spy-ware/ad-ware on my computer and remove it.  Bear in mind,
many programs that incorporate ad-ware will NOT function without their
ad-ware, KaZaA is one of them.  Ad-Aware is available for download at their
website www.lavasoftusa.com.

I choose to use other file-sharing programs that do not incorporate
ad-ware/spy-ware in their products.  WinMX (www.winmx.com) or Gnucleus
(www.gnucleus.net), for example.  If you still wish to use KaZaA, you run
the risk of getting "spammed" even when you're not running KaZaA and having
your web content unknowingly altered.  I wish I could remember some
reference sites to give you, but I can't remember any off the top of my
head.  I hope this helps.

- Christopher Wagner
chrisw () pacaids com

Packaging Aids Corporation - Information Systems
P.O. Box 9144
San Rafael, CA 94912-9144
http://www.pacaids.com/
(415) 454-4868 x116


-----Original Message-----
From: David Krum [mailto:frobnitz () msn com]
Sent: Friday, October 18, 2002 9:34 AM
To: bugtraq () securityfocus com
Subject: KaZaA


I'm concerned about all the applications which utilize ie browser controls.
There are a lot of adware programs with little ads.  Some of these ads have
activex, java, flash, js.  Any one of these capabilities in the wrong zone
could be dangerous.

My attention was first drawn to this when I noticed KaZaA launching popups
sourced from the local hard disk.  Surely these ads are running in the local
zone.  To use software that does this I have to trust them to audit the ads
given to them?

_________________________________________________________________
Broadband? Dial-up? Get reliable MSN Internet Access.
http://resourcecenter.msn.com/access/plans/default.asp


SPAM: ---- Start SpamAssassin results
SPAM: 0 hits, 5 required;
SPAM:
SPAM: ---- End of SpamAssassin results

Current thread:

KaZaA David Krum (Oct 18)
- Re: KaZaA Nicholas C. Weaver (Oct 18)
- RE: KaZaA Brenna Primrose (Oct 18)
- Re: KaZaA Alex Lambert (Oct 18)
- Re: KaZaA eD\/ARd0 F/\KEn^M3 (Oct 19)
- <Possible follow-ups>
- RE: KaZaA Christopher Wagner (Oct 18)