Urgent Warning for Shareaza Users – Shareaza.com Hijacked

Shareaza, a popular file-sharing application that allows users to access Gnutella, Gnutella 2, ED2K (eDonkey) and BitTorrent networks has been hijacked by a company aiming to spread malware throughout the internet. The Shareaza.com site had been down since 22nd October 2007, however since 20th December, the domain has been hosting a scam site. Straight away you can tell something fishy is going on by the copyright notice on Shareaza.com:

© 1999-2008 Discordia Ltd. All rights reserved. See our Privacy Policy & License Agreement.

Users should be aware that Shareaza was always an open-source community project and so no company should have copyright to the web site and certainly “all rights reserved” looks out of place. Worst of all, the bastards changed the flag on the English language icon from a Union Jack to an American flag!

Shareaza Client Compromised – ShareazaV4.exe

It’s not just the web site that’s been compromised though. Somehow this Discordia crowd, who may (or may not) be a front for the French equivalent of the RIAA, have managed to use their ownership of the Shareaza.com domain to manipulate the update notification feature of Shareaza so that on opening the client users of Shareaza 2.3.0.0 and below are advised that a new version has been released and given the option to upgrade to version 4. Cleverly the message advises users to check the hijacked Shareaza.com site for further information. This version 4 (ShareazaV4.exe) is not a new version of Shareaza and should not be downloaded under any circumstances. Instead, users should upgrade to 2.3.0.1 from the real Shareaza site on Sourceforge (the filename is Shareaza_2.3.1.0_Win32.exe, though a x64 version is also available on the project site). This new version eliminates the aforementioned upgrade notice.

the software on offer from the hijacked site although labeled “ShareazaV4.exe”, is not Shareaza at all but likely a clone of the new malware infested iMesh/Bearshare client and should not be downloaded under any circumstances. Once installed, the software wants to install a search bar and make contact with a central server.
“Wildcard”

Breaking the Law

It turns out the owner of the Shareaza.com domain sold it to New York-based Discordia ltd who are using it to promote a file-sharing application that installs all sorts of other applications (including third-party ones) on an infected system. There have been claims that the Discordia software hosted at Shareaza.com is illegal and breaks the terms of the GPL, the licence under which genuine versions of Shareaza are released, as well as violating the United States’ Digital Millenium Copyright Act.

Hopefully the Shareaza community can win their legal challenge, however they are loose-knit and may find it difficult to organise. Initially I wondered if they should give up and rebrand altogether, possibly the path of least resistance. Doing that, however, would not only be allowing the vermin at Discordia to walk

all over them, but it could also leave them open to the same action again. Incidentally, Discordia is the Roman goddess of strife. I’m sure that’s not a coincidence.

I just hope this post helps spread the word. See also the forum discussions by Shareaza users on the Shareaza.com Takeover over at ShareazaSecurity.be.

Author: nerd.

An experienced IT professional, I used to run a number of small websites and spend a lot of time tinkering with my sites or my PC - back when I had free time.

14 thoughts on “Urgent Warning for Shareaza Users – Shareaza.com Hijacked”

  1. Thanks Buddy!

    I was one click away from installing it too…thank god I noticed something odd and decided to look around first!

  2. Thanks ever so much for the heads up. Like Mitch, I too believed something fishy to be going on and I was subsequently fortunate enough to read your notice.
    Keep up the good work and please, everyone, spread the word! We’re not ready to lose Shareaza just yet!!

  3. Unfortunately I installed this version 4. I made an account and got onto it. I didn’t download or search for ANYTHING, but still, I feel I was violated, ya know? I trusted this really was a new version (though I was a bit boggled with the skipping of version 3). And then I saw the Discordia, LTD copyright information at the bottom and I knew there was something wrong here.

    On another note, I went to unsubscribe from communications using the URL in the account creation email. I was in Firefox though and I got the notice that they couldn’t continue with unsubscribing me because I didn’t have ActiveX enabled. Wow. Who knows what I would have had installed in my browser if I was using IE.

  4. DeTard wrote:
    I made an account and got onto it.
    I hope you didnt give them a CC number.

    On another note, I went to unsubscribe from communications using the URL in the account creation email.
    No respectable company will require you to have activeX for an unsubscribe.
    This prog is full of weird things, you need to do some research and find out what they are and uninstall them IMHO

  5. Thanks for the warning!! I got suspicious since there was absolutely no information about what was new in v.4 on their website, so I really appreciate your information. Glad I didn’t download it.

  6. Thanks for the heads up…it automatically downloaded via my legitimate version of shareaza, but i didnt install. I dont use shareaza much so wasnt aware of anything untoward.. for some reason i looked shareaza up on wikipedia and found that it had been hijacked. Pretty bad really…shame on them.
    I’m just glad I found this site before i installed it..

    Cheers 🙂

  7. I was also just one click away – I’ve downloaded 4 but not installed it as it looked a little off-key for some reason. As above, thank god I bothered to google 🙂

    Thanks for the warning!

  8. Thanks for the warning Bro! I to was one click away- I downloaded it but saved it to to a folder but found your post before I opened it. Thanks again

  9. URGENT
    ADVISE EVERYBODY THAT THE LPHANT SITE HAS ALSO BEEN TAKEN BY THIS DISCORDIA BASTARDS, DO NOT DOWNLOAD THE PROGRAM -LPHANT V4- UNDER ANY CIRCUMSTANCES, IT IS THE SAME DOWNLOAD OFFERED AT IMESH AND SHAREAZA HIJACKED PAGES

  10. Here is the adress and phone number of sppf, maybe we should all complain to them about creating malicious software under the name of well known open-source titles.

    Société civile des Producteurs de Phonogrammes en France
    28, rue de Châteaudun
    75009 PARIS
    Tél. : +33 1 53 77 66 55
    Fax : +33 1 53 77 66 44

  11. Hi guys,
    I was wondering, which downloadproggram should I use without being fucked like this I’ve read here. Limewire is dead so I need to get my music from somewhere else. Could you tell me which proggram does work well?

    Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *