Shareaza, a popular file-sharing application that allows users to access Gnutella, Gnutella 2, ED2K (eDonkey) and BitTorrent networks has been hijacked by a company aiming to spread malware throughout the internet. The Shareaza.com site had been down since 22nd October 2007, however since 20th December, the domain has been hosting a scam site. Straight away you can tell something fishy is going on by the copyright notice on Shareaza.com:
Users should be aware that Shareaza was always an open-source community project and so no company should have copyright to the web site and certainly “all rights reserved” looks out of place. Worst of all, the bastards changed the flag on the English language icon from a Union Jack to an American flag!
Shareaza Client Compromised – ShareazaV4.exe
It’s not just the web site that’s been compromised though. Somehow this Discordia crowd, who may (or may not) be a front for the French equivalent of the RIAA, have managed to use their ownership of the Shareaza.com domain to manipulate the update notification feature of Shareaza so that on opening the client users of Shareaza 188.8.131.52 and below are advised that a new version has been released and given the option to upgrade to version 4. Cleverly the message advises users to check the hijacked Shareaza.com site for further information. This version 4 (ShareazaV4.exe) is not a new version of Shareaza and should not be downloaded under any circumstances. Instead, users should upgrade to 184.108.40.206 from the real Shareaza site on Sourceforge (the filename is Shareaza_220.127.116.11_Win32.exe, though a x64 version is also available on the project site). This new version eliminates the aforementioned upgrade notice.
the software on offer from the hijacked site although labeled â€œShareazaV4.exeâ€, is not Shareaza at all but likely a clone of the new malware infested iMesh/Bearshare client and should not be downloaded under any circumstances. Once installed, the software wants to install a search bar and make contact with a central server.
Breaking the Law
It turns out the owner of the Shareaza.com domain sold it to New York-based Discordia ltd who are using it to promote a file-sharing application that installs all sorts of other applications (including third-party ones) on an infected system. There have been claims that the Discordia software hosted at Shareaza.com is illegal and breaks the terms of the GPL, the licence under which genuine versions of Shareaza are released, as well as violating the United States’ Digital Millenium Copyright Act.
Hopefully the Shareaza community can win their legal challenge, however they are loose-knit and may find it difficult to organise. Initially I wondered if they should give up and rebrand altogether, possibly the path of least resistance. Doing that, however, would not only be allowing the vermin at Discordia to walk all over them, but it could also leave them open to the same action again. Incidentally, Discordia is the Roman goddess of strife. I’m sure that’s not a coincidence.
I just hope this post helps spread the word. See also the forum discussions by Shareaza users on the Shareaza.com Takeover over at ShareazaSecurity.be.