:: SECURITY

Trojan Horse detected in freeware
Thursday, January 03 2002
by Matthew Clark

Send story to a friend
Print this Story
Symantec has issued a security warning for two freeware programs that can send personal information from a PC without the knowledge of the user.

According to Symantec, which issued the warnings on 29 December, the threat was bundled with Grokster and LimeWire, two file-swapping downloads available for free on the Internet. The e-security company classified the threat as "low risk" to users and said that the problematic software does not damage computers. However the Trojan Horse does send personal information, including user ID names and the Internet address of the infected PC to other Web addresses.

The program cited by Symantec is a piece of free advertising software that comes bundled with Grokster and LimeWire, called "Clicktilluwin" or W32.DIDer.

It is thought that the decision to classify Clicktilluwin as a Trojan Horse may be the first time such a program has been officially cited as a risk by e-security experts.

Although often criticised for the practice, advertising programs are commonly bundled with freeware on the Net as means of helping to pay for the free program.

The primary reason the program has been classified as a security risk is because Clicktilluwin installs itself even if the user selects an option that appears to block its installation, Symantec said. Furthermore, the distribution of personal data is done without the user's knowledge.

"It is now a generally accepted rule in the industry that data gathering with the permission of users is unacceptable," explained Dermot Williams, managing director of the Dublin-based e-security company Systemhouse. Williams told ElectricNews.Net that this "spyware" was used more prolifically at the height of the dot.com boom when the number of unique users for a company's software or Web site "equated to dollars." Williams said that spyware is not as popular now but is still in use.

Williams also said that Grokster and LimeWire have not been held responsible for the incident by Symantec or other e-security companies, since the problem software was developed and bundled by a third party. "Grokster and LimeWire were blameless for this apart from their procedures," he said.

Following the warning and a number of complaints by customers, LimeWire apologised for the problem and said it had released a new version of LimeWire, clear of the Trojan horse and available on the company's Web site at http://www.limewire.com/index.jsp/trojan.

Grokster also apologised for the problem, saying it was unaware of what the program did. "To the best of our knowledge, this particular advertiser simply placed a link to a free on-line lottery on the desktop. We were never informed that it installed or was a Trojan," the company said in a statement.

Grokster is providing a utility on its Web site to remove all trace of the threat. That tool can be found at http://www.grokster.com/.


:: MORE NEWS from SECURITY

© Copyright ElectricNews.Net Ltd 1999-2002.