According to virus experts, some versions of Grokster, LimeWire, Kazaa, a beta of BearShare and some versions of Net2Phone contain W32.DlDer.Trojan. It is a well known fact, that most file sharing software carries spyware. Although this is annoying to most users, it is met with understanding, since developers need to raise cash. The release of various spyware hunters however, like Ad-Aware has made it easy to remove such software.
The trojan included with the executable of the above utilities cannot be spotted by Ad-Aware. W32.DlDer.Trojan comes as part of the ClicktoWin ad package included with the software. Its most disturbing feature is that it actually asks you if you wish to install it or not. Whatever your choice may be, the Trojan will attach itself to your system.
Although this is not a destructive trojan and it will not damage your system in any way, it still will send some personal information from your PC. According to Symantec the Trojan appears to be sending some information (such as User-ID and IP address) to the following URL:
http:/ /www.2001-007.com
The nature of the information sent is suspected to be the usual marketing stuff, although some users have suggested that it may be information about our download habits that is being sent to the RIAA. It is easy to tie the legal action against Grokster Kazaa and Morpheus with the Trojan contained in them. Whatever the truth may be, most users will get rid of the Trojan now that it is out in the open.
LimeWire have no mention of this in their website, but the newest downloadable version of Limewire does not include the Trojan. This can be viewed as hypocricy since the company seems to be abandoning all users that have already installed previous versions.
The official Grokster press release about this matter reads as follows:
It has recently come to our attention that our previous Grokster installer for about a three week period contained a trojan known as W32.DlDer.Trojan. This trojan was apparently installed by one of our advertisers, ClickTilUWin. We have since removed the advertiser's installer and our downloads are trojan-free as of 1/1/2002. Some of you may be wondering why this trojan was in our installer at all. We sometimes bundle advertiser applications with our installer in order to help pay for our costs here at Grokster. We are normally given an installer from the advertiser which we run during the installation of Grokster. We have no access to the source code of these third-party installers and so we rely on what our advertisers say these programs do. To the best of our knowledge, this particular advertiser simply placed a link to a free online lottery on the desktop. We were never informed that it installed or was a trojan. At that time, anti-virus software did not pick it up as such. Thus, the trojan was not detected by us. Now that we have learned of the trojan, we are doing everything we can to minimize its impact on our users. Even on the Symantec website, this is classed as a category 1 threat, which is the lowest level of threats possible and, per their website, means it "poses little threat to users.
Read on to find out how to spot and remove the Trojan from your system, if infected...
