"Fake Shareaza" takes over updates from the real thing

Posted by Erica George Wed, 20 Feb 2008 21:06:00 GMT

Users of the popular filesharing application Shareaza are reporting that a competitor has taken over a former Shareaza website and is using it to overwrite the real Shareaza application with an impostor posing as an update.

How is that possible? According to Sarah Pike at AppScout:

Someone took great advantage of old code in Shareaza, which checks for updates with, among other URLs, www.shareaza.com, which another company has now registered. So when the real Shareaza does its regular thing and checks in for updates, it offers to download the fake Shareaza to replace itself.

For software producers, this is an important wake-up call. If your software automatically checks a website for updates, you’re responsible for what that website delivers to your users, so it’s important to maintain control of that site.

Users shouldn’t see the Shareaza switch as a reason to forgo software updates. As the AppScout post discusses, in this kind of social engineering scam there are often warning signs that something may not be quite right. Be sure you read dialog boxes carefully before clicking OK and agreeing to anything, including an update. And do your best to stay informed about the software you use by signing up for alerts from the distributor, or regularly checking for news.

Posted in all | Tags scams, socialengineering

Fake Tor application delivers badware punch

Posted by Erica George Fri, 07 Sep 2007 20:53:00 GMT

You may have received an email over the past few days with a message about online privacy – a common subject line being “You are being watched online.” The messages urge the reader to download Tor, a distributed anonymity program popular as a tool to circumvent censorship. Unfortunately, the links in these messages don’t lead to the actual Tor download, but to a dangerous rogue application and pages that attempt to install badware on the user’s machine.

The real Tor website is located at tor.eff.org, and the real Tor software can be downloaded there. Legitimate copies of Tor are verifiable through instructions on the Tor website.

Rogue applications attempting to hijack the popularity of legitimate programs are unfortunately all too common. For example, many rogue applications purport to be anti-spyware tools but are in fact themselves damaging. It’s always a good idea to check out the reputation of any software you’re considering installing, and to verify that the version you’re considering comes from a reputable source. Similarly, be wary when following links in emails from sources you don’t know. An unsolicited link could lead to a page hosting drive-by badware downloads.

You can read more about the Tor spoof in BoingBoing and PC World.

Posted in all | Tags drivebydownload, email, rogue, scams, tor