Shareaza.com Hijacked and Turned Into a Scam Site

[Bolt_Gundam510]

by enigmax

Shareaza.com, the home of the hugely popular Shareaza multi-network sharing application, has been hijacked by scammers. Unsuspected visitors to the site will be completely unaware that they will be tricked into downloading something that isn’t Shareaza at all, but subscription-based malware infected software instead.

The announcement on the SourceForge page of the Shareaza client was ominous:

“As of December 20th, “Shareaza.com” is mirroring “Shareazaweb.com” - A known scam site. While we are working to resolve the matter, any help to contain this would be appreciated.”

The site looks convincing enough, labelled as it is “The Official Home of Shareaza” with the new operators of the site having seen fit to steal some of the original Shareaza artwork (originally created by ‘RocketX and Kid’) to complete the look. So who has taken over the domain?

According to Skinvista, a developer from the ‘real’ Shareaza, the situation is as follows:

“At this time the Shareaza.com destination is now controlled by iMesh/MusicLab LLC, an unauthorized Madison Avenue (New York) based company, with servers in Israel. MusicLab LLC previously acquired iMesh.com and Bearshare/Bearflix.com following lawsuits. It now appears the known scamsite Shareazaweb.com was a placeholder for the planned takeover of Shareaza, relating to another ongoing lawsuit.

It is urgent that people understand the software on these iMesh/MusicLab sites is suspicious, misrepresented, and illegal -breaking GPL and DMCA among other laws.”

As if this strange case needed any more twists in the plot, consider this. On October 26th 2007, the main Shareaza site went down due to unknown “personal matters”.

TorrentFreak asked ‘Wildcard’ a ‘real’ Shareaza developer what happened to the site. He explained: “That’s one of the mysteries. The main hosting server went offline, it had the Shareaza site, wiki and forums on it. The only information that made it this far, was that it was down due to personal problems with the owner of the server machines. what those personal problems were, medical or legal, we don’t know.”

Luckily the Sourceforge site was restored from an earlier backup.

However, the hijacked Shareaza.com domain now points to a server where it is hosted along with some other questionable sites, including bandoo.com, bearflix.com, bearshare.com, daemonsearch.com, imesh.com, imesh.net and musiclab-llc.com.

Apparently, there are lawyers involved now but the loose-knit Shareaza team are advising that it may be prudent to move forward on the basis that the domain won’t be recovered. A source close to this case has told TorrentFreak that Jonathan Nilson, the owner of the Shareaza.com domain has been contacted and he has confirmed that he has sold the domain to the scammers. It looks like the domain is lost forever, a big impact following the loss of the main site in October.

‘Wildcard’ explained that the software on offer from the hijacked site although labeled “ShareazaV4.exe”, is not Shareaza at all but likely a clone of the new malware infested iMesh/Bearshare client and should not be downloaded under any circumstances. Once installed, the software wants to install a search bar and make contact with a central server. Unlike Shareaza - which is abslutely free and has a reputation for being non-profit and shunning involvement with money - the hijackers are touting a subscription based product.

Indeed, the operators of iMesh even tried to trick people into thinking that the reputable GRC site endorsed the iMesh client - an assertion which is completely untrue.

Anyone wishing to find the real Shareaza client should head over to the project’s SourceForge page.

Developing story

Update: A contact of Jonathan Nilson is reporting that Nilson can neither confirm nor deny that he sold the domain to the scammers.

Source: Torrent Freak

[LoKz]

WoW.....

[Ambrocious]

And then Hitler successfully conquered the world while no one did jack diddly sqaut...WAIT A MINUTE! Can't anything be done bout this????? For God sake...just have the site killed or deleted or whatever!

[myidisbb]

And then Hitler successfully conquered the world while no one did jack diddly sqaut...WAIT A MINUTE! Can't anything be done bout this????? For God sake...just have the site killed or deleted or whatever!

legal court wise:

even if you figure out who now legally owns the web site they are most likely hiding their money anyway. these peple dont pay any kind of taxest. no doubt they front other criminal acts. might even be link to a terrorist group.

the only way to take care of this is to add them to search and destory sites and other no no listings, crash the site, have so called elite hackers attack them. and OJ or Blake their family & own azzes. (any family member just as guilty for knowing about it, part of it and enjoying the money from it, just like the south american drug lords)

please delete or edit out the above lines if it needs to be.

i wonder if the riaa owns the scam sites. be funny since they be breaking dmca and copyright laws. something sony would do for sure. (from pass actions)

[Chappy]

Talk about your "Hostile Takeover" eh...jeez.

I'm surprised that they were able to put enough pressure on the Shareaza owner for him to sell the domain name (if he really did this).

[dock98]

Talk about your "Hostile Takeover" eh...jeez.

I'm surprised that they were able to put enough pressure on the Shareaza owner for him to sell the domain name (if he really did this).

money talks.

[bearoninternet]

by enigmax

Unsuspected visitors to the site will be completely unaware that they will be tricked into downloading something that isn’t Shareaza at all, but subscription-based malware infected software instead.

Source: Torrent Freak

I downloaded the exe just to check out what kind of nasty things they do with their

* No Spyware

* No Popups

* No Adware

* No Trojans

product.

What's really strange is nod detected nothing at all. ;)

Anybody else (don't execute unless your suicidal) give it a go with another av?

[shought]

I downloaded the exe just to check out what kind of nasty things they do with their

* No Spyware

* No Popups

* No Adware

* No Trojans

product.

What's really strange is nod detected nothing at all. :blink:

Anybody else (don't execute unless your suicidal) give it a go with another av?

You scanned the installer. Right?

I did so too here are the results:

Anti-Stealth technology activated.

Scanned drives, folders and files: C:\Documents and Settings\Shought\Bureaublad\ShareazaV4.exe

Scanned items: 165

Found virusses: 0

Finished: 16:11:16

Total scan time: 2 sec (00:00:02)

I guess the included malware is spyware which NOD32 isn't allowed to remove, the post said something about 'subscription-based malware', maybe that has something to do with it. If you want to be sure install it on a Virtual Machine and scan the Virtual Machine with Spybot S&D afterwards ;-)

Another possibility is that when you RUN the installed 'Shareaza' it'll download malware to your computer.

[bearoninternet]

I guess the included malware is spyware which NOD32 isn't allowed to remove, the post said something about 'subscription-based malware', maybe that has something to do with it. If you want to be sure install it on a Virtual Machine and scan the Virtual Machine with Spybot S&D afterwards ;-)

Another possibility is that when you RUN the installed 'Shareaza' it'll download malware to your computer.

You might be right.

Anyway, i am curious if other av-scanners (like kaspersky) are able to detect anything. :blink: