Kazaa possible backdoor?

[idq990]

ive been telling everyone that the original KaZaA has ****ing spyware, but they wont listen! All they do is just sit there with kazaa and think that they are safe well *errrr* thats wrong! One of my friends has kazaa and they said that their computers are messed up and then crashed! Anyways, all my teachers suck cocks in computers. They dont even know how to print! I have to actually tell them in the simplest words i can but they still dont know! This is crazy! u know i use WinMX, but dont use kazaa or kazaagold

[yanksfan]

Instead of locking the internet down, select Kaza lite only as a pass thru program and engage the internet lock instead (so now Kaza lite only has Internet access). If port 1214 still lights up, then it wasn't kaza using that port.

Don't forget also...the Kaza servers might just be communicating to you through that port (if it is in fact kaza using thsat port) just to see if you computer is still connected. Then again it might be spyware, who knows...

If you're interested in networking and security, read up a bit in networking and download Tiny Personal Firewall. In my opinion, it's better than Zonealarm in many ways. One of them is it doesn't hog as many resources. It's also much more configurable. Just a thought.

-Mike

[thehorse13]

and wondering if someone could tell me about how KaZaa connects to your computer using port 1214 and why it repeats itself when it can't connect?

It would seem that normal Kazaa is blocked because the source and destination port 1214 (TCP/UDP) is blocked, but that Kazaa Lite still works... Why? I did several packet captures with Kazaa Light and it would appear that it preloads known network information. I say this because...

- The initial UDP packets are denied by the firewall; they're unanswered
- The ICMP-based traceroutes Kazaa performs don't contain any meaningful information (unless the ICMP payloads are encrypted which is unlikely...)
- The related DNS queries don't return any relavent information like I first suspected
- The inital TCP connections are to the same IP addresses/port sequences...

I went digging throught the registry and found this value (REG_BINARY):

HKEY_LOCAL_MACHINE\SOFTWARE\KaZaA\ConnectionInfo\KazaaNet

This contained a 2401 byte binary value (4802 bytes in hex). I renamed this value to KazaaNet1, created a new (empty) KazaaNet value, and then restarted Kazaa with a sniffer running... Kazaa Lite hangs (no connection)... and the sniffer didn't capture anything. It would seem that this registy value contains Kazaa network information (just like the value name implies, duh.). I attempted to see if this contained network addresses (as 4-byte octets, not dotted-quads), and didn't find anything, but I didn't try very hard.

Anyway, from what I can tell, Kazaa installs initial network state information in this key. If this key empty and the regular means to "discover" the Kazaa net are blocked (port 1214), I believe you can kill Kazaa dead. Unfortunately, this means that one must search for this key on every system with a suspected Kazaa installation and wax it. I recommend that someone else try this solution and if it works, perhaps one could implement a logon script or use policy to automate the eradication process.

Hope this helps!

[DigitalReligion]

[i] Originally posted [url="http://www.AntiOnline.com/showthread.php?
well ya go spend ****in 20 dollars for a cd i will d/l all them for nuthing!!!! get all you buy for free!!!!!kazaa is not a back door to virus's if you use it right you wont get virus's!!if you use some judgement and your brain!!! and there are tones of verified web sites to cut the virus bullshit and fake file crap!!!! and also a good firewall thats configured right will cover all attempted access attempts so kazaa is no back door!!!and that kazaa inbound that you see on ya firewall is kazaa connecting to supernods!!!!come on ppl i thought this site was filled with good info and smart ppl till i seen these posts!!!!get sum knowledge befor you condem a program!!and if you dont know the forum will explain all your question that you may have conserning kazaa and computers related problems!!!!and the forum will also shoot ya stupid ass scare tatic's to hell!!there is nothing going to happin to kazaa "no riaa no body will ever shut it down cause they will have to bust all supernodes that are runnin"and thats impossable cause alot of them are in countries that fileshareing is legal!!and the usa cant stop kazaa cause kazaa is not bound by us law!!!cause its was made by a offshore company
called sherman networks and also the ppl that own the fasttrack network are in a country where file shareing is legal !!!so scare tatic smear tatics!!! you are not scareing anyone cause ppl that read this will come to your site and see its all false!!!!!if ya wana smear sumtin go smear roxio for shoty programs or microsoft for makin a patch for a patch!!!!

get real here ppl!!
im not here to diss anyone im just saying its all bullshit!!!
well anywho im going to d/l a movie now and i will be thinkin bout you buying it at the same time and laughin my ass off !!!! have fun blowing ya money!!! you all know i dunn saved $2.000 on software and two hundred dollars on music cd's!!!!! [/B]

You, my friend, are why the filesharing "industry" is getting attacked.

A) Buy CD's after you try out the material (unless it sucks piece...or you only like 1 song)
B) Sharman Networks can, and is being sued in US courts because there was a ruling to OK it.
C) All your 2k worth of software is illegal
I dont object to the last one as much, because some software (namely Photoshop and some 3d rendering programs) cost hundreds of dollars for a full featured legit copy. This isn't fair to the consumers who aren't doing anything commercial with it, and just want to play around...

[crisco]

hey yo, something you might want to try is downloading ad-aware. i think the latest version is 6.0 or something like that. you can get it from download.com or from tucows.com for free. what it does is scan your computer for spyware software and reports back what it finds. from there you can choose to remove them. good luck!!

[DigitalRepose]

personally, I've found that Kazaa can be used for only two things, downloading anime mpegs, or getting MP3s. There are so many safer and faster P2P programs out there, that I'd just uninstall and get winMX or sumetin
out

[Sysop]

Here's how to disable the Kazaa spyware ads

Be sure to install (Kazaa) first. Under Win98,XP,ECT., it gets installed as \Windows\system32\cd_clint.dll. Make a copy of the original and save it under a different name that you'll remember, say, "cd_clint.org". Then just copy the dummy file included here into \Windows\system32. The reason you need to save the original file is that if you try to uninstall KaZaA, the uninstall will refuse to run because of the dummy cd_clint.dll. So if you uninstall KaZaA, first delete the dummy cd_clint.dll. Then rename the cd_clint.org back to cd_clint.dll. The KaZaA uninstall will then work correctly.

Change the file ext. of the file I included from "cd_clint.txt" to "cd_clint.dll"

Que / Co-Op / Sysop

How to Set MAXIMUM SEARCH/DOWNLOAD Beyond 100

Using the Regedit program in Windows, you can expand the number of search items and downloads that KAZAA/Morpheus will return.

To do it:
a) click the Windows "Start Menu" button
b) click "Run"
c) type "regedit" and hit <enter>
d) click the "+" in front of "HKEY_CURRENT_USER"
e) click the "+" in front of "software"
f) click the "+" in front of KAZZA/Morpheus (whichever you have)
g) click on the folder in front of "Advanced"
h) double click "MaxSearchResult"(in the right-hand window)
i) click on the circle in front of "decimal"
j) change the Value Data field (to something like "500")
k) click on "OK"
I) click on the folder in front of "Transfer"
L) double click "ConcurrentDownloads"(in the right-hand window)
M) click on the circle in front of "decimal"
N) change the Value Data field (to something like "500")
O) click on "OK"
X) close regedit (by clicking on the "X" in the extreme upper right corner of the regedit window)

The next time you run a search in KAZAA/Morpheus, you will be able to receive more than the normal 100 result limit.

NOTE: if you make any changes to (or just visit) your Tools:Options:advanced screen, it will complain about your maximum search count being too high. You will need to cancel out of the screen (OK X out!)

Enjoy

[jinxy]

Try TDS3 for trojans (http://tds.diamondcs.com.au/) its alot more complex to use than the cleaner but it seems to be more thorough when its configured correctly. Also its got some usefull tools to investigate whats going on in your puter.