I am paranoid. I am afraid of using Kazaa. Is it possible to get hacked if I download MP3 or MPEG files from someone's PC by using Kazaa? I have firewall installed.
Can trojan or any other software be hidden in these MP3 & MPEG files?
Printable View
I am paranoid. I am afraid of using Kazaa. Is it possible to get hacked if I download MP3 or MPEG files from someone's PC by using Kazaa? I have firewall installed.
Can trojan or any other software be hidden in these MP3 & MPEG files?
Can a trojan be hidden using p2p yes your best shot have an updated antivirus running all the time and pay attention and what kind of file are you downloading. Besides that using Kazaa you'll be prey for popups and publicity... if you wanna give a try go for kazaalite www.kazaalite.com
Yes it is possible to get hacked by using these programs.
There have been vulnerabilities found in some of the p2p network applications already.
The links below deal just with kazaa, but you can find them for practically any p2p application.
http://www.secunia.com/advisories/8231/
http://cert.uni-stuttgart.de/archive.../msg00319.html
http://www.securitytracker.com/alert...l/1004843.html
You are creating a direct connection to their PC. You give them an IP address and a motive.
Viruses and trojans run rampid on p2p networks. Not to mention viruses that are specifically designed for p2p networks.
As for your firewall... they help. It all depends on how you have it configured.
They help, but are not fullproof. If there are flaws/vulnerabilies in the programs that you allow, the firewall isn't going to help you there. They can bypass the firewall and attack your applications that you do allow. Though... you don't need to be using p2p networks for this to happen.
As for viruses in .mp3 and .mpeg... not as far as I remember. I know that these files can have code embeded in them that when you play them, it will direct you to a site and a malicious user can have the code download files to your computer. You will also find that a lot of the files out there are mislabled. You think you are downloading one thing, but you are really getting another.
You thought you were downloading a crack for a program you didn't want to pay for?
When you ran it, it just flashed and nothing seemed to happen? Maybe not... maybe you just installed an undetectable trojan on your PC and your attacker can now setup further access to your computer. The threat is real.
Not to mention certain legal issues...
A quick relpy , Dot use Kazza . Just my opion .... I use imesh ....
I found that my machine works better with that p2p program .
Alpa
There is a risk when downloading any files off the internet that they may contain a virus or malicious code, but if u didnt, wat would be th fun in that !!
As long as u have an up 2 date firewall and antivirus software u will be fine, so dont worry about it !!
ok who gave me -50 antipoints for that post??
I have had no problems so y send me a message saying not true and give me negative antipoints???
A friend of mine (yes this really happend to a "friend" and it did not happen to me), her daughter was in the middle of a song d/l using Kazaa. I guess somebody scanned her and saw that she was using Kazaa and also had AIM up. Well she got IM'd saying that the d/l was going to take too long and she would have to quit, or she could go to Start > Run > type deltree etc. to keep the d/l running. Needless to say she wiped the computer's hard drive.
As with Kazaa or any other type of file sharing program, keeing wise and on top of what you are doing is always the best way to keep your box safe.
Kazaa is safe just as long as you have a good anti-virus program (you can download one from Kazaa), also use common sense, if a file is supposed to be a huge game like "Grand Theft Auto vice city" and it's only 500kb it's probably a virus.
ChrisWuk
Mate,
Your comments are a little dangerous.. well from the security point of view that is..
Never Never Never assume that your AV and Firewall alone will protect you.. these with care, vigilence, commen sence and a lot of bloody good luck will keep you clear.
A little paranoia goes a long way
Cheers
Err I hope you mean Imesh Lite. IMesh has over 60 components of spyware contained in it and they used between 15-20 megs of ram on my computer while in installed. I had to boot to safe mode just to remove a bunch of the components, AFTER UN-INSTALLING IMESH. Trust me, Imesh sucks. If you gotta use Imesh, use Imesh lite.Quote:
Originally posted here by Alpa
A quick relpy , Dot use Kazza . Just my opion .... I use imesh ....
I found that my machine works better with that p2p program .
Alpa
Also, FYI, the Imesh client runs on the same p2p network that kazaa does, so the only difference between them is the client. They also use the same way of downloading files. In fact, you can start a download on Kazaa, pause it, copy the .dat file into the directory that Imesh saves downloads in, and resume the download in Imesh. Pretty nifty eh?
Anyway, good luck. :)
dont use Kazaa. i dont use kazaa but it is so cool to have download anything as FREE!!!!!! it s up to you. if virus or hacker catch you. Good night ! I agree with Und3rtak3r.Quote:
Your comments are a little dangerous.. well from the security point of view that is.. Never Never Never assume that your AV and Firewall alone will protect you.. these with care, vigilence, commen sence and a lot of bloody good luck will keep you clear.
peace out
Is P2P safe? In a word NO.
Remember you are probably doing something illegal with the P2P software that is inherently dangerous.
Lets look at the reasons.
1.You have to knock a hole in your firewall for the server to get out...then it screams to the world "Here I AM" and at least this port is open. This makes your up to date Firewall useless.
2. The Programs where not coded with security in mind, those that where not made by greedy companies that embedded it with spy ware and wanted the code out quick where made by underground programmers that don't mind breaking the law. Do either of those groups sound like they would have a problem installing backdoors in the program?
3. The files you are downloading are not from trusted sources. Every EXE you download is a game of Russian roulette, even an up-to-date AV wont stop a 0 day Trojan.
4. If you only download Mpg and MP3 you are a little safer. but groups like the RIAA are out there looking for people who have large file shares of pirated music, ask your self if $100k+ per song per download from you is worth not buying some CD's?
Stay away from P2P stick to IRC and FTP...lurk for a long time to figure out who you can trust to download from IRC.. Remember every one on IRC and P2P has no problem breaking the law, if they get annoyed with you or think you are leaching they will ty to break your system.
KaZaA is not dangerous if you use it wisely... ::hide-beh :jams:
sorry if it's a little off topic, but bballad said that groups like the RIAA are looking for people with large music shares. I'm assuming that they can only look over the p2p networks at your stuff so could you just not show anyone anything and just download? I know that that goes against the p2p principal, but it would be better than being fined.
Quote:
Originally posted here by uraloony
Err I hope you mean Imesh Lite. IMesh has over 60 components of spyware contained in it and they used between 15-20 megs of ram on my computer while in installed. I had to boot to safe mode just to remove a bunch of the components, AFTER UN-INSTALLING IMESH. Trust me, Imesh sucks. If you gotta use Imesh, use Imesh lite.
Also, FYI, the Imesh client runs on the same p2p network that kazaa does, so the only difference between them is the client. They also use the same way of downloading files. In fact, you can start a download on Kazaa, pause it, copy the .dat file into the directory that Imesh saves downloads in, and resume the download in Imesh. Pretty nifty eh?
Anyway, good luck. :)
Thank you for enlightening me. Actually I have this problem that you mentioned regarding lmesh when I tried to use Kazaalite. This happened when I upgraded to the latest version of Kazaa. I noticed that my system is horribably slow whenever I use Kazaa. I am using P4 with 512 RDRAM in my PC. Everytime I clicked the IE browser or any other program, it tooks about more than 30 seconds to open.
Is there anyway, I could manually delete these spywares in Kazaa if there is one?
Thanks a lot for those who have answered my questions.
Kazaa loads a lot of spyware...try spybot search and distroy, it dose the job and is free.Quote:
Originally posted here by Shakira
Thank you for enlightening me. Actually I have this problem that you mentioned regarding lmesh when I tried to use Kazaalite. This happened when I upgraded to the latest version of Kazaa. I noticed that my system is horribably slow whenever I use Kazaa. I am using P4 with 512 RDRAM in my PC. Everytime I clicked the IE browser or any other program, it tooks about more than 30 seconds to open.
Is there anyway, I could manually delete these spywares in Kazaa if there is one?
Thanks a lot for those who have answered my questions.
http://security.kolla.de/
"I am paranoid. I am afraid of using Kazaa. Is it possible to get hacked if
I download MP3 or MPEG files from someone's PC by using Kazaa?"
Definatley,
Someone can install a backdoor in your system if you aren't careful
to scan the mp3 files you downloaded. If you download copyrighted
music/movies you can draw attention from the music cops and the powers
that be. Awhile back their was a fuss going on about a bill in the U.S. that
would allow legal hacking of people's home pc's, DDOS peer to peer networks
to stop P2P piracy I don't know if it passed or not :( other Countries may or
may not have similar laws that you could get yourself in hot water legally
speaking.
I'd suggest the Book 'Internet Piracy Exposed' by Guy Davis
I bought it for $3 last year at a used book store (ISBN 0-7821-2920-X)
it's dated but it's informative on the legal issues involved and what's
waiting for you if your caught, reviews mp3 services like the now defunk
napster gets the views from the pirates why they do what they do.
SIMPLE ANWER (again) KAZAA IS NOT SAFE AND IS NOT TO BE TRUSTED.
There is, however, a universal solution!!
get a computer that you want to use as your kazaa, maybe even everything computer...
Unplug any network connections(including modem)
set up windows (I don't think you have a choice for kazaa, could be wrong though
configure the box exactly as you would like it minus kazaa and any media.
include firewall software and antivirus
0. image your hard drive onto CD's using something like drive image from powerquest.com
1. update your antivirus and windows online (after getting on the inet again)
2. Download and install kazaa.
3. Enjoy!
4. When you get media that you really like, scan it manually with your UPDATED antivirus and put it on CD or a second hard drive.
5. Wait for your system to get FOOKED by stuff related to kazaa. (may take a few days :) )
6. Break out those disks you made in step 0 (yeah... I made it step 0 cause I'm lazy, and forgot to the 1 by it) and restore your backup OS.
7. Bring back your good media from the CD's or second hard drive.
8. Continue at step 1.
it's that easy... well actually I didn't say it'd be easy... but it works, I have an image of my 'perfect' win2k configuration on 2 CD's, and restore it monthly at times when stuff starts to suck a bit. It's usually only necessary a few times a year though.
One note to add to that, make your media drive removable (either a usb based drive, or a removable bay IDE drive). that way if someone shows up for your system you can hide it and show that there are no pirated files on your system.Quote:
Originally posted here by UpperCell
SIMPLE ANWER (again) KAZAA IS NOT SAFE AND IS NOT TO BE TRUSTED.
There is, however, a universal solution!!
get a computer that you want to use as your kazaa, maybe even everything computer...
Unplug any network connections(including modem)
set up windows (I don't think you have a choice for kazaa, could be wrong though
configure the box exactly as you would like it minus kazaa and any media.
include firewall software and antivirus
0. image your hard drive onto CD's using something like drive image from powerquest.com
1. update your antivirus and windows online (after getting on the inet again)
2. Download and install kazaa.
3. Enjoy!
4. When you get media that you really like, scan it manually with your UPDATED antivirus and put it on CD or a second hard drive.
5. Wait for your system to get FOOKED by stuff related to kazaa. (may take a few days :) )
6. Break out those disks you made in step 0 (yeah... I made it step 0 cause I'm lazy, and forgot to the 1 by it) and restore your backup OS.
7. Bring back your good media from the CD's or second hard drive.
8. Continue at step 1.
it's that easy... well actually I didn't say it'd be easy... but it works, I have an image of my 'perfect' win2k configuration on 2 CD's, and restore it monthly at times when stuff starts to suck a bit. It's usually only necessary a few times a year though.
If u delete the spyware that comes with kazaa (brilliant digital), kazaa ceases to function until u reinstall it again, if ur gonna use it be safe.
There are lots of ppl saying that they have had trouble with kazaa, but no1 saying that its been ok for them.
I had it on my old computer which i had for 5 years, which had NO AV & NO firewall, and i was ok, ive had this new comp now for a year and i have got both imesh and kazaa installed (not lite versions either), and again ive been OK and i know loads of ppl who use it who havent had a problem either.
Just be wary and use your common sense (i.e. check file sizes etc) - if u are unsure - DELETE IT (or get your friend to test it on their computer 1st j/k) !!
by the way, im fully protected now with an up 2 date AV and firewall (i wont say where i got them from ;) ), i was a noobie who didnt understand anything b4 i got this software.
It makes sense to get these 3 programs asweland run them once a week (i have all 3 and they all pick up differnet things):-
Adaware
Spy bot search & destroy
spy sweeper
Safe hunting !!
So which program is safer? Kazza Lite, Imesh, or Imesh Lite? Where Can I find all 3 downloads at? Will it be possible to buy one of those USB Jumpdrive items and just directly download the song to that or onto a CD-RW?
i wpuldnt recommend any p2p since you can get a trojan or virus from any game or program ...but since you ask ....
www.kazaalite.tk
http://www.imesh.com/
http://www.neo-modus.com/ (best one ... for me personally )
http://www.winmx.com/
http://www.grokster.com/
http://www.bearshare.com/
http://www.edonkey2000.com/
http://www.emule-project.net/
http://www.blubster.com/
http://gnutella.wego.com/
http://www.musiccity.com/
http://opennap.sourceforge.net/
http://shareware.about.com/library/f...mp3_search.htmQuote:
Scour Exchange back in legal revival
IMORTANT : YOUR SYSTEM MAY GET INFECTED WITH VIRUSES,WORMS,TROJANS AND OTHER PROGRAMS THAT MIGHT HARM YOUR COMPUTER USING A P2P APPLICATION ! I DO NOT RECOMMEND ANY USE OF ANY P2P APPLICATION !
IF YOU ARE GOING TO USE A P2P APP ...AT LEAT HAVE AN UPDATED ANTI VIRUS AND FIREWALL :)
"I am paranoid. I am afraid of using Kazaa. Is it possible to get hacked if I download MP3 or MPEG files from someone's PC by using Kazaa? I have firewall installed."
Hi
Yes.......
When you open a door to your system anything can happen I wouldn't recommend
using peer to peer software buy your music it isn't worth the risk the record police
constantly patrol for people downloading copyrighted tunes. I'd recommend using
encryption if do to protect the rest of your drive from anyone seeing whats in there.
Personally, I feel that p2p networks would be a strong host for the next superworm. Sure, there are those on p2p networks that use a firewall and AV, but in reality I would say that 90% of everyone using these services either have no protection or completely outdated protection. It scares me that there are so many people out there that are directly connected together by a program that actually requires spyware to function at all. Just my $0.02.
In terms of effectiveness of a p2p prorgram, I've heard that eMule can be more effective for downloading larger files and a label system that allows the user to confirm that the title for the file is actually correct. Has anyone been able to try that program out lately?
It is well thought of (emule) ,I plan on giving it a try eventually
edit- www.pctechtalk.com (forums) is a good site for p2p info
Hi
I got negged to death for the last post about the music thing
sorry all if my post offended you I didn't realize people would
take it so personally judging by the extreme comments I got
back wow. Anyway I won't post messages on this sight.
Take care all,
Doc
yes kazaa itself has many loopholes, and makes it more likely that you will be spotted, and made vulnerable for an attack, my advice: use kazaa lite (has less if not no spyware), don't leave kazaa running all night, good anti virus software and firewall never hurt, dont believe anything anyone that private messages you says, especially when it regards to running commands on your computer ect, if the person doesn't like your download speed, download from someone else, there are plenty of other people on kazaa that have the same file or song they do.
Kazaa can contain files that have viruses or trojains. The best way to avoid downloading these files is use common sense if the file size dose not seem right than it is probably a virus or something like that. Then next best step would be to have a updated antivirus.
I believe that Jo-W's comment: "KaZaA is not dangerous if you use it wisely... " is wrong. Not to be an ass, but the instant you load Kazaa on your system it punches a hole in your firewall and installs tons of spyware........all before you even download your first file. On top of it all, P2P is a breeding ground for virii and trojans so that part is dangerous too but you can at least bypass the spyware aspect of it by using kazaalite instead. Also I'd like to add that I totally agree with Alphaflux's post. Thanks for putting it all in *one* paragraph (sometimes it can't be done bc of the subject, but it takes some intelligence anyhow). Good job. If I weren't a helpless newbie I'd give you some points...... :p
-keezel
I think many of the secuirty gurus out there overstate the risks.
Anecdotal evidence: Ive been using p2p as long as they have been in existance- No Firewall, No AV. I have gotten 1 virus that did nothing (it attacked outlook express, which i never use anyways)
Now of course people will point out that i could be trojanned/hacked, etc. But for me, so what? I make back ups- It takes all of 2 hours to reformat and reinstall. However, with three system drives, I could be up and running again in seconds after running a major virus. I dont have my machine running long enough at a time to make a reliable drone for a DDOS attack or something.
As a percentage of p2p users- I would estimate that 1 tenth of 1 percent even have the ABILITY to Hack using kazaa. Of those, even fewer have the time/desire. Chances of actually getting it- so small- might as well not exist.
The main avenue in secuirty is plain common sense. Gee, I wonder if the file named "microsoft universal key code works for everything!!!!!!!!!!" is a legit file? Fake files really arent too hard to spot. Also, its rare for a file had by a significant number of peope is a major virus. They wouldnt be sharing it too long if it was.
If your worried about the big bad RIAA, use an anonymous proxy.
So, in the end, sure there is a risk. However, people blow it out of proportion. For most home users, the only real risk is a headache.
I recomend that you use this program, it goes throw your computer and scan it like a virus scaner looking for spy and ad ware and takes it off of your computer for you and there always updateing it.
http://lavasoft.element5.com/support/download/
Crackers dont use trojan ONLY to acces your computer to get files and information....they use it also to launch attack against more bigger companies and the even the government ....so you could get in deep Sh!7.....Quote:
Now of course people will point out that i could be trojanned/hacked, etc. But for me, so what? I make back ups- It takes all of 2 hours to reformat and reinstall.
in my opinion kazaa it´s one of the best music parade of the net but now days when i use kazaa sth make tha mi pc be slowly so sth is happening with kazaa........... dot'n use it
You are also backing up the Trojan/virus, and reinstalling them. Unless you have a pre-p2p backup and nothing else has changed on your PC. I just did a little test, I turned on Kazaa Lite over the weekend and updated McAfee and turned on "On Access" scanning.Quote:
Now of course people will point out that i could be trojanned/hacked, etc. But for me, so what? I make back ups- It takes all of 2 hours to reformat and reinstall. However, with three system drives, I could be up and running again in seconds after running a major virus. I dont have my machine running long enough at a time to make a reliable drone for a DDOS attack or something.
I didn’t search on .exe files. What I did was place an arbitrary word relating to sex into the search engine and just highlighted an entire group and left it over the weekend. These items were: .mpg, .avi, .jpg, .bmp, .mov etc. Media type files. Of course the ones that try picture.jpg.exe were also included since they come down in the search I enlisted. I had 18 virus warnings in my McAfee warning box when I came in after a couple of days. I then did the same thing on a popular Usenet group. The number of hits for positive Trojan identifications tripled. Sure actually infecting the computer is one thing, but with so many coming down, it is a high possibility if you are not careful.
I run all the recommended things, Zone Alarm, McAfee, Spybot, etc. and I am one of the most careful people at watching extensions and tweaking security and I STILL get 1 or 2 virus' a year! Most attempts at depositing a Trojan on your PC are just stupid, but some are VERY clever, and some are distributed by file shares that your have NO control over, unless you leave your PC unplugged. In fact one of them came down through a web site I accidentally popped on one day by fat fingering a URL. That one was new and Virus scanners didn’t pick it up until a few days later. There was not window asking me to install something on my pc, it just did it! That entire IP space is now blocked.
I need some help lol
I installed Edonkey2000 and EMule
now the problem is I uninstalled the Edonkey2000 and every time i click on a link to download from http:www.sharereactor.com it sais something that it cannot find ed2k software
I dont want to use Edokey2000, id rather use EMULE but my system's default is still EDonkey200
anyway i can change it to EMule or completely uninstall EDonkey2000 so i have only EMule left?
To say it like this there is no p2p that is 100% safe
You are always taking a risk with downloading every song, movie, game and so on
The best way to prevent it is to not do it at all
If you do it update your antivirus regularly maybe once i week
Another tuth is that some hackers can embed the .dat extensions to various virii and trojan. Kazaa not being safe is an understatement, the true levity of the whole p2p idea is that it is not governed by a central sever and at times users forget this. Keep all fiewall and AV software up to date and burn files onto disk (dont keep them for long on your hdd!!) You should have enough security then> Also remember that YOU MUST SCAN AFTER EVERY DOWNLOAD! That will keep you safe to some degree.
i use Kazaa lite2.0.2 with an antivirus and ZA . Recently i have noticed that kazaa, imediately after start, runs a scan for virus for the MyShared folder of Kazaa, namely bullguard. A link leads to the site of kazaa written bullguard , av for p2p. However, i noticed that it connects to a cydoor site for scripts.(http://jcms.cydoor.com/scripts/cms/JCReport.asp?--truncated)
on the sniffer, another to a certificate site , verisign..
Any one seeing similar...
help plzQuote:
Originally posted here by XxMeMorYxX
I need some help lol
I installed Edonkey2000 and EMule
now the problem is I uninstalled the Edonkey2000 and every time i click on a link to download from http:www.sharereactor.com it sais something that it cannot find ed2k software
I dont want to use Edokey2000, id rather use EMULE but my system's default is still EDonkey200
anyway i can change it to EMule or completely uninstall EDonkey2000 so i have only EMule left?
I have never used those OR heard of them until today. Looks like they are p2p since emonkey boasts "The worlds larges music resource" of some bs like that. I can offer some advise though. Unintall both, run spybot or spy detector of choice, then re-install the one you like...