The Scourge that is Kazaa
and AOL Instant Messenger

Teenager’s Best Friends are
Mom and Dad’s Worst Nightmare

© 2004 by Rick Altman. All Rights Reserved.

WHILE MOST OF THE COUNTRY knows me as a graphics guy, around my hometown of Pleasanton, CA, I’m the computer guy. Not too much of a market here for someone who can help with undercolor removal or EPS clipping paths, so my local focus is on general configuration help, basic advice, and wart removal, mostly for homes and families.

And it must be said that this is a difficult time for families who compute. Never in my career as a computer consultant have I seen computers get so mucked up with parasites by people who have done so little to deserve it. Most of the time, potential clients who call me have absolutely no idea what has happened to them; they are brought to their electronic knees with sluggish performance and incessant pop-ups and they never saw it coming.

I am not talking about the simple type of spyware that you can remove with Ad-Aware and SpyBot. I am talking about the type of self-spawning trojans that bury themselves deep into the operating system and require thorough Registry scrubs and forays into Safe Mode in order to eradicate.

I have become adept at fixing these machines but I remained in the dark about the direct cause. Most of my clients run firewall software or use routers; most of them exhibit responsible email practices.

But there were three persistently common elements that I observed:

• Every single client has young sons and daughters who use the computer.
• Just about all of the affected systems had AOL Instant Messenger
• The systems with really nasty infestations all had Kazaa on them.

There was just too much smoke not to have some fire, so I decided to become the George Plimpton of spyware. I just had to find out what was creating such drek on my clients’ computers.

Clean as a Whistle

I started with a fast notebook computer running a fresh copy of Windows XP Professional. The Registry showed that there were no extraneous or unknown elements being loaded at startup. This computer booted and stopped showing the hourglass in about 45 seconds and no clicking was required to get there. When I opened a browser window, I could go hours without any popups, except an occasional ad that was programmed to appear by the web page I was visiting.

I then went to the AOL website and clicked to download Instant Messenger. My computer has never been the same since, and here is my accounting of that...

AOL and all its Friends

The first thing that I observed is how hard it is to install just AOL Instant Messenger. AOL’s community partners probably number in the thousands and nobody wants to be left behind. First, AOL asked me if I have "Tried AOL for Broadband yet?" Then came SpywareStormer that delivered this bogus message designed to scare me. I would receive this pop-up at least 10 times in the course of three days, and I note with alarm the now-familiar tactic of many of AOL’s friends: The three hyperlinks on this page all go to the same place.

Then upon beginning the installation, I noticed this screen. These two add-ons are not malware (Weatherbug is quite benign and the WildTangent is a gaming engine), but the fact that they are on by default and appear to be intertwined with AOL is troublesome at best.

Not five minutes after AIM was running, this ad appeared. This was the first time in the history of this computer that its browser window appeared spontaneously. Over the course of the next hour, I observed a 100% correlation:

• When the AIM window was open, ads would spontaneously appear.
• When it was closed, ads would not appear.

My daughter Erica set me up with a few "robots" to chat with, a common pastime among the bored, apparently. One of the robots responded to my first query by informing me that his (I think it was a he) services were now available at a particular website, which he took me to. It was full of casino ads and gambling opportunities.

Pretending to be a kid listening to his parents, I clicked No on everything, but each click of a No kept opening new windows. I knew better (you should right-click the Taskbar and choose Close; answering No is often as bad as answering Yes), but most kids don’t. And an ad like this one is just way too tempting to an 11- or 12-year-old who has been badgering his or her parents for a mobile phone since Christmas.

Kids are not the only prey—I know many grown-ups who fell for this one. I followed this chain of hyperlinks and it was two levels away from some very nasty malware that produces the type of trojans that can cripple a system.

AIM on its face does not present a direct danger to one’s computer. The amount of pop-up ads generated from it was not overwhelming, just annoying, and you must be vigilant to close those pop-up browser windows instead of click on them. And while I did not appreciate my Desktop being littered with PartyPoker, Play Cards Now, WeatherBug, and Your Free Chips Await, they pose no real threat.

But the way that AOL chooses to represent its partners is onerous; they are positioned as inextricably-linked components of the service—a gambling website appearing directly from a chat session is reprehensible. And as I discovered, AIM is just about two degrees of separation from the really bad stuff that is our next subject...

Kazaa and its Gang

The perils of using AIM pale in comparison to the havoc that can be wreaked by using peer-to-peer networking, in which others are granted access to resources on your machine. The big daddy of P2P services is, of course, the file-sharing (music-sharing) engine known as Kazaa. According to one survey, over 95% of downloaders choose the free version of the program, supported by advertising.

Points for honesty, at least: the Kazaa website is explicit about what software is installed on your machine when you download the free version. What you do not know is what software is surreptitiously installed by the software you agree to have installed.

Kazaa Free installs an advertising engine from the Gain Network (formerly Gator, and I am not surprised that the company changed names; Gator is reputed to be one of the most offensive of all adware engines). Again, Gain is up-front about what it does:

The GAIN Network delivers online advertisements that are selected based in part on how you surf the Web. Some information that the GAIN AdServer may collect includes: Web pages your computer views and how much time is spent at those sites...Response to the ads we display...What software is on the host [your] computer...

Within 10 minutes of installing Kazaa, my tracking software was notifying me of attempted changes to the Registry. Entries were being made in the various (and deeply-hidden) areas that control which programs will start automatically, as well as new "Browser Helper Objects." My browser doesn’t need any help, thank you very much, but suddenly it was getting all the help it could stand.

My first post-Kazaa surfing session told me immediately that life would be different: There was a MySearch toolbar that took up residence directly below the Address Bar. I returned to the user agreement at the Kazaa website and, sure enough, found this among the disclosures of software to be installed:

PerfectNav - Provides alternative websearch results when browsing

Seeing how I accepted it into my system, I might as well use it. So I typed the following into its search field:

Singles in my area

Making sure to inform my wife Becky that this was just an editorial experiment, I watched as many results from SinglesResults.com, MatchMaker.com, and others appeared, Google-style.

And then, not five minutes later, came the pop-up ads for how I can further increase my chances of meeting others. Indeed, Kazaa’s big brother was watching over me.

The ads came in waves. There were periods of over a half-hour in which I would receive none, whether I was actively surfing or not, and then other times in which a veritable storm of pop-ups would appear, irrespective of whether the browser was even open. I went to the U.S. Open website to check on the big tennis tournament in New York, and I do not feel it a coincidence that an ad featuring Serena Williams appeared soon after. When I wasn’t surfing at all, the ad engine would pretty much just spew at me: mortgages...my PC is infected...smiley face cursors...I’ve just won an iPod...join the Army.

I went out for dinner and kept the computer on and idle. But somewhere between 6:00 and 8:30pm, it stopped being idle. I returned to a full-frontal assault:

• Nine browser windows open, one of them (called ad.engine) only accessible by clicking on its icon in the Taskbar
• One window self-spawning, continually reopening itself upon each close command
• Two download commands waiting for me to click Yes, even though I made no such requests for download while I was outside eating corn on the cob.
• My tracking software reporting four attempts to write to the Registry.
• And the holy grail of adwaring: my default browser page was changed to http://www.adorbit.com and five folders were added to my Favorites: Entertainment, Finance, Free Stuff, Gambling, and Internet (all with links through the notorious OrbitExplorer).

It took less than five hours after installing Kazaa for my system to be completely hijacked. Before embarking on this experiment, the "Run" entry in the Registry (where programs are set to start at boot) contained four entries:

Within one business day, these additional entries were added:

So, are we having fun yet? It is no wonder that my boot time went from 45 seconds to over four minutes. And this is after just one day.

Unfortunately, many of these parasites are not the kind that can be eradicated with the reputable spyware removal programs. Ad-Aware found 346 suspicious objects and removed them all. SpyBot found 123 more. But while these programs can remove most parasites from memory and eliminate their entries in the Registry, they are unable to detect the engines that are capable of restoring the parasites the next time the system starts. When Ad-Aware and SpyBot were done, the search bar, P2P Networking, and CMEsys were still running on the system. To SpyBot’s credit, it did eliminate permanently Orbit, arguably the nastiest of the parasites I contracted in this brief period.

But this was a lab experiment; in the real world, you would probably go days, maybe weeks, and sometimes months, before garnering the strength to do battle with your system. And removing this grade of infestation requires careful, deliberate, and deft handling of files and operating system resources that normal users are not expected to know about and would have no business tinkering with. Removing these parasites is akin to removing the the engine of a car, repairing it, and then putting it back.

What can you do?

Believe me, I know how hard it is to tell your 11-year-old that she can no longer use AOL Instant Messenger. Wage that battle and you’ll wonder if having a computer in the house is even worth it. Here are our recommendations:

• If you can afford it, buy your kids their own computer. Problem solved!
• Update Windows XP aggressively. The new major maintenance update includes several significant measures for safer computing. Update AVAILABLE HERE.
• Short of that, set AIM to not start automatically (from Preferences | Sign On/Sign Off). You will save almost two minutes of downtime when the system starts and you won’t be bothered by unwanted buddy lists, sounds of doors opening and closing (a popular WAV file used to signify when others log on and off), the decidedly Gen-Y welcome screen with news about celebrities you have never heard of, and the intermittent popups that AIM produces. When your kids want to IM, they can click the Desktop icon to start the service.
• Coach them vigorously on never answering any pop-up ad. "Just Say No" is not good enough—often times, answering No is the same as answering Yes. Don’t answer at all. They should click the X at the extreme top-right of the browser window, and if you they are not sure which X to click (some windows try to fool you there, too), they should right-click the ad’s icon in the Task Bar and choose Close.
• Do not allow ActiveX controls to run without your permission. From Internet Explorer, go to Tools | Internet Options | Security | Custom Level. From there, find Download signed and unsigned ActiveX controls and set them to Prompt or Disable.
• Prohibit any peer-to-peer networking applications, including Kazaa. Teenagers in the house might rebel as vociferously as the pre-teens do about AIM, and all parents draws their own lines in the sand of the family beach. That’s where I draw mine: absolutely no Kazaa. Today, you can buy a song from iTunes for 99 cents, and I’d be happy to give my kid a song allowance to make up for the free downloading they have to give up on. Or maybe I should just inform them that using iTunes insures against their being arrested for illegally downloading music...

More good reading HERE.

In early September, the New York Times reported on the sharp increase observed in use of instant messaging, as a direct consequence of spam reducing the effectiveness of email. We sincerely hope that these people are not trading one poison for another, and far worse, one. I do not include myself among the proponents of instant messaging as an email replacement, as I think it degrades communication in several significant ways:

• IM’ing invites cryptic speech, clipped expressions, and poor grammar. I know I sound like an old fogey here, but as a writer, I believe that written communication should exist on a higher plane than spoken communication.
• Setting grammar aside, you are not capable of composing your thoughts in a live chat session as articulately as in an email. Taking the time to compose an email (a luxury you do not have with IM) is crucial to good business correspondence. There are things that I would not say over the phone, preferring to collect my thoughts first, and that is precisely the same for IM.
• Most IM software does not have the capability of your email client for keeping a history of your correspondence. No Sent Items, no folders to organize correspondence, no ability to forward messages.

Instant messaging is an evolutionary step in communication, no doubt. But replacing email? Get serious. And is spam so bad that you are willing to compromise the security of your computer and invite popup swarms? If so, you need to change your email address periodically as I do. Otherwise, I think that your treatment is worse than the condition you are trying to treat...

To discuss this article or PowerPoint in general, please head to our Forum.

Copyright 2004, All rights reserved. Have an opinion? Share it with the Corel community at the CorelWORLD Forum. There is already quite a bit of discussion about this story. Join in.

May 2007: As simple as possible, but not simpler... · April 2007: Killer Keystrokes · March 2007: Resolution Confusion · January 2007: Fearless Forecasts for 2007 · November 2006: Epiphanies at PowerPoint Live 2006 · August 2006: Escaping Death by PowerPoint · July 2006: Notes from the Floor of InfoComm · June 2006: Beyond PowerPoint--Making Movies for Business and Pleasure, Part II · May 2006: Beyond PowerPoint--From Photos to DVDs · April 2006: It’s Your Music!--Overcoming the oppressive restrictions of iTunes · March 2006: CorelDraw X3—A few must-haves and a few missed opportunities, all in all, a credible upgrade · February 2006: Making Windows Inhabitable · January 2006: Fearless Forecasts for 2006 · September 2005: Just What is a Background Anyway? · August 2005: Meet David Dobson, Corel's New CEO · July 2005: Community, Blind Dates. and Albert Einstein: An Interview with the PowerPoint Live Conference Host · June 2005: CorelWorld 2005: Image Editors, Executive Appearances, and Krispy Kremes · May 2005: As Adobe's Shadow Grows, Is Corel Better off or Worse? · March 2005: Delivering Your Presentation: How Close to the Source Can You Get? · February 2005: Digital Photography: The Killer App of this Generation Part II · January 2005: Digital Photography: The Killer App of this Generation · November 2004: A Killer Deal for Corel Or Another Distraction? · September 2004: The Scourge that is Kazaa and AOL Instant Messenger · August 2004: The Golden Triangle: Presenter, Audience, and Slides · July 2004: A Blast from the Past: How Fast is Fast Enough? · June 2004: Guilty Pleasures · May 2004: A Personal Wish List for PowerPoint 12 · April 2004: Eyedropping: Version 12 makes a good tool even better... · March 2004: Deadly Sins Of Modern PowerPoint Usage · February 2004: Is the even-numbered curse finally over? · January 2004: Another take on Achieving Absence of Ugliness · November 2003: What can we do it again??--Debut of PowerPoint Live Leaves Unquenchable Thirst with the Host · September 2003: Corel Corp. Has a New Custodian · July 2003: Candor and Contrition at CorelWORLD · June 2003: What a Long, Great Trip It’s Been! · May 2003: The Boat that Corel is Missing · April 2003: No Fooling...Is Corel Breaking Up? · March 2003: The Annual Design-a-Brochure Contest · February 2003: Symbolism is Everything · January 2003: Mania, Our Semi-Annual Pilgrimage to Holland · October 2002: On Creativity, Problem-Solving, and Paper Bags · July 2002: CorelDRAW 11: Surprise, Surprise... · May 2002: The Sound of Silence: What does it mean when a company plays its cards so close to its chest? · April 2002: The Art and Science of Presentation Graphics--Creating for the Screen Has its own Challenges · March 2002: CorelDRAW 11: What kind of personality and attitude should a software program have today? · February 2002: Oy, my aching fingers... · December 2001: Digital Photography · November 2001: Can we say goodbye to the Rolls Royce Mentality? · October 2001: An Unforgettable Week: The drama that unfolded around CorelWORLD · August-September 2001: The Art of Paragraphics: New-age ingredients for success with Corel VENTURA · July 2001: Your Very Own Interface: How to make Corel applications read your mind · June 2001: Fighting the Font Wars: How to stay sane with your sans · May 2001--Turning the Key at Nicholas-Applegate · April 2001--A Modest Proposal for Reviving VENTURA Publisher

Clipart, Fonts & Other Artwork			Training	Add-ons	Textures
Bonus Content Packs Spring Unleashed V1 Summer Unleashed V1 Sports Unleashed V1 Fall Unleashed V1 Halloween Unleashed V1 Thanksgiving Unleashed V1 Winter Unleashed V1 Symbols Unleashed V1 Fruit Unleashed V1 Signs Unleashed V1	US Flags Unleashed V1 Music Unleashed V1 Icons Unleashed V1 Buttons Unleashed V1 Stick People Unleashed V1 Computer Unleashed V1 Sports Unleashed V2 Weather Unleashed V1 People Icons Unleashed V1 World Flags Unleashed V1 Clipart Unleashed	1200+ CorelDRAW Brushes Vehicle Templates for Vehicle Wraps Free Fonts 1000 Seamless Stripes Stick Figure Volume 1 Ult. Flames Mega Pack Ult. Flames Mega Pack 2 Ult. Ornaments Mega Pack 1400 Seamless Textures	CorelDRAW X6 Training DVD CorelDRAW X5 Training DVDs CorelDRAW X4 Training DVDs Click 'n Learn Tutorials CorelDRAW 0-60 Training Jeff Harrison's FUNdaMENTALs CorelDRAW Training Session On-Site Training Session Phone Consultation CorelDRAW Unleashed Magazine	Design Base Automation Tool for CorelDRAW X3-X6 ROMCat Resources Docker QR Codes Docker EZ Metrics Smart Designer CoCut Pro	Wood Metal Stone Terrain Fire & Ice Ground & Plants Floor, Wall & Bricks Fiber Tile & Path Marble Crystals

Copyright © 1995–2013 Unleashed Productions, Inc., All Rights Reserved.