Source: Methlabs.org
By: Joseph Farthing

While the existence of spyware is now something many Internet users have grown to expect, it is hard to imagine the shock when you realize that a community-built program that you are a part of has been hijacked. Somehow we want to believe that all software made for the Internet is pure, that every on-line application is equivalent to upstanding efforts such as Mozilla or Linux. These groups create and publish their software with a very singular aim: make good software.

However, there is a darker side to the Internet, that of spyware. While we are used to the trials of useless applications designed to entice new users and then lock them into the hateful world of on screen advertising and agreements that tell you “your Internet browsing activity may be monitored”. Most users with a few months experience can learn to avoid these pitfalls – and many realize that the “features” provided by the application are often spurious or non-existent.

Nevertheless, we may often become apathetic to the software we install – we may choose to retrieve it from websites we trust, or try applications we know to be open source or well-received. Now, what happens when a program you trust can be modified to become untrustworthy?

This is precisely what happened to Methlabs, the community of developers, users and beta testers behind the acclaimed PeerGuardian application.

PeerGuardian is an open source application designed to deny connections from Internet (IP) addresses owned by groups, such as the RIAA, utilizing a database updated regularly in collaboration with other websites. The Kazaa Lite application also used to use this database, and is also included in the SafePeer plug-in for the Azureus peer-to-peer (p2p) network.

The program was originally developed by Tim Leonard, a 25-year-old English developer who created the program as “revenge” after Audiogalaxy was shut down. In late 2003 he released the program under the open source GNU General Public License, which allows free distribution and modification of the source code (the 'blueprint' that describes how software works).

For many people PeerGuardian is a simple tool to help protect their on-line anonymity, but a small group called “Openwares” have begun to publish versions of the PeerGuardian application, as well other programs by Methlabs. This version contains subtly modified versions of the program, and is packaged with software that observes the users browsing activities and displays adverts – exactly the things that PeerGuardian is meant to help protect against!

“Openwares are a perversion of the meaning of open source,” says Ken McClelland, the Chief Technical Officer of the Methlabs community.

He is now leading the fight against the spyware distributor, using public awareness campaigns and verification technology to warn users of the threat.

“The actual process of signing our products is very easy,” explained a Methlabs staff member.
“Since most p2p programs today generate a checksum based link, we may publish the links of our releases so you can actually use your p2p application of choice to verify your version of a Methlabs program like PeerGuardian or DeepDelete.” It would also be possible for users to download stand-alone programs to check the applications.

This method of “digitally signing” files is generally very hard to spoof, and would be a foolproof method to identify both real and versions of the software which contain spyware. The true difficulty is to convince users to run these tests.

Following this lead, a large-scale public awareness campaign has been started by the group, hoping to draw more than one hundred thousand people who have downloaded the spyware version of PeerGuardian. They intend to apply warning messages to automatic updates, banners on both their own and friendly sites – indeed anything to stop people from using an application that provides a more than false sense of security.

“Boycott Openwares” messages are now available, and other forums are beginning to carry the message, as well as information about Openwares' activities.

The process may be difficult, however, since Methlabs is a non-profit organization who would find achieving the same level of publicity as Openwares incredibly difficult. While Methlabs must desperately attempt to meet their own hosting costs, Openwares can afford to market their distribution on websites such as download.com which charge fees for a products entry.
Certainly Openwares are making a significant profit from the Methlabs applications.

It is not just Methlabs who are affected, however (although PeerGuardian is among their most downloaded applications), since many other popular programs are released on Openwares' website and then onto C|Net and ZDNet, as well as other sites in multiple countries. Programs affected by Openwares include TorrentSearch, eMule++, Protowall and many other free and open source applications.

Even recent Microsoft security patches are not immune from coverage at Openwares! That is, of course, if the “patch” advertised on their site is a real patch and not simply a spyware installer.

Popular websites such as Suprnova.org are now targeted by organizations hoping to make money from the service. Recently the popular peer-to-peer application Shareaza has been promoted in spyware form.

The question that must now be asked is “Is any community, developer or website safe from the exploitation of free things from spyware developers?”

*reprinted with permission from Methlabs.org