Keyboard sniffer built into LimeWire
 

My investigation shows that the Basic (dunno about professional) LimeWire software installs a KeyboardProc hook. Can anyone else verify this? There should be no reason for LimeWire sniffing keyboard strokes while it is running; It should be able to use standard windows API for keyboard.

In fact, since it is Java based, the win32 native code is the only part that could install the hook!

What are they using our keystrokes for? I can verify the addition of the keyboard hook upon execution, and removal upon exit so I know it is LimeWire and not some trojan on my workstation (which I am good at keeping clean).

Ideas?

--g33k

I'm always suspicious of people with too many numbers in their names. They are usually nothing but clueless fifteenyearold wannabe h4x0rs who download some scripts from the internet but are too lazy to look into any source code.

I don't know where you got that ideas from, but the source code is available at www.limewire.org and if you'd bother to take a look at the native win32 code you won't find anything like a keylogger.

Maybe some of your securiy scanners or whatever you are using has a problem with the JVM.

And...
... DON'T EVER MENTION THE WORD "WORKSTATION" AGAIN IF YOU TALK OF A WINDOWS MACHINE!

Workstation
 

I guess you are right -- oops! I had thought LimeWire the Prof/Basic edition had the win32 native code written in a closed-source fassion.

Anyways my post got publicity, didn't it! Wahoo! I feel so special.

Workstation as a windows machine -- yes that is silly. I'm running Mandrake 8.1 under 2.4.18-pre3-mjc. Every once in a while I have to do some windows dev work under w2k -- otherwise I use Linux.

My name: g33kb0y. A name of status and power. heheh. I went into an IRC channel once where a bot said my name was 98% lame. Wahoo! I stand out. I'm not a wanna be hacker, and I don't download scriptkiddie toys -- if I need something, I write it myself.

--g33k

We did actually notice some odd behavior in this regard when we started including Cydoor with the program -- you notice severe performance issues with the command line in particular. So, thanks very much for the support, John, we appreciate it. As anyone looking at our native win32 code can see, John is right on here.

We asked Cydoor what was going on with the way back when, but they never gave us a good answer. The KeyboardProc hook is a very sensible explanation, though, so we'll look into it some more. Thanks!

Console performance issues
 

afisk --
Thank you for your support on this issue; after John's post I figured I was just barking up a tree -- Now, since a 3rd party is involved (Cydoor) I wonder what kind of code is hidden.

Is it true then that the home-compiled version of LimeWire would be without the Cydoor keyboard hooks?

--g33k

The Cydoor libraries are not loaded if they cannot be found. If you compile the project from the open source site, you can definitely avoid having these libraries loaded (which would mean that the keyboard hooks also would not be inserted).

You can also accomplish this by running ad-aware, but shh...don't tell! (Actually, half the world already knows this, so go ahead and tell if you want to).;)

Thanks.

Good to know! ;)

Morgwen

Mmm ...

If you remove CyDoor you have to edit the following line in limewire.props too .

CYDOOR_INSTALLER_CALLED=true

to

CYDOOR_INSTALLER_CALLED=false

Else LW will give errors .

Spyware bundled in Pro Version
 

I'm pretty disappointed! I just purchased Limewire Pro and the installation program came bundled with a virus... FSG.EXE. It contains the Gator-Trickler Virus, in other words a spyware program.

Why would limewire include such a piece of garbage with their software. It really SUCKS!

Ad-aware and MacAfee both caught the piece of trash on installation.

The LimeWire Pro installer does not come with any bundled software, including Gator. I know because I wrote all of the installers myself. Did you follow the link that LimeWire sent you in our e-mail after you purchased LimeWire Pro? Did you happen to also download the free installer?

Thanks, and our apologies for any confusion.