Shareaza.com, the home of the hugely popular Shareaza multi-network sharing application, has been hijacked by scammers. Unsuspected visitors to the site will be completely unaware that they will be tricked into downloading something that isn’t Shareaza at all, but subscription-based malware infected software instead.
The announcement on the SourceForge page of the Shareaza client was ominous:
“As of December 20th, “Shareaza.com” is mirroring “Shareazaweb.com” – A known scam site. While we are working to resolve the matter, any help to contain this would be appreciated.”
The site looks convincing enough, labelled as it is “The Official Home of Shareaza” with the new operators of the site having seen fit to steal some of the original Shareaza artwork (originally created by ‘RocketX and Kid’) to complete the look. So who has taken over the domain?
According to Skinvista, a developer from the ‘real’ Shareaza, the situation is as follows:
“At this time the Shareaza.com destination is now controlled by iMesh/MusicLab LLC, an unauthorized Madison Avenue (New York) based company, with servers in Israel. MusicLab LLC previously acquired iMesh.com and Bearshare/Bearflix.com following lawsuits. It now appears the known scamsite Shareazaweb.com was a placeholder for the planned takeover of Shareaza, relating to another ongoing lawsuit.
It is urgent that people understand the software on these iMesh/MusicLab sites is suspicious, misrepresented, and illegal -breaking GPL and DMCA among other laws.”
As if this strange case needed any more twists in the plot, consider this. On October 26th 2007, the main Shareaza site went down due to unknown “personal matters”.
TorrentFreak asked ‘Wildcard’ a ‘real’ Shareaza developer what happened to the site. He explained: “That’s one of the mysteries. The main hosting server went offline, it had the Shareaza site, wiki and forums on it. The only information that made it this far, was that it was down due to personal problems with the owner of the server machines. what those personal problems were, medical or legal, we don’t know.”
Luckily the Sourceforge site was restored from an earlier backup.
However, the hijacked Shareaza.com domain now points to a server where it is hosted along with some other questionable sites, including bandoo.com, bearflix.com, bearshare.com, daemonsearch.com, imesh.com, imesh.net and musiclab-llc.com.
Apparently, there are lawyers involved now but the loose-knit Shareaza team are advising that it may be prudent to move forward on the basis that the domain won’t be recovered. A source close to this case has told TorrentFreak that Jonathan Nilson, the owner of the Shareaza.com domain has been contacted and he has confirmed that he has sold the domain to the scammers. It looks like the domain is lost forever, a big impact following the loss of the main site in October.
‘Wildcard’ explained that the software on offer from the hijacked site although labeled “ShareazaV4.exe”, is not Shareaza at all but likely a clone of the new malware infested iMesh/Bearshare client and should not be downloaded under any circumstances. Once installed, the software wants to install a search bar and make contact with a central server. Unlike Shareaza – which is abslutely free and has a reputation for being non-profit and shunning involvement with money – the hijackers are touting a subscription based product.
Indeed, the operators of iMesh even tried to trick people into thinking that the reputable GRC site endorsed the iMesh client – an assertion which is completely untrue.
Anyone wishing to find the real Shareaza client should head over to the project’s SourceForge page.
Update: A contact of Jonathan Nilson is reporting that Nilson can neither confirm nor deny that he sold the domain to the scammers.