Hostile takeover of Shareaza
The distributors of the iMesh P2P client are using a particularly aggressive method to distribute their software. Users of the Shareaza filesharing client have recently been installing a fake client after responding to a message inviting them to download and install an updated version. The problem can be traced back to the Shareaza developers losing control of the original shareaza.com domain from which the software attempts to update.
The new owner of the domain claims to be providing an updated version of the Shareaza client for download. However, the download does not contain the open-source Shareaza client at all but instead, according to research carried out by Shareaza users, an iMesh or BearShare client with a modified user interface and additional adware in the guise of a toolbar. Because it also offers music tracks and albums for sale, iMesh considers itself a legal P2P network. Nevertheless, there is a silver lining for Shareaza users. The update mechanism could have allowed criminal individuals to install trojans or spyware along with the updates.
It would seem that the French music industry association La Societe Des Producteurs De Phonogrammes En France (SPPF) forced the previous owner, Jonathan Nilson, to sell the domain. The SPPF had brought an action against Nilson in a Parisian court.
The Shareaza developers have reacted to the situation by releasing a new version of the software that no longer tries to update from the old domain. The official website has now moved to the SourceForge server farm. Shareaza users should download and install the latest version 220.127.116.11 and uninstall the fake client if necessary.