• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Finally, you can manage your Google Docs, uploads, and email attachments (plus Dropbox and Slack files) in one convenient place. Claim a free account, and in less than 2 minutes, Dokkio (from the makers of PBworks) can automatically organize your content for you.



Kiwi Alpha 3.1.1 - a nice P2P client is used to spread adware

review from ClifNotes, Nov 2006, permalink _ Not recommended


    • Not recommended



From Clif:

Steven Burn wrote me about finding malware in Kiwi Alpha, which is a peer to peer file sharing client. He found it at Download.com. He knows I've had bad experiences at Download.com in the past.


Steven also sent me links to a thread at SpywareWarrior's forums. He had posted his scan results there. It looked very bad, but naturally I had to try it for myself.


I fired up a clean Win98 machine using Virtual PC. Then I googled for the page at Download.com. I found it and downloaded it. My anti-virus software wasn't triggered by the download. I wasn't surprised. Malware can be fairly well hidden inside an installer.


Next, I placed the installer in my Win98 virtual machine. Then I started Total Uninstall to monitor the install. After a simple installation, I ran it awhile and downloaded an MP3 from someplace (I deleted it later). The program is very simple to use and I liked it.


Finally, I closed it and ran a quick scans with Ad-Aware SE and A2Free trojan scanner. Ad-Aware found no problems. A2Free trojan scanner detected over 20 "traces". At the time I assumed that these "traces" where bad, but after a little research I found out that they are only warnings about programs that A2Free considers security risks. In general it was flagging any P2P (peer to peer) software. P2P programs and services have a long history as an easy way to spread infectious adware or malware.


The next day, Tom in the TeMerc security forums recommended that I try a few more programs to scan this Kiwi Alpha. So I did.


I scanned with SpywareTerminator, and then Spybot S&D. In both cases, Kiwi Alpha showed no detectable malware, just as my first scan with Ad-Aware had shown.


I wondered where Steven had gotten his copy of Kiwi Alpha because I noticed that the MD5 checksum was different from the one I had. It looked like we had scanned different files. Steven later confirmed that someone had replaced the infected Kiwi Alpha with a clean version. This apparently happened sometime between November 20th and November 23rd. Isn't that interesting?


In this case, Download.com is redirecting you to the KiwiAlpha website to download the file. This means that Download.com cannot truthfully guarantee the safety of anything you download from some of their pages. This is common at Download.com, so be aware of it when you go there.


I checked Google's cached copy of the Kiwi Alpha page at Download.com which was dated November 19th. At the time of this "snapshot", 800,000 people had downloaded copies of Kiwi Alpha. Most of these downloads likely had the WhenU/SaveNow and Relevant Knowledge adware in them. What does this tell you about Download.com's concern about the consumer who comes to their website?


Conclusion: Despite Download.com's claim to be "Safe, Trusted, & Spyware Free", you can't count on that because they don't always host their own "downloads".


In my opinion, this isn't the worst practice there. They also provide "sponsored links" to websites that offer more downloads full of adware and other malware.




Make no mistake about it. Adware is big business and big money. Download.com is getting a piece of the action too. They're just a little sneakier.


I recommend that you stay away from Download.com.



Finally, I'll fill you in on some of the history of Kiwi Alpha. When Steven first contacted me, I had never heard of this peer to peer application. The folks over at SpywareWarrior.com had certainly heard of it and they have a nice write up about it explaining what to expect from the owners of Kiwi Alpha.


The Spyware Warrior Guide to Adware Installations of 2005




Quote from Download.com**

Fast and anonymous downloads from LimeWire, BearShare, Ares Galaxy, and other P2P networks. Kiwi Alpha uses the same technology used by many of the leading file sharing programs such as LimeWire, BearShare, BitComet, and Ares Galaxy. Kiwi Alpha protects the privacy of the user by connecting anonymously to the networked community. With Kiwi Alpha you can easily download music, movies, images, and other files. Kiwi Alpha features a handy play list, advanced search filters, and some nice options for fine-tuning the performance.


Page at Download.com



Scan Results log files from clean version Nov 23rd:

Spyware Terminator

Spybot S&D

Sunbelt CW Sandbox


Total Uninstall


Steven's analysis of the dirty version Nov 20th:

SW forum page