Forgot your password?
typodupeerror
It's funny.  Laugh. Security The Internet

Trojan Found At Torrent Sites Insists "Downloading Is Wrong" 345

Posted by Soulskill
from the attack-of-conscience dept.
NoisySplatter writes "Ernesto, founder of TorrentFreak, reports that a new trojan, 'Troj/Qhost-AC,' has been distributed on The Pirate Bay. The virus was disguised as a serial key generator, and the offending torrent has since been removed, but the source has not been identified. Troj/Qhost-AC makes changes to the user's hosts file that redirects The Pirate Bay, Suprbay, and Mininova to 127.0.0.1. In addition to making three popular torrent sites inaccessible, the virus also plays a sound file that says: 'downloading is wrong.' It looks like someone has finally stepped up to the plate to challenge Madonna for the title of 'Most Obnoxious Anti-Piracy Stunt.' Of course, this could just be the software industry's attempt at outdoing the RIAA and MPAA."
This discussion has been archived. No new comments can be posted.

Trojan Found At Torrent Sites Insists "Downloading Is Wrong"

Comments Filter:
  • Nice (Score:2, Funny)

    by Anonymous Coward

    There once was a man who could boast
    that due to his low latency host
    when blog posts went down,
    he was always around
    to sit down and type swiftly "FIRST POST"

  • Holy fuck (Score:5, Funny)

    by Anonymous Coward on Saturday January 10, 2009 @03:23AM (#26396401)

    127.0.0.1 turns out to be *my* private IP address. So everyone with that virus is connecting to my Internet. That would explain why my connection has been so slow lately. I sure hope they find the bastard who did this to me. I'll gladly add my own lawsuit to the pile.

  • by EdIII (1114411) * on Saturday January 10, 2009 @03:23AM (#26396403)

    This could be the piracy groups themselves throwing this out there to stir up sentiment against the RIAA, MPAA, etc.

    Of course that's like adding a few cords of wood to the fires of HELL, but it is a possibility.

    P.S - This is not nearly as bad as the Sony Rootkit.

    • by Firehed (942385) on Saturday January 10, 2009 @04:07AM (#26396589) Homepage

      It's a trojan - you have no idea what else it's doing. If all it does is screw with your HOSTS file and play a stupid audio track I agree, but it could be doing all sorts of other unknown fun stuff to your machine with the root access it has.

      • by EdIII (1114411) * on Saturday January 10, 2009 @06:39AM (#26397135)

        It's a trojan - you have no idea what else it's doing. If all it does is screw with your HOSTS file and play a stupid audio track I agree, but it could be doing all sorts of other unknown fun stuff to your machine with the root access it has.

        Actually you are factually incorrect. As you can see in the summary and article itself it is referred to as, "Troj/Qhost-AC" by Sophos. That would seem to indicate that at some level it has been reviewed by a Anti-Virus company and I believe they would have tried pretty hard to determine the full capabilities of this Trojan. One could even say it is highly likely.

        Even so, it may have been better for me to say, "This does not at first glance appear to be nearly as bad as the Sony Rootkit turned out to be".

        Let's also remember that the origins of this trojan virus are unknown at the moment while the Sony Rootkit has it's origins WELL DEFINED. Those origins being the Sony board members that have yet to receive prison terms for their actions. For those that think that is a little melodramatic, consider what kind of reception any other corporation or private citizen would have received for releasing the same type of rootkit onto the populace.

        If this does turn out to lead back to the feet of people working for the interests of Big Entertainment it will have been done for the same reasons the Sony Rootkit was put out. Their absolute and firm belief that YOU (the customer, citizen, etc.) have ZERO RIGHTS to any privacy or control over your own electronic equipment when their intellectual property is anywhere near it.

        The funny thing is that the only other people that seem to be able to act like that and get away with it are governments. So if you are not the government or Big Entertainment you go straight to Federal Pound Me In The Ass Prison when you do act like them. Isn't that just hilarious?

    • First, it takes a lot of time to find out what it really does. And even if you manage to hack it to pieces in a dis, you are never really 100% certain. Disassembled Assembler code tends to be unclear if anything. It's easy to overlook a branch that seemingly never gets executed... until something happens. If it's done creatively, you can hide the real bomb fairly well in something that, let's say, self encrypts itself and only reveals its function right at the moment when it hits.

      A piece of malware on your

  • Expect the reverse (Score:5, Insightful)

    by KDR_11k (778916) on Saturday January 10, 2009 @03:25AM (#26396421)

    A virus that instead plays "Downloading is right" and redirects the homepages of big software, music and movie companies to piratebay, mininova, etc...

    • by eebra82 (907996)
      In that case, expect a reverse-reverse: a virus that redirects piratebay to a site that downloads Troj/Qhost-AC for you.
    • by cliffski (65094)

      I never get this. Pirates would be totally untouched if they were a tiny minority. Why the insane evangelism to persuade everyone around you to pirate?
      Its actually totally illogical. piracy is only possible due to the free-rider problem, and the fact that everyone else is paying for the content to get made. You would think any pirate with brain cells would STFU about how they get their entertainment.

      • by Zironic (1112127)

        This is because you're silly and somehow think that humans act in their own best interest. Like most people pirates feel the need to tell people about what they think is a great thing, in this case downloading entertainment for free.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Safety in numbers. The more people pirate stuff, the less chance you have of it being actually *you* that gets caught.

  • Keygens (Score:5, Insightful)

    by Metapsyborg (754855) on Saturday January 10, 2009 @03:26AM (#26396425)
    It's pretty crazy to be running keygens on your system. Every time I do it, I think to myself "what are these guys getting for all their hard work?" The same thing with cracked software - you run an installer yourself how could the cracker pass up that type opportunity? I just assume most of them infect your computer with some spyware and trojans.
    • Re:Keygens (Score:5, Informative)

      by Anpheus (908711) on Saturday January 10, 2009 @03:33AM (#26396449)

      Virtual machines baby, boot it up, run the keylogger, run the install up to the point where it gives you whatever you need to install, and then reset the hard drive state.

      • Re: (Score:3, Insightful)

        by GFree678 (1363845)

        Virtual machines baby, boot it up, run the keylogger, run the install up to the point where it gives you whatever you need to install, and then reset the hard drive state.

        That works. My tactic is also to write the serial that is produced by a keygen into a text file so that in a future install I don't have to re-run the keygen, I just copy/paste the data safely from the file. Doesn't work for the more advanced keys which are based off a unique hash of the system's architecture, but for every else the text f

      • Re: (Score:2, Insightful)

        by cheater512 (783349)

        Actually I find that Wine does a wonderful job of keygens.

        The actual generator works perfectly and all the nasty stuff simply dies quietly with a wimper. :)

        • Re:Keygens (Score:4, Informative)

          by Anonymous Coward on Saturday January 10, 2009 @08:57AM (#26397675)

          That is actually a very bad idea. Many default installs of Wine offer access to your entire filesystem (including your home directory). Wine is not a isolated environment like most VM's are. It lets you run Windows applications as native binaries, including viruses and trojans with many of their effects still intact. It is very possible to infect a Linux machine with malicious Windows binaries running in Wine.

          Personally I have never seen a real keygen that did anything other than it was suppose to. There are some flat out trojans like this article is talking about but I have never seen a working keygen that was malicious. With that said, there is always a first time. I would only run them in a VM and with networking disabled too. Wipe/reset the VM back to a known state afterwards of course.

    • Re: (Score:2, Interesting)

      by Vadim Makarov (529622)
      It's pretty crazy to be running keygens on your system. Every time I do it, I think to myself "what are these guys getting for all their hard work?" The same thing with cracked software - you run an installer yourself how could the cracker pass up that type opportunity? I just assume most of them infect your computer with some spyware and trojans.

      I rely on feedback from other downloaders on TPB. If the installer or keygen do bad things, many people will scream in comments. For popular torrents that are m
      • Re:Keygens (Score:5, Funny)

        by Hal_Porter (817932) on Saturday January 10, 2009 @03:44AM (#26396495)

        I rely on feedback from other downloaders on TPB. If the installer or keygen do bad things, many people will scream in comments. For popular torrents that are more than a month old, that catches malware pretty well. So far, I've no visible problem on my machine with this approach.

        I checked out your machine from here and it seems ok. A bit slow though, makes me wonder what everyone else is running on there.

        • Seriously, I don't think there is any. If there were, I'd have my CC and passwords stolen long ago, would see extra traffic on the net connection, processes running, registry keys added, etc. There is none.
    • It's about as likely to infect your computer with spyware/trojans/viri as a legally purchased copy.

    • It's pretty crazy to be running Linux on your system. Every time I do it, I think to myself "what are these guys getting..." and so on.

      There are people who write software for the sake of showing they can. Not everyone has the goal to get rich or die trying.

  • <barrywhite>
    But baby....how can it be wrong...when it feels so right....
    </barrywhite>

  • by HumanEmulator (1062440) on Saturday January 10, 2009 @03:36AM (#26396457)

    From everything I've read (the slashdot summary excluded) this isn't really a virus -- it's a straight trojan. That means you would have to be trying to download a serial key generator in order to get it on your system. (ie. It doesn't spread to you from other people's machines.)

    I'm all against nefarious software creeping onto my system, but this is like complaining that the guy you tried to buy drugs from turned out to be a cop.

    • by Warhawke (1312723) on Saturday January 10, 2009 @03:54AM (#26396539)
      You're assuming that the keygen downloader does not have the authority (i.e. ownership) of the program in question. Apparently you've never accidentally tossed or misplaced a CD-key.

      So really it's more like the guy you were trying to buy medical marijuana from turned out to be the naggy guy behind the Above the Influence campaign.

    • I'd like to give the Author of the Trojan a +5 "Magnificent Bastard" Moderation

      Clue-Passive [bofhcam.org], because those with clue will remove it in 2 seconds...

      "L33t Script-Kiddie" hax0rs will say: "The site was removed, argh I'm being tracked!!!" (and hopefully either stop, so SysAdmins don't have to de-virus their machines constantly, or learn enough so they understand a little bit more about what they're doing).


      All in all, a clever combination of Technology and good understanding of Human-Computer Interac

    • by evanbd (210358) on Saturday January 10, 2009 @04:17AM (#26396633)
      Or like complaining that instead of office chair, package contained bobcat [xkcd.com].
    • I'm all against nefarious software creeping onto my system, but this is like complaining that the guy you tried to buy drugs from turned out to be a cop.

      What, you don't get pissed when that happens to you?

      • OT thead (Score:4, Funny)

        by totally bogus dude (1040246) on Saturday January 10, 2009 @09:20AM (#26397769)

        Somewhat relevant quote from Clientcopia [clientcopia.com]:

        In my previous life as a fed agent I was often asked to assist with some "undercover" sting operations all over the Northeast US. One of the most memorable was a op in northern Maine. I was to play the brother-in-law of our source whose co-worker had recently asked him if he knew of any good dealers of crack.

        Long story short, they brought me in to sell him crack. We met the "Client" as planned and you should have seen this kids eyes when I pulled out this giant bag of crack we had obtained from a previous bust. He looked like he was going to start crying, like he had just come to know Jesus or something... anyway he wanted to buy it all, every last gram of it, but he had only brought $150.00 bucks with him.

        I thought for a second and asked him if had his checkbook on him and he did. I asked him how much money he had in the bank, he told me and I told him he could just write me a check for the total. This kid didn't think twice about it and started writing the thing out. As he was writing he asked me all the usual questions, correct spelling of my name, confirmed the date, then stopped writing for a second, put his pen down, and I started to panic.

        He looked me straight in the eye and he stated that he always wrote down "the reason" in the little space provided in the lower left hand of checks for that purpose. Before I could even speak he picked his pen back up again and started writing, then folded the check in half and handed it to me. Before I handed him the crack I wanted to see what he wrote, so I unfolded the check and read aloud; "For Illegal Drugs", the second I read that out loud we could all hear very loud laughter coming from the room next door. You see I was wired and 6 agents were in the next room, hanging on every word. They knew they had alerted this guy and without delay came charging into the room to arrest him, but what a strange sight it was to see 6 armed feds tearing into a room, guns drawn and laughing so hard they really could not even speak in complete sentences...

  • by Anonymous Coward

    ..which of course according to the recording is wrong. Oh, I'm in the middle of downloading packets of data for TV since I'm using satellite TV, which is also wrong I guess. Where did I go so wrong in life.

  • I'd like somebody to please explain to me why my company should not compile versions of our software for torrent that do horrible and terrible things to the downloaders' PCs after say, the third run. We have no duty of care nor contract with such downloaders and due to the nature of our software, it is 100% certain that those who download pirated versions will never become legitimate customers. Furthermore, because of the way our software is licensed and its data is accessed, we can be 100% sure that none
    • by MrMista_B (891430) on Saturday January 10, 2009 @03:47AM (#26396505)

      Well, for one thing, it's illegal, immoral, and unethical. Fighting crime by being a criminal... well, you see where I'm going with that.

      Furthermore, do you want your company to get the reputation of a malware maker and distributor? That's not likely to increase your sales.

      Beyond even that, say, for example, someone repackages the malware you release as a 'linux-iso' or somesuch. Then you would be to blame for destroying the computers of innocent people.

      Y'know, based on this, if I were your boss, I'd fire you, because you're clearly lacking in ethical stability, and making threats such as you have marks you as a company liability. Hmm.

      • "
        3 pages of legal crap... blah blah blah blah.....

        Warning this product is designed to delete all of the data on your hard drive and corrupt your MBR. This product should only be run in the event that you desire your data all deleted since that is its intent. Thank you for using our product and we hope it meets your file deletion expectations!"

        I don't see how that's illegal or unethical. You release a product onto a site with the same name as your product. Which performs a different service. OBVIOUSLY

        • Re: (Score:2, Funny)

          by Anonymous Coward

          I don't see how that's illegal

          Fair enough.

          or unethical.

          Ah- he's retarded. Nevermind.

        • Re: (Score:2, Insightful)

          by rastilin (752802)

          Unless your product is worth $10,000+ then you stand a solid chance of doing far more damage than you could possibly claim your product was worth. Not to mention people will rename and pass along your software to bystanders. Mind you I don't have any complaint as such, if they make the choice to avoid the law, then stepping into a claymore placed to catch thieves is part of the risk.

          I'm only saying that I doubt these people have thought through all the possible consequences of their actions. The reason the

      • Re: (Score:3, Funny)

        by GFree678 (1363845)

        if I were your boss, I'd fire you, because you're clearly lacking in ethical stability

        Lacking in ethical stability?

        At my place of work this would be cause for a promotion!

        • Re: (Score:2, Funny)

          by Anonymous Coward

          So, how're you finding life at Microsoft?

      • by MosesJones (55544)

        I'm assuming therefore that you wouldn't be in favour of the "right to defend yourself" as it applies to physical assault. After all if someone tries to rob you and you smash them over the head/shoot them/batter them with a baseball bat then you are becoming a criminal because if you did that normally then it would be unethical/immoral/etc

        Get down off your high-horse and stop seeing piracy as a right. Its theft and in the same way as if you break into my house I have the right to defend myself then why do

        • by Zironic (1112127)

          You have the right to defend yourself, you do not have the right to beat someone to death, the proposed software would be equivalent to the latter.

    • by asifyoucare (302582) on Saturday January 10, 2009 @04:10AM (#26396597)

      Wrong - you do have a duty of care. By releasing software on a torrent you have a duty of care (admittedly with a low bar) to those who might download it. Deliberate damage comfortably clears that low bar.

      Perhaps I don't understand your legal theory correctly. Could you be more explicit re the circumstances in which you believe you're entitled to damage the property of strangers?

    • Re: (Score:3, Interesting)

      by Firehed (942385)

      Some Mac software developer claimed to do this a while ago on his small commercial product (a completely harmless dialog box saying something to the effect of "pirated key detected, erasing your hard drive"). He had to open-source the product - thereby completely killing its revenue stream - just to save face, and suffice to say a lot of people that remember the incident better than I avoid any software from this developer.

      I assure you, NOT all publicity is good publicity, despite sayings to the contrary.

      S

      • by Ash-Fox (726320)

        He had to open-source the product

        Rubbish.

        just to save face

        Absolute non-sense.

        I guarantee that no sane company would even risk continuing to use your product (never mind getting any future business) if there was even the slightest risk of that happening.

        Ever used Lotus notes? That loses information, has data corruption issues etc. And that was when it was working normally.

        So companies wouldn't use software that didn't have the slightest risk of losing their information etc? Complete utter jibberish.

    • by Dunbal (464142)

      Possibly for the same reason that you can't shoot random people in the head, even if you don't have a signed contract with them and they will never be your customer.

      If you don't understand that two wrongs don't make a right, then perhaps there was a lack of effective parenting in your childhood.

    • it is 100% certain that those who download pirated versions will never become legitimate customers

      Don't be too sure about that. We've bought and are going to buy tools based solely on working with a cracked version for a while.
      It's not that different with software like games etc., just that the scale is much less.
    • I actually defend your right to protect your own software from piracy by whatever mechanism you see fit, just so long as you make it clear to any legitimate user of that software exactly how that protection affects their fair usage of that product.

      But the real problem you have is that once news get out about your software trashing the PCs of pirates, then you will worry your legitimate user base also - which in turn means that Open Source software, where code can be scrutinised by the users, will gain share

    • due to the nature of our software, it is 100% certain that those who download pirated versions will never become legitimate customers.

      Indeed, due to nature of your actions, it would be 100% certain they would have no interest in becoming your legitimate customers ever.

      Along with lots of people who actually would be your customers ... you just dont buy software from people who wreck are prone to wrecking your workstation if they don't like something. You go to more reputable competition.

      due to the nature of our software, it is 100% certain that those who download pirated versions will never become legitimate customers

      It seems like major part of you focus group are actually pirates. Why are you suprised and angered that it is getting pirated?

      What about NOT making softwar

    • by cliffski (65094)

      I sympathise with you 100%, although I think the answer you are looking for, is there is a non-zero chance you will screw up the PC of a legit buyer who lost their installer file, the CD got scratched, etc etc.

      A lot of people think it's ok to use torrents as demos. they are totally and utterly wrong an unjustified in doing this, but the fact remains some people who will buy your software still do it.
      As a result, its commercially a bad idea to do this, I'd never do it and neither should you.

      That's not to say

    • I'd like somebody to please explain to me why my company should not compile versions of our software for torrent that do horrible and terrible things to the downloaders' PCs after say, the third run. We have no duty of care nor contract with such downloaders ...

      "No duty of care" is not the same as "criminal vigilante actions are illegal". I recommend you talk to your manager, and if he can't convince you, talk to your companies legal department. If they can't convince you, I'd say it is safest for your company to let you go.

    • Here you go (Score:3, Interesting)

      by temcat (873475)

      You have said it yourself: "it is 100% certain that those who download pirated versions will never become legitimate customers." Ergo, the real damage (loss of profits) from those pirates incurred by you is exactly zero. On the other hand, you are going to inflict some real, very non-zero damage to these people by your hypothetical actions. Therefore these actions would be wrong even if we are to disregard all PR and legal reasons already cited by others here.

    • by gatkinso (15975) on Saturday January 10, 2009 @09:32AM (#26397841)

      Even though it was probbaly intended to be a troll, it is worthy of discussion.

      As a responsible software development shop, you should know that you absolutely do NOT want any version of your software floating around that attacks a users machine.

      All I need to hear is that your Application 2.1 will say, format a harddrive and delete all partitions... and I woould not touch it with a 10 foot pole.

      So. If you want to completely destry your customer base - go ahead and pull such a stunt.

  • Synthmaker, a music DSP authoring utility which allows 'full version' owners to export VSTs (virtual instruments) which they can then redistribute / sell had an interesting post a couple months ago from one of the users talking about how a VST they had offered for something like $10 ended up being posted with a crack on usenet.

    Stuff like that happens all the time and directly affects the little guy even more than it does the big faceless corporations.

    So it's tough for me to think that any company would take

  • Aside from a ridiculous audio message I think it's pretty funny. If you're downloading software from an unsecured and anonymous source and executing it on your computer what do you expect to happen? At least they didn't go hog wild and destroy the OS.

    Ha. I like it (: But it needs a better recording.

    • If you're downloading software from an unsecured and anonymous source and executing it on your computer what do you expect to happen?

      Have the MD5 checksums match?

      Oh, wait ...

  • by drx (123393) on Saturday January 10, 2009 @05:38AM (#26396971) Homepage

    Actually i think this is an interesting action. As a communicative act, this trojan shows several things, e.g. that the internet stays an unstable place where everything is mostly determined by convention -- even with pirates -- AND that TPB is taking down torrents they don't like, despite being a stronghold of free speech. Of course "malicious software" is the argument here for removal of the torrent, but who defines what is malicious? In the end TPB caters to the needs of its community, by filtering "content" this community doesn't approve of.

    • by Opportunist (166417) on Saturday January 10, 2009 @08:10AM (#26397467)

      That's the prerogative of people running a webpage. Detach yourself from the idea that "the internet" is a place without rules. It's not an anarchy, it's a collection of tiny dictatorships, with every server admin being a little dictator.

      The nice thing about the internet, compared to reality, is that you can simply walk away if you don't like the taste of said dictator and create your own little dictatorship.

    • Re: (Score:3, Insightful)

      by Kindaian (577374)

      I do believe that changing hosts file without consent is enough malicious... ;)

  • by nurb432 (527695) on Saturday January 10, 2009 @10:49AM (#26398153) Homepage Journal

    Tell that to SourceForge.

    If these people are caught with ties to any industry the FTC needs to come down on them, hard.

  • by Werrismys (764601) on Saturday January 10, 2009 @01:19PM (#26399389)
    well, I didn't.

"The value of marriage is not that adults produce children, but that children produce adults." -- Peter De Vries

Working...