Trojan Found At Torrent Sites Insists "Downloading Is Wrong" 345
NoisySplatter writes "Ernesto, founder of TorrentFreak, reports that a new trojan, 'Troj/Qhost-AC,' has been distributed on The Pirate Bay. The virus was disguised as a serial key generator, and the offending torrent has since been removed, but the source has not been identified. Troj/Qhost-AC makes changes to the user's hosts file that redirects The Pirate Bay, Suprbay, and Mininova to 127.0.0.1. In addition to making three popular torrent sites inaccessible, the virus also plays a sound file that says: 'downloading is wrong.' It looks like someone has finally stepped up to the plate to challenge Madonna for the title of 'Most Obnoxious Anti-Piracy Stunt.' Of course, this could just be the software industry's attempt at outdoing the RIAA and MPAA."
Nice (Score:2, Funny)
There once was a man who could boast
that due to his low latency host
when blog posts went down,
he was always around
to sit down and type swiftly "FIRST POST"
Re:Nice (Score:4, Funny)
Whatever you do
Don't become a poet
That was dreadful. For real.
Worst. Haiku. Evah.
Re: (Score:3, Funny)
Worst. Haiku. Evah.
You could have done this better?
Then why didn't you?
Re: (Score:3, Funny)
A haiku should have
ref'rence to winter snow or
some other season
Re:Nice (Score:5, Interesting)
naninaniyo
anatanobakayo
urusaiyo
Sorry. I have no idea what I'm doing.
Re: (Score:3, Funny)
there once was a girl from nantucket...
Holy fuck (Score:5, Funny)
127.0.0.1 turns out to be *my* private IP address. So everyone with that virus is connecting to my Internet. That would explain why my connection has been so slow lately. I sure hope they find the bastard who did this to me. I'll gladly add my own lawsuit to the pile.
Re: (Score:2)
Stay right where you are, we are coming for the downloaded bits now, bitch - don't struggle.
Just wait 'til... (Score:5, Funny)
Just wait 'til you get a dumbass letter from the RIAA saying that the IP 127.0.0.1 has been identified as a computer uploading copyrighted material. Then the shit will really hit the fan ;)
Re:Just wait 'til... (Score:4, Funny)
Re:Just wait 'til... (Score:5, Funny)
They would get halfway through the trial before realizing they're sitting on both sides of the court. Incompetent jackasses -_-
And how much do you want to bet they'd still try for a conviction or settlement? :D
Cheers!
Strat
Re: (Score:2)
How much do you want to bet that they have no problem finding a judge that lets this actually into his courtroom?
I'd love it if it happened, though. I really want to see who wants to get out of this suit more desperately, the RIAA or the court, just to avoid looking utterly clueless.
Re:Holy fuck (Score:5, Funny)
Re: (Score:2)
Do you, by any chance, live in Tuttle, OK?
LOL. Re-reading those transcripts was like hearing a good joke being re-told. The only thing that could have made that situation funnier would have been a city named Buttle.
Another possibility (Score:4, Insightful)
This could be the piracy groups themselves throwing this out there to stir up sentiment against the RIAA, MPAA, etc.
Of course that's like adding a few cords of wood to the fires of HELL, but it is a possibility.
P.S - This is not nearly as bad as the Sony Rootkit.
Re:Another possibility (Score:5, Insightful)
It's a trojan - you have no idea what else it's doing. If all it does is screw with your HOSTS file and play a stupid audio track I agree, but it could be doing all sorts of other unknown fun stuff to your machine with the root access it has.
Re:Another possibility (Score:5, Insightful)
Actually you are factually incorrect. As you can see in the summary and article itself it is referred to as, "Troj/Qhost-AC" by Sophos. That would seem to indicate that at some level it has been reviewed by a Anti-Virus company and I believe they would have tried pretty hard to determine the full capabilities of this Trojan. One could even say it is highly likely.
Even so, it may have been better for me to say, "This does not at first glance appear to be nearly as bad as the Sony Rootkit turned out to be".
Let's also remember that the origins of this trojan virus are unknown at the moment while the Sony Rootkit has it's origins WELL DEFINED. Those origins being the Sony board members that have yet to receive prison terms for their actions. For those that think that is a little melodramatic, consider what kind of reception any other corporation or private citizen would have received for releasing the same type of rootkit onto the populace.
If this does turn out to lead back to the feet of people working for the interests of Big Entertainment it will have been done for the same reasons the Sony Rootkit was put out. Their absolute and firm belief that YOU (the customer, citizen, etc.) have ZERO RIGHTS to any privacy or control over your own electronic equipment when their intellectual property is anywhere near it.
The funny thing is that the only other people that seem to be able to act like that and get away with it are governments. So if you are not the government or Big Entertainment you go straight to Federal Pound Me In The Ass Prison when you do act like them. Isn't that just hilarious?
Re:Another possibility (Score:4, Insightful)
I wonder if the ever agenda driven Slashdot would get a little butt hurt if somebody took one of their open-source programs or Linux; they closed sourced it to make it proprietary and hosted it on a torrent website.
What, like BSD network stack and Windows? I think the BSD people are happy that Microsoft chose to use good code.
Jail time for a rootkit, geez and here I thought the RIAA might have been a little psycho.
Yes, jail time for a rootkit. If it makes more sense, it's jail time for hundreds of thousands of rootkits, several hundred in low-security government computers.
Any malware is bad (Score:2)
First, it takes a lot of time to find out what it really does. And even if you manage to hack it to pieces in a dis, you are never really 100% certain. Disassembled Assembler code tends to be unclear if anything. It's easy to overlook a branch that seemingly never gets executed... until something happens. If it's done creatively, you can hide the real bomb fairly well in something that, let's say, self encrypts itself and only reveals its function right at the moment when it hits.
A piece of malware on your
Madonna has new strategy (Score:3, Insightful)
Expect the reverse (Score:5, Insightful)
A virus that instead plays "Downloading is right" and redirects the homepages of big software, music and movie companies to piratebay, mininova, etc...
Re: (Score:2)
Re: (Score:2)
I never get this. Pirates would be totally untouched if they were a tiny minority. Why the insane evangelism to persuade everyone around you to pirate?
Its actually totally illogical. piracy is only possible due to the free-rider problem, and the fact that everyone else is paying for the content to get made. You would think any pirate with brain cells would STFU about how they get their entertainment.
Re: (Score:2)
This is because you're silly and somehow think that humans act in their own best interest. Like most people pirates feel the need to tell people about what they think is a great thing, in this case downloading entertainment for free.
Re: (Score:3, Insightful)
Safety in numbers. The more people pirate stuff, the less chance you have of it being actually *you* that gets caught.
Keygens (Score:5, Insightful)
Re:Keygens (Score:5, Informative)
Virtual machines baby, boot it up, run the keylogger, run the install up to the point where it gives you whatever you need to install, and then reset the hard drive state.
Re: (Score:3, Insightful)
That works. My tactic is also to write the serial that is produced by a keygen into a text file so that in a future install I don't have to re-run the keygen, I just copy/paste the data safely from the file. Doesn't work for the more advanced keys which are based off a unique hash of the system's architecture, but for every else the text f
Re: (Score:2, Insightful)
Actually I find that Wine does a wonderful job of keygens.
The actual generator works perfectly and all the nasty stuff simply dies quietly with a wimper. :)
Re:Keygens (Score:4, Informative)
That is actually a very bad idea. Many default installs of Wine offer access to your entire filesystem (including your home directory). Wine is not a isolated environment like most VM's are. It lets you run Windows applications as native binaries, including viruses and trojans with many of their effects still intact. It is very possible to infect a Linux machine with malicious Windows binaries running in Wine.
Personally I have never seen a real keygen that did anything other than it was suppose to. There are some flat out trojans like this article is talking about but I have never seen a working keygen that was malicious. With that said, there is always a first time. I would only run them in a VM and with networking disabled too. Wipe/reset the VM back to a known state afterwards of course.
Re: (Score:3, Informative)
http://www.linux.com/articles/42031 [linux.com]
Infect? no. It would have to be a custom targeted virus. You're fine as long as you don't have that exact setup, and run random .exes in wine, and piss off some bored geek.
Re: (Score:2, Interesting)
I rely on feedback from other downloaders on TPB. If the installer or keygen do bad things, many people will scream in comments. For popular torrents that are m
Re:Keygens (Score:5, Funny)
I rely on feedback from other downloaders on TPB. If the installer or keygen do bad things, many people will scream in comments. For popular torrents that are more than a month old, that catches malware pretty well. So far, I've no visible problem on my machine with this approach.
I checked out your machine from here and it seems ok. A bit slow though, makes me wonder what everyone else is running on there.
Re: (Score:2)
Re: (Score:2)
It's about as likely to infect your computer with spyware/trojans/viri as a legally purchased copy.
Re: (Score:2)
It's pretty crazy to be running Linux on your system. Every time I do it, I think to myself "what are these guys getting..." and so on.
There are people who write software for the sake of showing they can. Not everyone has the goal to get rich or die trying.
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:2)
This is already in most closed source/downloadable programs. Good luck in not gaining an extra toolbar and having your homepage hijacked.
Cough.. (Score:2)
http://www.vnunet.com/vnunet/news/2123077/anti-blaster-worm-spreads-patches [vnunet.com]
Re: (Score:3, Insightful)
But....baby.... (Score:2)
<barrywhite>
But baby....how can it be wrong...when it feels so right....
</barrywhite>
Summary makes it sounds like a virus but it's not. (Score:5, Insightful)
From everything I've read (the slashdot summary excluded) this isn't really a virus -- it's a straight trojan. That means you would have to be trying to download a serial key generator in order to get it on your system. (ie. It doesn't spread to you from other people's machines.)
I'm all against nefarious software creeping onto my system, but this is like complaining that the guy you tried to buy drugs from turned out to be a cop.
Re:Summary makes it sounds like a virus but it's n (Score:4, Insightful)
So really it's more like the guy you were trying to buy medical marijuana from turned out to be the naggy guy behind the Above the Influence campaign.
Yah, clue-passive, non-malicious Trojan... (Score:2)
I'd like to give the Author of the Trojan a +5 "Magnificent Bastard" Moderation
Clue-Passive [bofhcam.org], because those with clue will remove it in 2 seconds...
"L33t Script-Kiddie" hax0rs will say: "The site was removed, argh I'm being tracked!!!" (and hopefully either stop, so SysAdmins don't have to de-virus their machines constantly, or learn enough so they understand a little bit more about what they're doing).
All in all, a clever combination of Technology and good understanding of Human-Computer Interac
Re:Summary makes it sounds like a virus but it's n (Score:5, Funny)
Re: (Score:3, Funny)
Let's celebrate the nine heroes who have actually given this feedback on eBay [google.ca]. :^D
Re:Summary makes it sounds like a virus but it's n (Score:5, Funny)
I'm all against nefarious software creeping onto my system, but this is like complaining that the guy you tried to buy drugs from turned out to be a cop.
What, you don't get pissed when that happens to you?
OT thead (Score:4, Funny)
Somewhat relevant quote from Clientcopia [clientcopia.com]:
In my previous life as a fed agent I was often asked to assist with some "undercover" sting operations all over the Northeast US. One of the most memorable was a op in northern Maine. I was to play the brother-in-law of our source whose co-worker had recently asked him if he knew of any good dealers of crack.
Long story short, they brought me in to sell him crack. We met the "Client" as planned and you should have seen this kids eyes when I pulled out this giant bag of crack we had obtained from a previous bust. He looked like he was going to start crying, like he had just come to know Jesus or something... anyway he wanted to buy it all, every last gram of it, but he had only brought $150.00 bucks with him.
I thought for a second and asked him if had his checkbook on him and he did. I asked him how much money he had in the bank, he told me and I told him he could just write me a check for the total. This kid didn't think twice about it and started writing the thing out. As he was writing he asked me all the usual questions, correct spelling of my name, confirmed the date, then stopped writing for a second, put his pen down, and I started to panic.
He looked me straight in the eye and he stated that he always wrote down "the reason" in the little space provided in the lower left hand of checks for that purpose. Before I could even speak he picked his pen back up again and started writing, then folded the check in half and handed it to me. Before I handed him the crack I wanted to see what he wrote, so I unfolded the check and read aloud; "For Illegal Drugs", the second I read that out loud we could all hear very loud laughter coming from the room next door. You see I was wired and 6 agents were in the next room, hanging on every word. They knew they had alerted this guy and without delay came charging into the room to arrest him, but what a strange sight it was to see 6 armed feds tearing into a room, guns drawn and laughing so hard they really could not even speak in complete sentences...
oops, downloaded this web page (Score:2, Funny)
..which of course according to the recording is wrong. Oh, I'm in the middle of downloading packets of data for TV since I'm using satellite TV, which is also wrong I guess. Where did I go so wrong in life.
Please explain to me (Score:2, Interesting)
Re:Please explain to me (Score:5, Insightful)
Well, for one thing, it's illegal, immoral, and unethical. Fighting crime by being a criminal... well, you see where I'm going with that.
Furthermore, do you want your company to get the reputation of a malware maker and distributor? That's not likely to increase your sales.
Beyond even that, say, for example, someone repackages the malware you release as a 'linux-iso' or somesuch. Then you would be to blame for destroying the computers of innocent people.
Y'know, based on this, if I were your boss, I'd fire you, because you're clearly lacking in ethical stability, and making threats such as you have marks you as a company liability. Hmm.
Re: (Score:2)
"
3 pages of legal crap... blah blah blah blah.....
Warning this product is designed to delete all of the data on your hard drive and corrupt your MBR. This product should only be run in the event that you desire your data all deleted since that is its intent. Thank you for using our product and we hope it meets your file deletion expectations!"
I don't see how that's illegal or unethical. You release a product onto a site with the same name as your product. Which performs a different service. OBVIOUSLY
Re: (Score:2, Funny)
Fair enough.
Ah- he's retarded. Nevermind.
Re: (Score:2, Insightful)
Unless your product is worth $10,000+ then you stand a solid chance of doing far more damage than you could possibly claim your product was worth. Not to mention people will rename and pass along your software to bystanders. Mind you I don't have any complaint as such, if they make the choice to avoid the law, then stepping into a claymore placed to catch thieves is part of the risk.
I'm only saying that I doubt these people have thought through all the possible consequences of their actions. The reason the
Re: (Score:3, Funny)
Lacking in ethical stability?
At my place of work this would be cause for a promotion!
Re: (Score:2, Funny)
So, how're you finding life at Microsoft?
Re: (Score:2)
I'm assuming therefore that you wouldn't be in favour of the "right to defend yourself" as it applies to physical assault. After all if someone tries to rob you and you smash them over the head/shoot them/batter them with a baseball bat then you are becoming a criminal because if you did that normally then it would be unethical/immoral/etc
Get down off your high-horse and stop seeing piracy as a right. Its theft and in the same way as if you break into my house I have the right to defend myself then why do
Re: (Score:2)
You have the right to defend yourself, you do not have the right to beat someone to death, the proposed software would be equivalent to the latter.
Re:Please explain to me (Score:4, Interesting)
Because boobytrapping your software would be the equivalent of having a robot shoot the person on the other side of the register when the silent alarm was triggered.
Works great, but once it's triggered it doesn't differentiate between customers and criminals.
Say there's a bug in your software that causes it to format the customer's computer because it mistakenly thought they were a criminal. That's a big "oops".
Re: (Score:3, Informative)
It's OK to pull a gun on someone who is robbing your store only if local and state laws specifically say so.
Downloading and using software without a valid license is not covered by laws that allow the licensed distributor to do anything to other people's data.
Being other people's data, which the distributor or developer do not and cannot have any rights over, it is unlikely that any such law will be passed.
Re: (Score:3, Informative)
Because the internet is not the USA?
Comment removed (Score:5, Insightful)
Re: (Score:3, Insightful)
I have no contract or agreement whatsoever with those 'strangers', and furthermore given the warnings that i said we'd include in our material and the fact that the 'damage' we'd cause is purely virtual, that few judges would view our response as anything but justified. IANAL, but in the country where my country is based, there is a much less pussified view of the rights of criminals, especially here.
What you are proposing is nothing more than crude vigilantism. I sincerely doubt your legal system - ass
Re: (Score:3, Interesting)
Some Mac software developer claimed to do this a while ago on his small commercial product (a completely harmless dialog box saying something to the effect of "pirated key detected, erasing your hard drive"). He had to open-source the product - thereby completely killing its revenue stream - just to save face, and suffice to say a lot of people that remember the incident better than I avoid any software from this developer.
I assure you, NOT all publicity is good publicity, despite sayings to the contrary.
S
Re: (Score:2)
Re: (Score:2)
Possibly for the same reason that you can't shoot random people in the head, even if you don't have a signed contract with them and they will never be your customer.
If you don't understand that two wrongs don't make a right, then perhaps there was a lack of effective parenting in your childhood.
Re: (Score:2)
Don't be too sure about that. We've bought and are going to buy tools based solely on working with a cracked version for a while.
It's not that different with software like games etc., just that the scale is much less.
Re: (Score:2)
Re: (Score:2)
due to the nature of our software, it is 100% certain that those who download pirated versions will never become legitimate customers.
Indeed, due to nature of your actions, it would be 100% certain they would have no interest in becoming your legitimate customers ever.
Along with lots of people who actually would be your customers ... you just dont buy software from people who wreck are prone to wrecking your workstation if they don't like something. You go to more reputable competition.
due to the nature of our software, it is 100% certain that those who download pirated versions will never become legitimate customers
It seems like major part of you focus group are actually pirates. Why are you suprised and angered that it is getting pirated?
What about NOT making softwar
Re: (Score:2)
I sympathise with you 100%, although I think the answer you are looking for, is there is a non-zero chance you will screw up the PC of a legit buyer who lost their installer file, the CD got scratched, etc etc.
A lot of people think it's ok to use torrents as demos. they are totally and utterly wrong an unjustified in doing this, but the fact remains some people who will buy your software still do it.
As a result, its commercially a bad idea to do this, I'd never do it and neither should you.
That's not to say
Re: (Score:2)
I'd like somebody to please explain to me why my company should not compile versions of our software for torrent that do horrible and terrible things to the downloaders' PCs after say, the third run. We have no duty of care nor contract with such downloaders ...
"No duty of care" is not the same as "criminal vigilante actions are illegal". I recommend you talk to your manager, and if he can't convince you, talk to your companies legal department. If they can't convince you, I'd say it is safest for your company to let you go.
Re: (Score:3, Interesting)
The parent is not a troll so mod up please. (Score:5, Insightful)
Even though it was probbaly intended to be a troll, it is worthy of discussion.
As a responsible software development shop, you should know that you absolutely do NOT want any version of your software floating around that attacks a users machine.
All I need to hear is that your Application 2.1 will say, format a harddrive and delete all partitions... and I woould not touch it with a 10 foot pole.
So. If you want to completely destry your customer base - go ahead and pull such a stunt.
Re:Please explain to me (Score:5, Insightful)
Re: (Score:2, Insightful)
There is no way you would win this case, and nor should you. You deserve to lose everything if you think even for a second that you have rights over everybody elses data.
I could say the exact same thing about software pirating.
Re: (Score:2)
Re: (Score:3, Insightful)
I read some Atari games would detect they were cracked but play right up to the end. At the last minute final boss would, instead of fighting, give you a lecture about how piracy was killing the industry and then the game would exit.
Funnily enough, piracy didn't kill the '80s videogame industry, it was Atari themselves who did it.
The best possibility would to release false crack, i.e ones that let the program start but then fail in an irritating after it has been played for a long time, like hanging and corrupting saved games. Hell you could put some hard to find bugs back into the cracked version and rely on the fact that the cracking scene doesn't QA effectively.
Except that since the videogame industry *also* doesn't do QA effectively, such an action would only reflect badly on the original developers with most comments on the torrent websites going along the lines of "thanks for this crack, too bad you wasted your effort on this buggy piece of shit though, could you do a decent game next please?". Definitely not good for PR.
It's not just big companies that don't like piracy (Score:2, Insightful)
Synthmaker, a music DSP authoring utility which allows 'full version' owners to export VSTs (virtual instruments) which they can then redistribute / sell had an interesting post a couple months ago from one of the users talking about how a VST they had offered for something like $10 ended up being posted with a crack on usenet.
Stuff like that happens all the time and directly affects the little guy even more than it does the big faceless corporations.
So it's tough for me to think that any company would take
Re: (Score:2)
Yep disney is relevant to this discussion because I'm SURE that these applications being cracked are at LEAST 16 years old.
Ha ha! (Score:2)
Aside from a ridiculous audio message I think it's pretty funny. If you're downloading software from an unsecured and anonymous source and executing it on your computer what do you expect to happen? At least they didn't go hog wild and destroy the OS.
Ha. I like it (: But it needs a better recording.
Re: (Score:2)
If you're downloading software from an unsecured and anonymous source and executing it on your computer what do you expect to happen?
Have the MD5 checksums match?
Oh, wait ...
Interesting artistic action (Score:5, Insightful)
Actually i think this is an interesting action. As a communicative act, this trojan shows several things, e.g. that the internet stays an unstable place where everything is mostly determined by convention -- even with pirates -- AND that TPB is taking down torrents they don't like, despite being a stronghold of free speech. Of course "malicious software" is the argument here for removal of the torrent, but who defines what is malicious? In the end TPB caters to the needs of its community, by filtering "content" this community doesn't approve of.
Re:Interesting artistic action (Score:4, Insightful)
That's the prerogative of people running a webpage. Detach yourself from the idea that "the internet" is a place without rules. It's not an anarchy, it's a collection of tiny dictatorships, with every server admin being a little dictator.
The nice thing about the internet, compared to reality, is that you can simply walk away if you don't like the taste of said dictator and create your own little dictatorship.
Re: (Score:3, Insightful)
I do believe that changing hosts file without consent is enough malicious... ;)
Downloading is wrong? (Score:4, Interesting)
Tell that to SourceForge.
If these people are caught with ties to any industry the FTC needs to come down on them, hard.
Thanks - didn't know about suprbay (Score:4, Informative)
Re: (Score:3, Informative)
C:\Windows\System32\drivers\etc>cacls hosts
C:\Windows\System32\drivers\etc\hosts NT AUTHORITY\SYSTEM:(ID)F
BUILTIN\Administrators:(ID)F
Re:Running as admin is fun (Score:5, Insightful)
Far out. I'll slap the next person who tells me Unix is hard to use, if that's Microsoft's idea of user-friendliness.
Re: (Score:3, Interesting)
Far out. I'll slap the next person who tells me Unix is hard to use, if that's Microsoft's idea of user-friendliness.
From someone who runs a PC repair business, XP makes Unix look like childs play... Man it even makes doing a Gentoo install look easy.
Give me a nice clean bash terminal any day.
Re: (Score:2)
Of course it looks complicated.
a) You're not supposed to manage file permissions from the command line.
b) NTFS permissions are far more customizable and have far more features than POSIX style. It's the same reason PostgreSQL is more complex than a flat text file.
Re: (Score:3, Informative)
Well if you want to go there, most modern linux filesystems support ACLs as well, they're just not generally needed since programs only ask for root if they need it...
Re: (Score:3, Insightful)
Also, a more complex problem is that Windows users don't know about all that stuff and can't be bothered to learn
Re:Running as admin is fun (Score:4, Insightful)
Try to open regedit someday.
Anyway, "easy to use" is jargon to "works like Windows" nowadays. So, obviously, Windows is "easy to use", you can't contest that.
Re: (Score:2)
What I want to know is WHY did the piratebay take it down?
Maybe because it was editing the hosts file and therefore blocking thepiratebay.com? Where is your freedom of information if you can't access the infromation?
Re:It literally kills its own spreading method (Score:4, Funny)
Mod parent up. If you can't get to thepiratebay.org anymore, you're gonna reinstall your OS.
<cynic>
if you can't get to thepiratebay.org, where are you gonna get your OS from?
</cynic>
Re: (Score:3, Funny)
This way we can finally drag the user kicking and screaming into the year of Linux on desktop! :)
Re:First? (Score:5, Informative)
Well , the trojan has been removed , and i'm sure the user uploading has also been identified and banned.
If it changes the hosts file , it's easy to identify, and remove.
We get trojan and virus uploaders all the time, and they are removed at first sight, so this is nothing new, and nothing TPB can't handle.
Re: (Score:2)
Wow, people belirve that shit?
TPB believes in generating advertising revenue. Everything else is bullshit. You really think they are about freedom?
rickbot (Score:3, Funny)
Patches your flash player so that everything you look at on Youtube gets replaced by Mr. Astley's stellar performance.