Targeted Worm Hits Kazaa's Network

sh0rtie writes: "Kaspersky Labs and the BBC are reporting that the Fasttrack network that Kazaa uses has been hit by its first targeted worm virus dubbed 'Benjamin.' Is this a clever RIAA creation or that of a mischievous virus writer? I guess we will never know, but the result is that it seems to be bringing unsuspecting users machines to a crawl with full hard drives and clogging up the Fasttrack network with massive amounts of traffic bringing more headaches for ISPs and sysadmins worldwide."

any surprise?

[eyegor]

Yet another reason not to use them. geez....

Re:any surprise?

[DrugCheese]

Really, who wants to use such an advertisement ridden program anyway. Now it's infested with something more lethal. woohoo

Re:any surprise?

I wonder if anything like this had ever hit Napster in the past? I don't remember such a thing. I think this is all due to the crappy code the fasttrack people created -- a lot of it spyware and other crap that is supposed to give them too-much control over your system.

_
WINDOWS USERS CLICK HERE!

Re:any surprise?

[loply]

Yeah, who would want to use such a program?

Well, from what I can gather... two million, two hundred & twenty six thousand, five hundred and thirty six regular citizens of Earth, who want to access over a million gigabytes of pirate software, mp3s and porn. Duhh. Wake up.

Re:any surprise?

[DrugCheese]

two million, two hundred & twenty six thousand, five hundred and thirty seven complete morons

kinda low from my recent headcount of sheeple out there

Re:any surprise?

[peddrenth]

So this virus doesn't affect you if you use KazzaLite, right? And you also use less bandwidth. ?And you use less processor time, so everything else runs faster?

Looks like Kazza's going to get a whole lot less popular as the malware-enabled version goes..

Re:any surprise?

[Lazyhound]

Actually, it affects KazaaLite users, too. Remember, the only difference is that the spyware has been removed. Any security loopholes present in one are bound to be present in the other...

Re:any surprise?

[xtremex]

I have a Kazaa clone that uses the Kazaa network w/o using the crappy Kazaa Software.Unfortunately, it's for windows only :(
Go to http://cguru.cjb.net. It's called MyKazaa

"Clever RIAA creation"???

[Wakko+Warner]

Look at the kind of music these fellows put out. Now tell me anything they create is "clever".

- A.P.

Re:"Clever RIAA creation"???

[peterwayner]

There are plenty of songs that infect my brain like a virus and I can't get rid of them. They may sound stupid if you think of them, but maybe they prey on the unconscious. In fact, that's probably why they give their music to radio stations.

Re:"Clever RIAA creation"???

[Danse]

Look at how much money they make. Now tell me how anything they create could be anything but clever.

Re:"Clever RIAA creation"???

>> In fact, that's probably why they give their music to radio stations.

In fact, you are wrong.

It's the distributors whom give the radio stations the music, not the R.I.A.A..

In fact, those radio stations have to pay a royality on every song they play.

So radio stations are hardly getting free music!

Re:"Clever RIAA creation"???

[Wakko+Warner]

When you own the means of production, distribution, and broadcast, does anything you create need to be clever?

- A.P.

Re:"Clever RIAA creation"???

[Danse]

Ok then, the industry must be pretty clever to have secured such seemingly unassailable power for themselves, so yeah, I guess their creations don't actually have to be clever.

Re:"Clever RIAA creation"???

[MattCohn.com]

Most radio stations pay for a couple of blanket licences that cover all the music they play. So if they were going to pay the same amount ANYWAY... getting music IS free music.

of all days....

[jeffy124]

the day the secret Kazaa/Brilliant network came to life is the day that this worm gets let loose.

Re:of all days....

[randomErr]

It's not a virus, its an undocumented feature.

Re:of all days....

let's see. the guy didnt call the secret network a virus (it also happens to be documented in the user agreement). he didnt call the worm a virus (worm != virus by definition). what is he calling a virus?

clever RIAA creation?

[crovira]

Bwahahahahahahaha.

Those Luddites? I'm surprised they don't use a pen make by plucking a feather from a goose's ass.

Oh that's rich. Thanks for laugh...

Re:clever RIAA creation?

You're right - they are Luddites! From the article:

In addition to eating up free disk space Benjamin takes additional actions: under the name of the infected computer's owner it opens an anonymous web site from which it displays advertising banners. This way Benjamin's creator profits by the resulting increase in advertising displays.

You'd think they would have learned how to use pop-ups before now...

[deep sigh]

[coronaride]

seeing as how everyone and their grandmother's dog-sitter read the post about Kazaa's involuntary spyware and then promptly deleted Kazaa from their system, I really don't see how this story should effect anyone..right? hmmm..on second thought..is it the kazaa NETWORK?

Re:[deep sigh]

I still use Kazaa-Lite which is supposedly stripped of all the spyware (and according to Ad-Aware it is except for the dummy cydoor library). Why? Because I can't find shit on Gnutella compared to Kazaa! When I finally do find something, every link I try doesn't work. It's totally lame. Man do I miss Napster... the days of searching for something and finding 60 different hits on it in seconds. *sigh*. EVERYONE was on Napster. FUCK THE MPAA/RIAA!!!

Re:[deep sigh]

no kidding...i've got the kazaa lite running and gnucleus. So much more to be had on Kazaa, virii included apparently.

Re:[deep sigh]

a lot of people will still have this programme, the spyware wasn't reported THAT much.

Warez Connection

[_bobs.pizza_]

how big of a surprise is this? The whole idea behind kazaa is that you can get music that you don't own. This reminds me a lot of the warez sites out there. How many of us trust them?

You get what you pay for.

Re:Warez Connection

You get what you pay for.

Yep, that's why I don't use Linux.

Re:Warez Connection

Now that, sir, is comedy gold.

Re:Warez Connection

I certainly don't "trust" them, but I've gotten tons of great software from them which I wouldn't have purchased, but was fun to try out. And games that are great to play for a few weeks but that I'd NEVER had paid money for.
The warez scene has its purpose. You don't have to use those sites, and yes, buyer beware...viruses do pop up, but [knock on wood] I've never been INFECTED by one and have only found 3 EVER since 1990 in all those thousands of warez I've "evaluated."

Re:Warez Connection

I have had the same experience that you have had. And if I ever do get a bad virus, I make sure everything is backed up.

Re:Warez Connection

[VisMono]

HOW DARE YOU!!! So true though. Very few things that are free compare well to those that are not. OS's are no exception.

Re:Warez Connection

[shepd]

I remember hearing about a leaked study from a long time ago done by a virus detection company.

The results seemed to (at the time) finger purchased software and hardware as the prime infection point for many machines.

Why?

At the time, BBSes autochecked files for viruses, and most people ran their disks through CPAV/F-Prot before giving them to others (since people "smart" enough to copy a disk were, at the time, able to run simple virus detection software). However, at the same time, major brand name companies didn't bother as much.

I can even remember a friend buying formatted floppies that came with a virus dropper on the disks...

If 100 people download infected software from one illegitimate site before the infection is pointed out and cleaned, that's just 100 people. Imagine the destruction that happens when you go gold and don't find out until a few weeks later that your CDs (or computers, or floppies, whatever) include a virus.

If anyone can find a link to that study, I'd really appreciate it. :-)

Sometimes you get more than you pay for.

Your PC is now stoned !!!

Re:Warez Connection

You get what you pay for

[Looks at latest Britney Spears CD.]

[Looks at price tag on said CD.]

Are you sure?

Re:Warez Connection

very true, I've been trying games out from the warez 'groups' and have only found one or two infected, and even those were package specific because the rest of them on the ftp/bot/site were ok. The only this that ever infected me was... stoned one of the many variants if you rember it's name you can understand how long ago it was.

Re:Warez Connection

yes, it was stoned...

Stupid Virus Writer?

[Saeculorum]

From the article...

In addition to eating up free disk space Benjamin takes additional actions: under the name of the infected computer's owner it opens an anonymous web site from which it displays advertising banners. This way Benjamin's creator profits by the resulting increase in advertising displays.

I might be wrong, but I'd think it'd be quite easy to find where the money from the advertising banners is going to. Quite simple to find the virus writer.

Of course, the recipient of the advertising revenue may not be the virus writer, but it's a good place to start.

Stupid people amuse me.

Re:Stupid Virus Writer?

[sheriff_p]

Quite simple to find the virus writer. Because s/he must live in a country where Americans have jurisdiction.

Right? Or maybe that won't help anything at all. And maybe it'll be almost impossible to bring charges against him/her because that would involve companies claiming damages. Companies that admit their employees were using software to steal music.

Perhaps you didn't really think this through?

As you said, somewhat ironically, 'stupid people amuse me.'

Overhyped?

[CmdrTaco+(editor)]

...under the name of the infected computer's owner it opens an anonymous web site from which it displays advertising banners. This way Benjamin's creator profits by the resulting increase in advertising displays.

Wow! I think this is the first time I've seen a worm creator actually try to turn a profit. It doesn't really seem to be all that malicious, it also seems that this would be an easy way to catch the person repsonsible. Just find out where the checks are going and arrest him!

Re:Overhyped?

[pjkacmar]

Just wait until Taco finds out that the anonymous web site is actually the Slashdot advertisement program.

Re:Overhyped?

[TheLibra]

Just find out where the checks are going and arrest him!

I'm afraid it's not that easy, CmdrTaco. Firstly, you are assuming that the money is going to someone associated with the virus writer. However, from what I understand, there are three types of people who write viruses:

1. The Attention Getter: This person wants the hype, the name, and the infamy to achieve some sort of status in the cracker or skr1pt k1dd13 community. They don't do it for the money, they just want to be 1337.
2. The Student: They do it for the study of viruses. They do it to learn. Sometimes it is legit, such as the programmers of anti-virus software, and sometimes it is a hacker (note the distinction I use here) who wishes to understand the why and how of a particular exploit. But we can rule out this type of writer because while they are sometimes in it for the money, they never want to actually cause harm, they want to learn, and their creations are rarely unleashed.
3. The Causehead: These people write the virus because they feel it will advance their cause. Be it governmental, corporate, or Greenpeace, they have their reasons. They also do not do it for the money.
4. But take a virus that makes money, such as Benjamin. Well, who says it has to go to the virus-writer. It could very well be a script that sets up the funds to go to any account, anywhere. If the writer was a cause-head, the money could very well be going to Save The Wales or some such to benefit that cause. Or even to a totally unsuspecting list of random accounts, to take away money from the corporations that have to pay for the advertising.
5. 
   
   But let us assume that the money is going to the author of Benjamin for a moment. There is also unfortunately the issue of money laundering, offshore accounts, vapor operations, and rerouting of transfers that can make finding out where the money goes all but impossible if someone is clever enough to do it.
   
   Assuming that someone is keeping the money for themselves, there are a variety of ways that it could be done. As referenced by Carl Sifakis...
   

   Method 1 Typical Drug Dealer Method

   • 1) Get a million dollars ( how you do this is you own business.)
   • 2) Fly to the Grand Cayman Islands and take your million with you.
   • 3) Some banks in that area sell legitimate off-the-shelf corporations. (These are shell corporations or holding companies. Some even come complete with a board of directors. Buy one of these corporations from the bank.
   • 4) Open an account in one of those banks under the corporation's name and deposit the remainder of your money.
   • 5) Enjoy the islands, get some sun and then go home.
   • 6) When you arrive at home, "borrow" $100,000 from the corporation in the islands by wire transfer. (As sneaky as this sounds, it is totally legal.)
   • 7) Open a restaurant with a bar.
   • 8) At the end of each month, take proceeds from whatever criminal thing you've got going on the side and deposit it in the bank as the take from the bar. It is a good idea to to over report how well you restaurant/bar is doing but not to get to greedy. The Internal Revenue Service takes a dim view of a pizza parlor that purports to do several hundred thousand dollars a month in revenue. If you don't get greedy you won't get investigated. They just don't have the manpower. It is also a good idea to plow some of the proceeds into the legitimate corporation too. If the company does well on its own it can expand and offer more laundering potential.
   • 9) Your criminal money is now clean as a whistle. Pay taxes on it.

   Method 2 The Loanback Method

   • 1) A New Jersey gambler has half a million dollars in profits salted away in a numbered Swiss bank account. He buys a string of car washes( another great way to over report potential sales) for $1 million financing it with 50,000 grand down and $450,000 with a legitimate first mortgage.
   • 2) He "borrows" the other half million from his Swiss bank.
   • 3) Since he is borrowing his own money and repaying it as if it too is a legitimate loan that means he has interest charges. This charade allows him to pay himself the interest and deduct that same interest from his taxes, thus bringing the money back into the country.
   • 4) Once he has paid of his loan to himself he may relend it to himself.

   Method 3 The Money Broker Shuffle Problem

   Mr A is Columbian drug lord. He has a million dollars sitting in New York badly in need of deodorization. Mr B is a legitimate Columbian businessman who wants to buy a million dollars worth of U.S. computers but his government wants 21 cents for every dollar he buys with his pesos.

   Solution: They hire a money broker who for a nominal fee will solve the problem.

   • 1) The million dollars is smurfed or smuggled overland to an account in a Mexican bank. ("smurfing" is process of wire transfer of money in tiny chunks less than 10,000 dollars. This is effort intensive but necessary. Billions of dollars are wire tranfered everyday but only transactions larger than 10 grand are documented by banking institutions. Transactions smaller than this are fully covered under banking insurance. Thus larger transactions are carefully tracked in case something goes wrong. Law enforment also does not possess the manpower to check all these transactions and never will. This is an every damn minute,24 hour a day phenomenon.)
   • 2) The broker writes a check for U.S. 1 million at a correspondent bank in New York City and gives it to XYZ computers.
   • 3) XYZ computers ships Mr B. his machines from its Panamanian free zone warehouse
   • 4) Mr B gives the money broker a million dollars worth of pesos.
   • 5) Pesos become sqeaky clean pocket change of Mr A. Annual loss of revenue to Columbian government: 6-8 billion dollars.

   Method 4 The Omnibus Account Method

   Swiss banks (and others I'm sure) maintain what is known as "omnibus accounts" at American brokerage houses. This make it easy for mafiosi to purchase American blue chip stock anonymously. Naturally, if they make a profit they pay no capital gains taxes on it because there are no records in the U.S. tying them to the stock purchases and the Swiss banks are bound by their laws not to reveal the names of their investors. This enables them not only to make money but to manipulate the market by buying large blocks of stock through the banks and then exercising their proxies, enabling them to determine who will be on the board of directors and who will be C.E.O.

   
   In Short, if this person has half a brain, then just "seeing where the checks are going" will not reveal the culprit.
   
   The Libra Eagles may soar, but a weasel never gets sucked into a jet engine.

Re:Overhyped?

i hope you know that isnt the real taco...

Re:Overhyped?

[wdr1]

I'm afraid it's not that easy, CmdrTaco.

FWIW, the person you responded too wasn't CmdrTaco.

Give him points for being clever though.

-Bill

Re:Overhyped?

[Pig+Hogger]

...
1) A New Jersey gambler has half a million dollars
...
He buys a string of car washes...

That's how the IRS caught a launderer: he washed something like 450 cars during a 3 day blizzard...

Dry-cleaners are a good money laundering method (no pun intended!!!). Some years ago, around here, someone started a chain of $1 dry-cleaners. Within weeks he was firebombed into oblivion.

Re:Overhyped?

[Slashamatic]

You forgot OTC derivatives. Very good way of laundering lots of money!

Re:Overhyped?

I thought that swiss banks aren't as anonymous anymore. Or maybe it's just me. Can't their government sometimes disclose things? I did hear that Luxumborg (did I spell the right....who cares anyway...its Luxumborg!) is pretty private though. Although, I could be wrong. Just thought I would in my own 2 cents.

Re:Overhyped?

Here's a lotery ticket method.

After you get a winning ticket, spend nine months setting up your own religion. As soon as you get all the paperwork done, and get the religion officially recognized, the church recieves an anonymous donation of a 50 million dollar ticket. Which the church instantly cashes, and instantly pays you, as a signing bonus for being the first priest of your church.

Why go through all of this trouble? Seperation of church and state. Priests are the only people in the nation that pay zero income tax. No state, federal, OR local tax on money gained while performing the duties of the church.

End result? You pocket 50 million after taxes instead of 20. And when you are investigated by the fed? Sorry, but when they notice and revoke the tax exempt status of the "church", you have already been paid your money. The fed can revoke the tax exempt status, but can not do it retroactively.

Gotta love organized crime^H^H^H^H^Hreligion, eh?

Re:Overhyped?

[Clemence]

Right, it's that easy to go undetected. As you leave the country with th $1m cash, you will be required to fill out a declaration form stating you are taking that much currency out of the country - caught. If you don't, that much currency is difficult to conceal and as likely as not will be detected - caught again. When you wire the $100,000, the receiving bank in the U.S. will file a Suspicious Activity Report (SAR - required under U.S. banking law), and your transfer will be flagged in the Financial Crimes Enforcement Network (FinCEN) databases at the Department of Treasury - caught. From there, the feds will find every piece of open-source (and closed source) data available about you . . .

As if a shell corporation in the Caymans will make everyone look the other way. And paying taxes on it - good lord, what better way to tell the feds "look at me, question my income" You still haven't established a cover for the original income.

And so on and so on and so on. The feds never catch the smart ones.

I fail to see the "worm" here...

[Bollie]

but the result is that it seems to be bringing unsuspecting users machines to a crawl with full hard drives and clogging up the Fasttrack network with massive amounts of traffic

What? Doesn't that happen every time a new cammed version of Spider-Man or AOTC's is released?

Hide the spice!

[Limburgher]

The worm is coming! It can smell the spice on your hard drive! Delete it, or it'll smash through it and destroy you!

Re:Hide the spice!

It can smell the spice on your hard drive!

There's someone sharing *shudder* Spice Girls videos on KaZaA? Hmmm. Let's see. Windows. Spyware. Total lack of common sense or musical taste. Okay, I can see the pattern.

Re:Hide the spice!

[Kphrak]

+1 DUNE!

Mod the parent up...this is a clever Dune reference. You know, the novel...or the movie, for those who didn't see the novel.

No kudos to the people who were stupid and thought the dude was talking about the Spice girls.

Re:Hide the spice!

I didn't see the novel, but I read the movie. Does that count?

Re:Hide the spice!

[liquidsin]

Some of us just enjoyed the video games...

The Dune game that was like warcraft (erect buildings, build army, kill foes) was the first pc game I ever bought, I think...

Re:Hide the spice!

> The worm is coming! It can smell the spice on your hard drive! Delete it, or it'll smash through it and destroy you!

Wrong worm; this one's attracted to the smell of fecal networks.

Re:Hide the spice!

[Zathruss]

Or novels(s).. The damn thing went on forever.

Re:Hide the spice!

That was a rocking game...I legally own all Dune 2 and dune 2000, I can'T find ANY copy of dune 1.

Death Nell

[Nanite]

Goodbye Kazaa. If the spyware scheme didn't kill you, infecting all of users with viruses isn't going to help. I don't think you could PAY someone to use Kazaa after all of this crap.

Nanite

The Brilliant Worm is

[Haiku+4+U]

what you get. Why use Kaaza?? It's a pile of shit!

Next Time A Warhol Worm?

[cybrpnk2]

Some very scary research has been aimed at discovering just how fast a worm could infect the entire Internet. This is the so-called Warhol worm, so named because instead of getting 15 minutes of fame, it would only take 15 minutes to infect the entire internet. If some nut combines a Warhol worm with a Kazza worm, we are in deep trouble.

Re:Fuck the RIAA

[Cheesy+Fool]

But yet you still buy windows games.

Oh, by the way, STEPHEN JAY GOULD DIED

[Artifice_Eternity]

This is not a troll, and it's not offtopic, if Slashdot is truly about "News for Nerds, Stuff that Matters":

The greatest evolutionary theorist since Charles Darwin died of cancer at his Manhattan home today... here's the New York Times obituary.

I submitted this story and it was rejected. Apparently Nintendo price cuts and the latest Star Wars box office figures are big news today, but not this.

I suggest that when Slashdot editors reject stories, they put their names on them, so we the submitters can start to figure out who ignores this kind of hugely important news in favor of trivia. Anonymous users are labeled as "cowards"... seems to me the same applies to anonymous editors.

Of course I fully expect this story WILL appear on the front page later tonight, or tomorrow, or better yet, in two or three days, after another 50 people have submitted it, and Taco or Timothy or somebody finally recogizes its significance.

Re:Oh, by the way, STEPHEN JAY GOULD DIED

[rkent]

I submitted this story and it was rejected. Apparently Nintendo price cuts and the latest Star Wars box office figures are big news today, but not this.

Boo hoo for you, did you consider that maybe 13 other people submitted it before you, it's maybe 200 submissions down on the queue, and it might get posted later? Sorry your story got rejected and you don't get any karma, but please. Enough with the ragging on people because they talk about other stuff besides your pet topic.

Re:Oh, by the way, STEPHEN JAY GOULD DIED

[tgibbs]

A great loss, not merely for his contributions to evolutionary theory (and whether you agree with him or not, he has undeniably raised crucial issues that have stimulated progress in the field), but for his contributions to scientific history, and showing that serious scientific writing does not need to be dull or stilted.

I agree, this deserves its own topic. But this thread is sort of about evolution, isn't it?

Re:Oh, by the way, STEPHEN JAY GOULD DIED

[nomadic]

Boo hoo for you, did you consider that maybe 13 other people submitted it before you, it's maybe 200 submissions down on the queue, and it might get posted later? Sorry your story got rejected and you don't get any karma, but please. Enough with the ragging on people because they talk about other stuff besides your pet topic.

I doubt the original poster cares about karma; he's complaining about the fact that the editors just have no apparent ability to pick stories anymore. Gould was a brilliant scientist whose passing should be major news. Instead we get an endless succession of stories about file sharing and wireless networks. Interspersed, ironically, with self-congratulatory stories about how brilliant, well-rounded, and scientifically literate geeks in general are.

Re:Oh, by the way, STEPHEN JAY GOULD DIED

[MoneyT]

If the original poster actualy cared about his Karma, do you honestly think he would have posted under his account instead of anonymously?

Re:Oh, by the way, STEPHEN JAY GOULD DIED

[DouglasA]

Gould was a brilliant scientist whose passing should be major news.

Yes, it is major news. That's why it's on the front page of CNN, Boston.com, etc. I do not need Slashdot to cover stories that I'll hear about anyway. I come to Slashdot to get more interesting, off-the-beaten-path stories, or sometimes interesting commentary on hugely important news (not just the passing of someone famous).

Making the Slashdot front page does not mean that the Kazaa worm is more important that SJG. It's called perspective.

Re:Oh, by the way, STEPHEN JAY GOULD DIED

Every fucking one of these stories is FPN on the net somewhere. There is not one single story that is a slashdot original! not one! No one needs slashdot for anything except bitching about meaninless drivel. News? HA!

Re:Oh, by the way, STEPHEN JAY GOULD DIED

Sadly, the type of INFORMED DISCUSSION and REASONABLE DISCOURSE you're desiring is only available via our SLASHDOT2 service. Sadly, SLASHDOT2 is only available via our INTERNET2 service.

Re:Oh, by the way, STEPHEN JAY GOULD DIED

And now it has its own topic

Re:Oh, by the way, STEPHEN JAY GOULD DIED

[ahde]

1) Only political statements make the front page of any major mainstream publication. News, Ads, and everything else takes a back seat.

2) Do you think when the Pope dies that it will make the front page on Slashdot? There are a whole heap more catholics than evolutionists in the world. Probably even on Slashdot.

3) The Kazaa worm affects alot of people, and actually is relevant to the FUTURE. To top it all off, it's even "tech" or "computer" news, which is what slashdot is mostly about.

4) Obituaries don't belong on the front page. See #1.

Re:Oh, by the way, STEPHEN JAY GOULD DIED

Catholics *are* evolutionists.
http://www.newadvent.org/docs/jp02 tc.htm
http://www.2think.org/pope.shtml

Or at least, the catholic church isn't officially
against evolution.

How is it activated?

[Shagg]

The way I understand the article, it replicates itself in someone's share directory and waits for other Kaaza users to download it. How is it executed on the remote user's computer then? Do they have to specifically run the virus program, or is there a security hole in the Kaaza client somewhere that automatically executes the virus?

I'm assuming users that download this file must specifically execute it. If this is true, then IMHO any person who downloads an unknown .exe from a P2P network and runs it without at least scanning it, deservers what they get.

Re:How is it activated?

[eddy]

I don't see how it can deserve the designation worm if it takes user intervention to spread, both a) to download it and then b) to execute it, which is the impression I got from the Kaspersky bulletin.

Wouldn't simply trojan be a better fit?

Indeed, the bulletin calls it a "worm". Let's continue doing that so as to not confuse matters even more than they already are regarding the designation of all these malware.

Re:How is it activated?

[rkent]

I'm assuming users that download this file must specifically execute it. If this is true, then IMHO any person who downloads an unknown .exe from a P2P network and runs it without at least scanning it, deservers what they get.

Oh come on, cut some slack. You know as well as everyone that non-exe files are associated with an app based on extension, and double clicking (for example) an mp3 file opens it in WinAmp. So if this thing gets downloaded and aliased as "Simpsons Theme.mp3", you should be able to forgive people for double-clicking on it.

Re:How is it activated?

[kilroy_hau]

Agreed until the last phrase. If you use a P2P network to copy an exe you cannot know what are you gonna get.

But scanning a NEW worm is next to useless if you don't have the latest antivirus, which is updated after this worm has been released and infected several machines.

Re:How is it activated?

[Time_Ngler]

If it's aliased from exe to mp3, I don't think it would run. It would try to open it as an mp3 file then.

Re:How is it activated?

[bonzoesc]

The Kazzzasaazaz installer connects to the FastTrack network to download the actual filesharing program (the functionality in the installer + search + spyware and ads and robot monkeys that confuse your clock cycles for bananas and eat them while throwing monkey poop all over your hard drive). Since the client itself also has built in functionality to display stuff, it would be entirely possible to exploit a buffer overflow bug or something like that that slipped through the probably non-existend QC or some such.

But Kaszzzasdfddsafaszzza is for frat boys, sorostitutes, and pre-teen girls. Real men use FTP or DC++.

Re:How is it activated?

[BCoates]

Yeah, looks like it's really a trojan, relies on the one-born-every-minute principle to spread.

--
Benjamin Coates

Re:How is it activated?

Cut slack to cheap grabass motherfuckers that refuse to pay for their music/software? You're on fucking crack.

Re:How is it activated?

[giberti]

No but a word document with some vbs script in it might do the trick... I am sure they can get plenty of people to open a word document if titled correctly (like the simpsons example above) but you will have to forgive my lack of creativity right now.

Re:How is it activated?

[wik]

You could even embed a virus inside an MP3! Winamp might even execute it in a vulnerable webbrowser for you:

http://msgs.securepoint.com/cgi-bin/get/bugtraq0 20 4/284.html

Remove the space that slashdot lovingly inserts in the URL.

Re:How is it activated?

[amuro98]

That's the thing that confuses me as well...

This really just sounds like a modified version of the same stupid Outlook Express virii/worms we hear about every other day. The only difference is that this one is a bit more tailored for its environment.

How is this any different from someone sharing a virii labeled "Natalie Portman Nude.jpg.exe"?

Considering Kazaa already lets you filter out files based on their extension, I don't see this being a problem unless you're stupid enough to believe that that copy of Photoshop you downloaded really is only 216bytes large (or even 5mb with padded junk.)

Re:How is it activated?

[phoenix123]

it is. read the article and you will find out for yourself.
IT'S THAT STUPID CLICK-THE-ATTACHMENT-WHOSE-NAME-SOUNDS-INTERESTING SCHEME. NOTHING SPECIAL HERE -
user has to click on bogus scr-file with bogus name and bogus file size.
if one cannot distinguish any "good" file from a faked one with X
no person here has tried to understand the virus' concept and did just comment bogus like "we don' need no filesharing we are all honest" or "music industry is to blame" and the like.
i loaded my kazaa LiTE (only stupid people use the "real" spyware-infested original) and searched for *.scr (the extension of the virii files) and voilà X thousand hits.

summary: the virus is NOT clever, user action IS necessary in EVERY case of infection. it closely resembles the outlook-attachment-virii-scheme, so it can only infect users that: a) ignores extension b) has its extensions still hidden in windows c) don't cares

this virus relies on the fact that windows can RUN many more files than most people think. maybe some online-virus-scanners check exe, com, dll, doc, xls, boot-sectors, MBRs etc. files (mine (free for personal use) does include scr, btw) but of course PEOPLE do not suspect all other files to be malicious.
windows can execute some even nastier things: LNK(!), PIF(LNK&PIF-extension is HIDDEN even when UNHIDE extension is selected. to show pif and lnk exts the use of REGEDIT can't be avoided), SCR, EXE, COM (d'oh!), HTA (html-executable/precompiled html(?)) and a lot more. but pif and lnk's are the best to hide your malicious code. even i tripped in an XYZ.jpg.pif - worm once. (shame on me) try to send someone you favorite fun-program (no virus, but looks like one maybe) and name it XYZ.jpg.pif and send it via outlook. (the victim must use outlook express prior to version 6 and the file must not exceed normal JPG file sizes or it will be too obvious.) soo and then the file arrives at the victim in his outlook, but outlook prior to version IE6 *hides* the PIF-extension of the file if you choose download/save attachment... - so everyone assumes "jpg is safe" and opens it directly. or is cautios and saves it on disk and opens it from there. but even then the .pif is hidden, the only thing the person can spot then is the "MS-DOS"-like symbol of the well known jpg-file...

don't execute anything you download.
have your always-on virus scanner scan all files if in doubt. yes that will cost performance. but reinstall is a lot more time and you guys probably won't notice any lag on that ATA-133 hd's anyway.

Re:How is it activated?

well, there is one occurence where i download a *.mpg files in kazaa. it is a porn cartoon. it is nice. anyway, *ehem*, at the middle of the video stream, it can trigger a internet explorer and directed it to their web site where i'm suppose to get FREE PASSWORD FOR THEIR PORN SITES.
yes. it is scary. if it can trigger the IE, it can also trigger something else.

Re:How is it activated?

[hazyshadeofwinter]

"Hot Sexxxxy Lezbo Pr0n Movie - SELF EXTRACTING.mpg.exe" I don't use Kazaa, but I see a *lot* of titles like that on gnutella, usually with filenames long enough the actual extension would be well hidden. And Windows/Mac users are usually pretty well conditioned to click on the file, rather than run a movie player and go file/open.

Re:How is it activated?

[ardfarkle]

Well, I have first hand experience with this worm/bot and can tell you it does some weird things, but it relatively benign and easy to remove.

One of my clients got it on the 18th, and after trying to find out why their server was going crazy for several hours, they finally called me at about 3am on the 19th. It only took a few minutes to find since 'explorer.scr' sits at, or close to, the top of the task list sorted by CPU utilization. But the part that I found interesting was the distribution system. Not only is it your system that distributes it, but the person receiving the worm actually chose to do so from your computer. In addition, the ~2000 internal filenames allows the worm to appeal to a broad range of victims while allowing it to merely produce variable sized copies of itself with new names on the source drive. This is then forced to be shared by Kazaa.

Although there have been those whose have suggested this might be an RIAA plot, it doesn't target audio files such as .mp3, although considering the way it processes filename strings, I'm surprised the author did not figure out how to do so. It would be a simple task to create a file with a apparent .mp3 extension that would execute like a .exe or .scr file. And no, this worm has nothing to do with the adware included with the full verses Lite version. The both are subject to this worm. My client was running Kazaa-Lite.

Originally it was falsely unidentified as 'TROJ_FILLHDD.A' and 'GT Bot (Global Threat)' due to the 'explorer.scr' filename, but the operation was considerably different. It was brand new, and was not properly identified by virus scanners for this reason. My client who got it runs the Corporate version of Symantec's virus protection, but it just didn't know about it. To this date the new defs do not fully protect against this worm IMO (updated 25 min ago and tested on a closed system).

One of their employees decided it would be a good idea to install Kazaa on one of the servers (yes, I have now tightened up the group policy so they can't do this again), and the rest is history. Needless to say, he's not in the good graces of his employer right now.

Although this was originally designed to be a method of distributing advertisements (and a damned stupid one at that. Wow, you just gave me a worm and filled by drive with shit. Sure, I'll buy your product (porn or not)!), I think it may now do a bit more.

I have found that it does not just contact 209.182.61.132 (xww.de), but also contacts 66.218.71.113:0 (w2.rc.scd.yahoo.com), each time it is loaded. It also contacts various other IP numbers (one specific IP# per run) that might be stored internally. Here are a few I have sniffed besides the two above:

64.239.122.20 (ns1.macrohost.de [Dialtone Internet])
63.209.70.227 (an unknown address at Level3.net)
217.69.237.132 (an unknown address at PIXELHIT1-NET [Poland])

Anyway, it doesn't do much/any damage unless it cause your system to crash from too little space left on the system drive, and it's easy to completely remove, but currently it needs to be manually removed. For one, Symantec Anti-Virus 2002 and the Corporate version will not remove the registry entries or stop the running process. If you have it, or know someone who does, take a look at:

How it works:
http://groups.google.com/groups?hl=en&lr=& frame=ri ght&rnum=11&thl=1066366998,1066307103,1066303080,1 066150858,1066138013,1066056211,1065940874,1065917 702,1065701808,1065699348,1065574296,1065568930&se ekm=38c0e426.0205170649.873ce8%40posting.google.co m#link20

Removal:
http://groups.google.com/groups?hl=en& lr=&frame=ri ght&rnum=31&thl=1022186493,1022097445,0&seekm=2868 c408.0205220308.674ac3f1%40posting.google.com#link 31

John - ard@d30.info

Clever RIAA Creation

[BlueFall]

Is this a clever RIAA creation?

What an incredibly irresponsible statement. Don't go pointing fingers until you have some evidence.

Re:Clever RIAA Creation

[Aexia]

Yes, quite irresponsible. After all, when has the RIAA ever done anything malicious to innocent computer users' systems?

Re:Clever RIAA Creation

[Thud457]

Yeah, but they're only Mac users. They deserve to be abused.

(The whole point being is that Macs are what Hollywood thinks computers look like, so they go after the target they recognize. Leaving those of us with real computers clean and free.)

Re:Clever RIAA Creation

What an incredibly irresponsible statement.

Actually, that funny little squiggly-looking thing after the word "creation" is called a "question mark"-- and it has the power to make the group of words before it into a question, not a statement.

Examples:
Question: "Are you a dunce, for not being able to tell the difference between a question and a statement?"
Statement: "You are a dunce, for not being able to tell the difference between a question and a statement."

Re:Clever RIAA Creation

[ocbwilg]

What an incredibly irresponsible statement. Don't go pointing fingers until you have some evidence.

It wasn't a statement, it was a question. Don't go pointing fingers until you know the difference.

Re:Clever RIAA Creation

[Mordanthanus]

I wonder though, has anyone considered that the creator might be from MusicCity (Morpheus) or a supporter?? They did get screwed a few months ago...

BBC -- RIAA responsible

[hether]

The BBC reported this earlier today:
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1 998000/1998686.stm

I agree with the idea that the RIAA would definitely have motive when it came to a worm like this, or some random RIAA suporter. Good thing most intelligent people quit using Kazaa a long time ago, or for sure when they found out about the spyware.

The money trail....

[Mhrmnhrm]

Doesn't necessarily point to the culprit. Just because the webserver is hitting/serving up whatever the ad of the hour is, doesn't mean the person getting the checks is the virus writer. How difficult would it be for instance, for a blackhat to write a virus, have it hit/serve a bazillion ads, but send the money to a certain John Ashcroft, who just happens to live in DC, with a job at the DOJ? Especially given the talents of a true blackhat, this wouldn't be difficult at all. Unfortunately, that's what these posts of "Follow the money trail" are doing... it's entirely possible the writer borked up bigtime, but more likely that someone's being made a stooge, and that the money is just a red herring.

Re:The money trail....

[MoneyT]

Given the average intelligence of an American citizen (fairly low seeing as how the NY Times is supposedly written at an 8th grade reading level) and the average intelligence of many people, I would be willing to bet that the money trail does at some point lead to the virus creator. And even if it doesn't, I would still be willing to be there is a trail back to the virus writer.

Re:The money trail....

[VisMono]

Actually, those who resort to base generalizations like yours would be a better candidate for a lower IQ.

Re:The money trail....

[MoneyT]

Base generalizations are only dangerous if they are false. However, common sense is very lacking in this world. If you need any proof, you need not look any further than the warning lables on common household products such as a hair dryer (Do not use while sleeping or Do not use while showering) or on packages of peanuts (may contain nuts). Also, you might want to reconsider your position in society if you took offence to my previous statement and assumed it applied to you.

Easy to catch the creators?

[tekBuddha]

From the article:

"In addition to eating up free disk space Benjamin takes additional actions: under the name of the infected computer's owner it opens an anonymous web site from which it displays advertising banners. This way Benjamin's creator profits by the resulting increase in advertising displays."

Wouldn't it make sense then that you could track the creators of the worm to whomever is collecting the payout of these banner ads or am I misunderstanding how its working?

Re:Easy to catch the creators?

I would hope that the money is going to some offshore account. Or, I hope this person is good at money laundering.

And this surprises anyone... Why?

[wowbagger]

Perhaps I am paranoid, perhaps I am an old fart, but I cannot see trusting any file I got from any of the P2P systems for precisely this reason.

Using P2P

[tswinzig]

Big whoop. P2P becomes the latest transport mechanism for viruses. It's not exploiting a hole in Kazaa, it's just sharing a folder with virus-infected executables labeled with intriguing names that are likely to be downloaded by Kazaa users.

If these users are then dumb enough to run an executable file they download from an unknown source, they will be infected.

Wow.

Re:BBC // RIAA responsible

I should have been more clear. I didn't mean to indicate the BBC thought the RIAA was responsible. Just that my post was about both.

Requires user intervention

[ZiGGyKAoS]

awww this requiers that the user download and run it in order for it to infect the computer.

One of these days there is going to be a serious flash worm on that fasttrack network. All one would have to do is find a buffer overflow in the server portion of it. Each computer knows about several others as a function of the program so finding exploitable hosts should be as trivial as doing a netstat -a.

Infected?

[rkent]

Okay, so... who's infected? any slashdotters get the

"Error:
Access error #03A:94574: Invalid pointer operation
File possibly corrupted."

message yet? If so, what did you do to clean up? Neither of the 2 articles gives a very good indication of that; I guess I'd start by deleting \windows\system32\explorer.scr and \windows\temp\Sys32, and removing these registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cu rr entVersion\Run]
"System-Service"="C:\\WINDOWS\\SYSTEM\\EXPLORER. SC R"

[HKEY_LOCAL_MACHINE\Software\Microsoft] "syscod"="0065D7DB20008306B6A1"

Seems like that should keep it from spreading, but that won't prevent a reinfection. Oh well; at least there's a popup notice when you get infected. that's nice.

Looks like fasttrack users (kazaa, morpheus, AND grokster) are catching on... about 1/5 as many users on as usual for this time of day. And before you flame me as a pirate, I only trade Simpsons episodes which aren't available for sale yet :)

Re:Infected?

Excuse me, but how does the fact that you "only trade episodes that aren't available for sale yet" make you not a pirate? Is it only piracy if you rip copyrighted material that has made its way to DVD?

"No, officer, see, I wasn't speeding. This is the 2003 model of this car, so it's not speeding until January first."

Re:Infected?

And before you flame me as a pirate, I only trade Simpsons episodes which aren't available for sale yet :)

How does the Simpons make it exempt? You're still breaking the law - just because its not for sale doesn't mean you have the right to download it and play it.

Re:Infected?

[rkent]

Is it only piracy if you rip copyrighted material that has made its way to DVD?

Well... sort of. As far as I'm concerned. I used to tape the reruns off TV, is that piracy, too? All I'm doing is filling holes in my collection. I already bought the season 1 DVDs, and will most likely get season 2 as soon as it comes out.

If you think that a 40 or 50M mpeg is anything like a replacement for DVD-quality audio and video (and therefore an excuse to not buy the DVD), you must not have watched one.

Re:Infected?

I'm not saying these crappy-bitrate-from-crappy-signal is nearly the same as DVD quality, but all the same it's breaking the law. If you recorded it yourself for your own use, sure, no problem. But just because you could have and didn't doesn't give you the right to 'round out your collection' from other people's collections, or to help other people with the same.

Re:Infected?

[ibis]

format c:

Re:Infected?

[Gentle+Troll]

I got it myself (first virus in nearly ten years). I dit what you said except that instead of removing Explorer.scr, I opened it with a text editor and removed a big chunk of it. I hope it will not be reinfected since the file is already there! Of course I will drop Kazaa anyway after this.... Thanks a lot, It stopped the nasty worm!

Re:Infected?

Oh piss off.

Like you've never broken any laws.

FUCKING HYPOCRITES!

Re:Infected?

[dogbowl]

So then what if I recorded it for my own use, and then let my buddy Duane borrow it? Is that illegal?

What if then Duane made a VHS copy for himself? Is that illegal?

The answer is no and no, if you're wondering. It sounds to me like you've been brainwashed by 'the man'.
How does changing mediums suddenly make something illegal?

Re:Infected?

[Evangelion]

Haven't you ever heard of Anime fansubs?

People would copy japanese LD's, subtitle them themselves, and sell them (not for much, but still), and no one found anything wrong with this -- because the episodes/movies/oavs were not available in any english language format. The copyright owners usually never said a word. The fansubbers would respectfully, not distribute something that was available in english in north america.

Your whining is reactionary and unessecary.

That's what I get for coming back to slashdot, I guess...

Re:Infected?

come back? it isn't is if you ever left, looking at your continual stream of 1 rated, boring comments.

cheers,

your mother.

whats the difference

[lazelank]

so this worm jumps onto your computer and puts ad software on it so you will have to wade through a million adds to read /. is this any different from kazaa already? o wait, you agreed to let kazaa do that when you clicked i agree after the eula.

meh

These poor script kiddies

[Henry+V+.009]

Whenever I think of what could be achieved by a virus using a P2P system, I am all the more astounded by the limited imaginations of these puny 13-year-old hackers.

How about using a million computers working in parallel to break an weak encryption and read some third world govenment's military email?

What about creating a secondary virus that uses known windows vulnerabilities and has a mathematically reasonable replication scheme to install itself on hundreds of millions more computers, and then use that to bring down the entire internet on a given day?

What about turning these people's P2P servers into a humungous free proxy network, defeating internet censorship attempts of evil totalitarian regimes (like China)?

Re:These poor script kiddies

Because the possiblity is that you might get caught.. there is always that possibility, so you do something annoying; just to piss people off and stay anonymous. If you do get caught the charges won't be lowering the GDP of some third world country but just vandalism and some community service.

Re:These poor script kiddies

[Arakonfap]

I agree completely!

It's always the same dumb worm/virus. Replication is the only real goal - no distributed computing, no political vendeta, not even maliciousness (which I'm thankful for, even though I needn't worry of infection).

This one has the popup ad thing, but my guess is the money is going to a randomly selected target.

This reminds me a lot of that viri/worm on the gnutella network a year+ back.

Re:These poor script kiddies

Woa, woa. After reading through your post, I'm amazed by the imaginations of puny 13-year old hackers.

Re:These poor script kiddies

[gad_zuki!]

Those are coded so well that they don't get noticed. Your PC is probably rendering 3D storyboards for Pixar and helping Japan simulate a-bomb explosions. Thankfully, everyone blames the lag on Microsoft products.

Occasionally the cabal writes 'press viruses' like these to keep Kaspersky busy.

Re:These poor script kiddies

[JanusFury]

You bastard! We said we'd let you leave the cabal if you promised not to give away our secrets!

You'll pay for this, oh will you pay. We'll see who's laughing when you get arrested and strip-searched by the CIA for stealing secret government documents and hiding them in your anal cavity!

Malware

Sic Semper Malware

Bad Business

[Tazzy531]

Ever since the whole deal with Kazaa and spyware and using your computer for distibuted computing, I've uninstalled and left them for good. Come on...think about it. If a company does not have the "consumer's" best interests in mind, it will not be able to succeed. What are they going to do when there is a major security issue that opens up your private data to the world? "Ooops..who cares..not my fault..they aren't paying us"

Kazaa has turned into bad news waiting to happen.

Kazaa Lite?

[flatt]

Anyone know how this thing is spread and if Kazaa Lite can get it even with the Brilliant Digital stuff disabled?

Re:Kazaa Lite?

[kilroy_hau]

Read the article. this is a trojan thath you download from the Kazaa Network (so kazaa lite is vulnerable too) But you have to download it and then execute it.

Advertising?

[jfengel]

According to the article, the worm sets up a web site for doing advertising, presumably porn. I'd think that that the sites being advertised would be a good place to start figuring out who's responsible.

It's an amusing idea to use a worm to carry a proft-generating payload, but it sounds like it'll leave a really big paper trail. The more advertisers you get, the bigger the trail.

riaa

[mosch]

Is this a clever RIAA creation...

I mean you no disrespect, but you're a fucking retard.

"hey guys, I've got a great idea. let's make a virus that will expose ourselves to billions of dollars of liability, but will only shut down some minor piracy for a day or two, until anti-virus software makers have protection for it".

Re:riaa

"hey guys, I've got a great idea. let's make a virus that will expose ourselves to billions of dollars of liability, but will only shut down some minor piracy for a day or two, until anti-virus software makers have protection for it".

Since they have demonstrated that they own the most of the legislative and enough of the judicial branches of the Federal government, why do you think would this sound like a bad idea to them?

Re:riaa

[UnknownQ]

"let's make a virus that will expose ourselves to billions of dollars of liability"

But only if they get caught, and viruses can destroy the reputation of the file sharing software so they are causing much more trouble then "shut[ing] down some minor piracy for a day or two". If they are the ones doing it, that is...

Re:riaa

[Man+of+E]

"let's make a virus that will expose ourselves to billions of dollars of liability, but will only shut down some minor piracy for a day or two, until anti-virus software makers have protection for it"

Seems like a pretty good idea to me, actually, especially when you consider how many idiots are on Kazaa. Since the program has no built-in calls to antivirus software, they'll become infected and lose confidence. A smaller percentage of geeks with huge bandwidth, hard drives and the brains to use antivirus software will stay on, but Kazaa will leave a sour taste in Joe Sixpack's mouth and lead him back to the golden path of CD-buying.

Now suppose the advertising "paper trail" that everyone is talking about leads to some random hacker they picked as a scapegoat, and it's unlikely that anyone will suspect they're behind it all. Liability, schmiability.

Okay, time to take the tinfoil hat back off :-)

Re:riaa

[VivianC]

You must be right. The RIAA has no history of messing up peoples computers.

And how do you think all the kazza "pirates" are going to recoup money for not getting the files they were intending to steal?

Re:riaa

[I+Want+GNU!]

Actually, this is EXACTLY the kind of tactics they like to use. Have you seen this article? They tried to get a law passed to hack someone's PC.

Cigarette companies kill millions of their own customers, Enron executives steal everyone's requirement accounts, and mostly these type of companies get off scot free. Not to mention all the investment advice companies with conflicts of interest, telling people to buy then selling after the price goes up, or vice versa.

Of course, with all the lobbyists and lawyers and paper shredders, it's not like anything would come of this.

Re:riaa

[linzeal]

Or to another p2p network with antivirus hooks.

Re:riaa

Ok, how about one or two executives get together and decide to do this. They get some funds (wouldn't need much) and hire a "Mr. Black" to go find a hacker somewhere (probably in another country) to write the virus.
The virus writer knows only "Mr. Black". Mr. Black need not even know who the person who hired him works for.

Re:riaa

[beckett]

meant to be humorous or funny: not serious? waggishness? facetiousness?

Re:riaa

[mmmk]

ROFL... I don't think there will be to much of a loss on the "pirates" side.. It's not like they are selling the stuff.. it's peer to peer file SHARING not peer to peer file selling..

Re:riaa

[hound3000]

"hey guys, I've got a great idea. let's make a virus that will expose ourselves to billions of dollars of liability, but will only shut down some minor piracy for a day or two, until anti-virus software makers have protection for it".

I work for a company that sends me out to people's houses to fix their computers. And this is what I hear...

What, I thought I had an Anti-Virus on there... What do you mean I have to keep it updated? Why is that? Why do people make viruses anyways?

I'm still running into Nimba and SirCam out here.

Re:riaa

[btellier]

Really? I could've sworn that the tobacco industry was forced to pay out billions in damages and Enron is in financial ruin. I believe one of their execs commited suicide as well. Not exactly scot free.

The point is that they tried to PASS A LAW to hack someone's PC. It didn't go through and they didn't hack anyone. They're not going to create a malicious virus that has reprecussions based on legal precedent and risk having to pay out billions in damages just so a few losers get their hard drives filled up.

Take off your tinfoil hat and think.

Re:riaa

[showboat]

"requirement accounts?"

If you knew what was going on, Enron set up false partnerships to hide debt from the company's books. The loss of RETIREment accounts was nearly enevitable, however quasi-legal.

But, these people are all idiots, so who care what some bored it guy in the basement unleashes? The only sufferers will be more idiots, the majority of which run the universe and everything, so total anarchy will erupt.

Isn't that what many of you young tuxters are about? (In the sense that linux is a reaction to windows for many, while it's a legitamate way of life to anybody with a brain -- seek the analogy.)

Re:riaa

[greenrd]

Since the program has no built-in calls to antivirus software

Uh, this lame virus is actually an ordinary exe file. So any decent antivirus program should be able to stop it, given an updated pattern file. No hooks needed into Kazaa, unless it launches exe files in a very weird way.

Re:riaa

[terrymr]

You forget the RIAA lobbying to be released from liability for damage caused (by them deliberately) to people's computer systems when the terrorism bill was passing through congress. Even though their amendment was defeated they said they already had the legal right to do this from other statutes passed by congress.

Re:BBC -- RIAA responsible

[jacoplane]

I don't see the RIAA mentioned at all in that article. Perhaps your link is incorrect?

Cant beat them in court, stamp them out

[nurb432]

Seems pretty clear to me.. Its either the RIAA fighting back the only way they can, or a sympathizer..

Either way same result, people with nothing better to do, then mess with others.

And no i dont want to get into legality discussions.. its just a statment that people should mind their own damned business.

Re:Cant beat them in court, stamp them out

Its either the RIAA fighting back the only way they can, or a sympathizer..

Or is it just some retard trying to get attention ?
To think that all virii makers have an agenda of some sort is really over estimating some of these guys' intellectual abilities.

As it was posted above, why can't they think of something either useful (at least to some persons, like bypassing government-controlled proxies) or that could really be destructive ?

Cons-piracy theory

[Kirby-meister]

A lot of people will probably put this on the RIAA/other copyright crusaders, but I see P2P networks as a huge market for propogating virii and sending people trojans.

Large file-sharing networks like Kazaa have birthmarks in the shapes of bulls-eye's.

Re:Cons-piracy theory

[VisMono]

THE REVENGE OF MORPHUES!!

For fear of stating the obvious...

[Restil]

But if banner ads which will profit the creator of the virus are posted on every single infected computer... how hard would it be really to follow the money to find the author of the worm?

Or was I the first one to read the article? :)

-Restil

Re:For fear of stating the obvious...

[amuro98]

Why does everyone assume that the owner of the website or whoever is getting the money from the advertising is the author?

If the worm opened up Playboy.com, would you be crying for Hugh Hefner to be arrested for writing the worm?

Re:For fear of stating the obvious...

[MattCohn.com]

How many millions of people can post that exact same comment before the mod points shift from informative/insitefull to redundent?

I don't give a sh*t about karma. This is BIG NEWS.

[Artifice_Eternity]

Sorry your story got rejected and you don't get any karma, but please. Enough with the ragging on people because they talk about other stuff besides your pet topic.

This is not the first time I (or people I know) have submitted matters of major general interest that have been ignored. I'm not a biologist or paleontologist, so it's not my "pet topic," but I'm smart enough to recognize that Gould was a genius and a major figure in the history of science.

Apparently you, like the nameless /. editor who rejected the story, are not.

virus?

[bilbobuggins]

it seems to be bringing unsuspecting users machines to a crawl with full hard drives and clogging up the Fasttrack network with massive amounts of traffic

i had this virus once, only i named it 'roommate'.

Re:virus?

[Kynde]

>>it seems to be bringing unsuspecting users machines to a crawl with full hard drives and clogging up the Fasttrack network with massive amounts of traffic

>i had this virus once, only i named it 'roommate'.

My coworker is experiencing similar symptoms on his box. I think he called it XP...

Hmm

[skinfitz]

I remember the topic of Kazaa infection being brought up on Bugtraq Bugtraq months ago.

Yeah...

Intelligent people switched to Kazaa Lite.

Yep, Hit me. Here's what I did.

[sailor420]

Hit me the other day. Just noticed it last night, and I (think) I have it under control.

First, look out for small downloads, specifically anything with names such as "installer" or "downloader." I dont know how I got mine, but my brother's machine got hit after he tried to d/l the newest version of Britannica. Serves him right. When I went to see what he downloaded, I saw that it was a file around 700k.

Yes, it does spread over Kazaa lite.

Once it is installed, it proceeds to fill up your machine with approximately 700k files, usually in windows or winnt/temp/sys32. Thats where all mine were (Im running W2K).

However, dont go crazy yet. I downloaded the newest virus update for NAV (dated 5/17) and ran it. It picked all the downloads right up. Since they were all junk files that it had downloaded, I had it delete them all.

So far, so good. Havent had any recurrence since then (although this was last night, so I dont consider it enough time to truly test). Hopefully it really is this easy to clean up, but Im sure I will quickly find out.

Hope this helps.

Re:Yep, Hit me. Here's what I did.

[stevey]

People who download .exe's from filesharing systems are kinda asking for trouble, aren't they?

Re:Yep, Hit me. Here's what I did.

[chad_r]

Anyone know how this affects Kazaa Lite running under Wine? I have everything but E:/Program Files mounted read-only, so I figure I shouldn't worry too much. But the lights on my DSl router are unusually non-blinking; maybe their network did crash.

free software innovation

[tps12]

bringing unsuspecting users machines to a crawl with full hard drives and clogging up the Fasttrack network with massive amounts of traffic

Sounds like Kazaa has finally caught up with Gnutella. Proof once again of OSS's superiority.

Re:free software innovation

[MoneyT]

And what will you do when the code for the virus is recompiled to run in *NIX? No OS is perfectly secure, the fact that *NIX based OSes and Mac OS was not hit is just an indication of the limited programing skills and/or time of the creator.

Re:free software innovation

[Bryan+Andersen]

And what will you do when the code for the virus is recompiled to run in *NIX? No OS is perfectly secure, the fact that *NIX based OSes and Mac OS was not hit is just an indication of the limited programing skills and/or time of the creator.

Atleast under *NIX one has permitions and optional quotas. Both help greatly in keeping crap from infecting a system or causing DoS situations. As an example I'm running a news retreival program under the account news. If someone managed to exploit it they would only be able to fill up partition /data2. That is because that is the only place that the news user is allowd to create or modify files. I even have news locked out of using the main /tmp directory. If it dosen't need access something I disabled it via access control lists. I also have throttles on the maximum percentage of memory and CPU allowed.

Re:free software innovation

[MoneyT]

Theoreticaly the same could done in a closed source system. While I see your point that there are more blockages to be avoided if you were to create a sucessful *NIX virus, that does not mean that it is any less threatening to a system. Even if it could only fill up /data2, it's still using HD resources, leading to fragmentation, longer seek times and reduced system performance. All in all a nusence rather than a serious problem, but a problem no less.

Re:yeah, it was the RIAA

[rhazes]

bout time i saw shpongle on slashdot....even if it was just a sig.

...hyperlink??

[skinfitz]

...I dont know what happened to the hyperlink there - here is the link in text form:

http://online.securityfocus.com/archive/1/254627 /2 002-05-17/2002-05-23/1

And another try at a hyperlink.

Re:yeah, it was the RIAA

My Linux box seems to be unaffected. Bahahahaha! Off to download some more shitznit.

Virus companies need the virus makers

[bigmouth_strikes]

"This event once again demonstrates the necessity to filter all incoming files for viruses, regardless of how well protected this or any other network is. Before use all data should be run through a mandatory check for virus code using the latest virus database update," commented Denis Zenkin, Kaspersky Labs Head of Corporate Communications.

Gee, I'm so grateful for Kaspersky Labs that they provide this valuable information. They only forgot to add

"If you refer to this article, we'll give you $5 rebate off your next virus update purchase." added Zenkin with a smile.

As much as we need the anti-virus software, the anti-virus companies need the virus makers. Without a worm or a virus that makes CNN headlines every 6 months, people will forget to buy updates, patches etc etc. The public forgets quickly, and will not buy new products from the AV companies if they don't feel a threat.

Sure, the problem is real, but part of me can't shake the feeling that somewhere there is a anti-virus company executive ordering a new plasma HDTV when he sees this news. Or maybe it's just becase X-Files ended yesterday that I'm seeing conspiracies everywhere.

Re:Virus companies need the virus makers

[Triskaidekaphobia]

And Doctor's "need" the influenza virus. Doesn't mean they like it.

Re:Virus companies need the virus makers

Slashdot poster's need to learn the English language.

Re:Virus companies need the virus makers

dermatoglyphics

Re:Virus companies need the virus makers

Clever boy. Have a cookie.

Re:Virus companies need the virus makers

Can't wait to get my hands on a worm I can unleash on spammers.

Re:Virus companies need the virus makers

[zangdesign]

True. But computer viruses don't kill people.

Yet.

STFU troll

no one gives a shit, that's why there is the submit news feature of slashdot, if you want to write an article about it without it being rejected go to kuro5hin.org. until then, get the fuck away you damn dirty troll

Re:yeah, it was the RIAA

[tempest303]

Yeah, I'm grinnin' ear to ear as well. While I don't think it was RIAA that created this, I found this part f*cking brilliant:

Congratulations on your free copy of photoshop (which is alright because you wouldn't have bought it), Windows XP (which is alright, because Microsoft is evil), the new Dave Matthews Band CD (which is alright, because the RIAA is evil), and that DivX of episode 2 (which is alright, because the MPAA is evil).

Couldn't have said it better. *applause*

Re:yeah, it was the RIAA

[tempest303]

grr. my Lameness Engine must be kicking in - i re-re-reread your post, and you obviously don't think that RIAA made the worm either.

happypollylogies all around.

Re:Irony.

[grrlygeeky]

Yeah, because AIDS is a purely homosexual phenomenon. It doesn't spread like wildfire through unsafe heterosexual relations in Africa. It certainly doesn't affect heterosexual drug users, people who have had blood transfusions, ordinary everyday heterosexuals whose mate had an unwise affair. I'm sure a loving god smites innocent people to "cure" the world of men who love other men, while doing nothing to wife batterers, rapists, child molesters, and other creeps. This worm may be a well deserved plague on thieves, but don't compare it to a misbegotten theory that blames a real tragedy, AIDS, on its own innocent victims.

AudioGalaxy

[psycht]

i guess it would be under a similar assumption that this worm could target other sharing software like AudioGalaxy, imesh, limewire, etc..

any word on the truth of this?

Re:AudioGalaxy

are you a fucking idiot, this worm only targets the fasttrack network, so it would only affect kazaa and grokster DUH

audiogalaxy imesh and limewire all have fucking spyware

and most run on the gnutella network

if u want a gnutella client use limewire clean or for the fastrack if u want a virus use kazza lite but u obviously are too stupid to do this

Re:AudioGalaxy

[The_Unforgiven]

it could easily be spread on any p2p network, as I understand it...

The code doesn't seem to be specific to any network, it just started the spread on fasttrack.

Re:AudioGalaxy

[amuro98]

So long as they allow files that can contain executable content (benjamin uses a .scr file, for instance) then, yes.

There's nothing really special here. All they did was take Melissa, modify it a bit, then start sharing files named "naked gurlz.jpg.scr" Someone downloads it, clicks on it, and the rest is history.

Funniest geed joke evar!!

[Thud457]

Why can't nerds tell Halloween from Easter?

Because 31(hex) == 29(oct)!

Re:Funniest geed joke evar!!

You are pretty stupid. The joke is "Why can't nerds tell the difference between Halloween and Christmas?"

Because 31(OCT) == 25 (DEC).

Fucknut. Shazaaaaaam!

Re:Funniest geed joke evar!!

yhbt. hth. hand.

YAAD

Re:yeah, it was the RIAA

[grung0r]

I know the RIAA didn't write it, it was proabably some self-rightous bastard alot like yourself. How can you possibly defend a company that acts the way RIAA members do? Do you think they care about you? You think all these "thives" go away that their gonna lower prices, or create good content? HA! They are using file sharing as an exuse to pass legislation that gives them a future stranglehold on content creation. "oh, you want to distrubute a song you wrote and performed? Not without the RIAA watermark seal of approval!" Stop defending companys whose soul goal is to make your computer into a nutered VCR, incapable of doing anything without the xxAA's express writen consent.

Hard to tell the worm from the software

[BCoates]

Hmm, uses your drive space and bandwidth, pops up ads, modifies your system configuration without your permission...

Looks to me like the only difference between this trojan and the programs it comes in is that one has a EULA.

Time for virus writers to wise up and disclaim liability with an incomprehensible clickthrough like all the other writers of malicious code...

--
Benjamin Coates

Wait a minute ...

[RebelWithoutAClue]

This isnt a worm.

A real worm would do something like pretend to be an update and get the host to download an infected version of the client.

Hmm, sounds Familiar doesn't it ...

It would be way cool if it was the RIAA

Imagine the possibilities...

If I was...

[vidnet]

...an RIAA supporting cynical bastard, I'd say they deserve it.

They deserve it.

Re:Using P2P/End Users....

[MrWinkey]

Yes this is true but ALOT of end users dont know any better or arent smart enough not to or just dont care. I know they always say all the time not to do it but I still have end users trying to open virus e-mails (the virus *.exe is gone) and the dept director downloading mp3's to his machine. He stopped after that article I sent him on the internal mp3 server costing the company tons of monies. Like it matters anyways rebuilding workstations is fun.....

MOD THE PARENT POST UP

[MoneyT]

And then go here to read the story with out signing up:

http://www.majcher.com/nytview.html

That didn't take long

[theCat]

Readers are reminded of this /. discussion of the matter from April 7.

Regarding networks, it should be clear by now that if you build it they will come. Virii, that is. When are people going to figure that one out? Worse, the hosts in this case probably didn't even know they were vulnerable. Another technological trap, sprung. Really makes me look forward to the day when the networks are more homogenious than they already are.

Worm Effects

[OrangeHairMan]

All the worm does (or all that is known) is that it opens the benjamin.xww.de web site to display an advertisement. I would guess (and love ;) that it would do more...although I wonder how much money the writer is making...

Orange

Re:JESUS MADE THE UNIVERSE

[southpolesammy]

Evolution is just more Yankee bullshit. Ever since reconstruction, the Yankees have been destroying the truth.

Yet another reason to hate Steinbrenner....um, uh, oh nevermind...

Social Engineering

[sarcast]

This seems to rely heavily on the user to be able to spread itself around. At first glance when I read the story, it seemed that maybe the virus was just running rampant on the network, but on reading the actual article, I find that someone actually has to run the virus.

Do people not understand that they are downloading files from essentially untrusted sources and should be checking these files anyways? Especially programs.

The social engineering aspect of this virus is what really leads to its spreading, not any inherent flaw in the design of the network. As usual, humans are the weakest link here.

How ironic...

[PsiAngel]

An opt-in virus. Heh.

OT: Linux distros by P2P

[hey]

I did a search for some Linux .iso's and rpm's on Gnutella and didn't find much. When I downloaded them from ftp sites it took days. So I have put a bunch of rpm's and iso's Gnutella. I'll see if there are any hits. This seems like a good (non-illegal) use of P2P.

If only someone would invent the...

GSVirus!

Worm

I used Kazaa once and it stores incoming files as incomplete .dat files until they are finished, as I was dling a song I get hit by Norton antivirus saying that I had a virus in a .dat file that I haven't even finished!

protection is easy...

[sluggie]

Just filter out all files under 1 meg... it worked for me since I guess it only shows up when searching for software...

Re:protection is easy...

[thumbtack]

WHAT? And give up my 56kbps MP3 files? OH MY GOD, this is even worse than I thought!

Congratulations...

Thank you. Photoshop 7 is rather nice, it's been awhile since I d/l'ed 6.01 so the upgrade was welcomed. As you state, I would not have paid that kind of $ for a program I use maybe once a month for 10 minutes.
Listen, I've paid many, many thousands for software over the years, and still do if it's something I need or will enjoy using a lot. But, I don't mind stealing it (I'll admit it's stealing, but I won't admit it's the same as stealing durable goods--then someone else is lacking it) if it is something I would never have paid for.
As for music, I don't mind d/l'ing a couple radio band one-hit-wonders whose album I'd never buy. I buy about 6 new CDs a year, and have about 400 CDs altogether, most of which were overpriced (yes, the music companies were found GUILTY of price-fixing, REMEMBER?). I've also bought about 40 DVDs, and d/l a couple so-so DivX releases a month. Big deal.

bitchslap parent thread!

if ever there were a time for slashdot to bitchslap a thread, it's now

Re:yeah, it was the RIAA

am i the only person on slashdot whose reaction to this a bigass grin?

Congratulations on your free copy of photoshop (which is alright because you wouldn't have bought it), Windows XP (which is alright, because Microsoft is evil), the new Dave Matthews Band CD (which is alright, because the RIAA is evil), and that DivX of episode 2 (which is alright, because the MPAA is evil).

I hope you all enjoy your free gift, and I hope nobody here is so fucking broken as to consider the possibility that the RIAA made this virus seriously.

Funny, my free copies of Gimp, Linux and LaTeX, and my free Peter Welker mp3s didn't come with any of that virus stuff. I guess that's why they say free-ware just doesn't measure up to the commercial stuff.

P.S.: [meta] I'm trolling the folks who extol proprietary software, and assume that all mp3 downloads screw the artist. [/meta]

Re:of all days....doh!

Gee, you think having a back door into a system and remote control over it might make this "worm" easier to spread?

moral/legal high ground?

It's ok for you to take a hard-line approach and say that NO filesharing of copyrighted material is justified. But also consider other laws, unrelated to this.
Do you ever intentionally drive over the speed limit? Come on, be honest. Of course you do. So, you say "well, it's just a *little* bit over the limit", or "only when I'm really in a hurry". Well, per your legal logic, it's still illegal. "Not hurting anyone to drive 56 in a 55mpg zone" you say? Well, maybe you haven't YET, but statistically, if everyone were to speed just a little, think how many more accidents there would be per year. Is even ONE death worth getting there a few minutes sooner? No.
So, unless you don't EVER speed EVEN A LITTLE bit over the limit, don't preach to us about NEVER downloading ANY copyrighted material.
Yes, it's illegal to download Photoshop, but NO, I wouldn't have paid hundreds for it, and I don't require it, I just want to have it.
Think about it.

Re:moral/legal high ground?

I suppose having 100GB of illegal mp3s and Divx is just a little illegal too...

Re:moral/legal high ground?

[Wakko+Warner]

Yes, it's illegal to download Photoshop, but NO, I wouldn't have paid hundreds for it, and I don't require it, I just want to have it.

I don't require a Viper RT/10, but I just want to have one, so I stole mine.

So, unless you don't EVER speed EVEN A LITTLE bit over the limit, don't preach to us about NEVER downloading ANY copyrighted material.

I never do. So, kindly eat a dick.

People who attempt to justify their theft in any way are fucktards.

- A.P.

Re:moral/legal high ground?

[SkyMunky]

Riiiiiiiiight. You never speed. Never have. MmmHmm.
People who lie about breaking the law in any way are fucktards.

As I said, I buy plenty of software. If you could buy your Kia every 5 years and test drive a Viper now and then without diminishing it's value, I don't think you've hurt anyone.

Also, steal viper=someone else loses it; steal photoshop when you would not have bought it=more publicity for photoshop, nobody has lost it.

Please don't download warez. You'll slow MY download.

You cumfelch.

Re:moral/legal high ground?

[Wakko+Warner]

I have never gone above the speed limit in my life -- go suck three cocks.

How is stealing one product different from stealing any other, simply because that product comes on a CD-Rom?

It is deluded thieving slashdroids (with shitty high UIDs) like you that are ruining the Internet. Please eat a bullet.

- A.P.

Re:moral/legal high ground?

If you can't see the difference, you're as much of an idiot as most of your posts indicate.
The difference is (again), steal a car, and now somebody else is missing it. Steal a copy of photoshop, and NOBODY gives a shit. I wasn't buying it, and I'm still not. No delusion. Fact.

High UID? That's the best you can come up with? lol

You're the kind of person that's ruining the internet for those of us who were using it long before the WWW came along and empowered fucks like you to believe that your self-righteous opinion is worth a damn.

Re:moral/legal high ground?

The difference is (again), steal a car, and now somebody else is missing it. Steal a copy of photoshop, and NOBODY gives a shit. I wasn't buying it, and I'm still not. No delusion. Fact.

Try using this argument in a court of law, dickballs.

Re:moral/legal high ground?

[The_Unforgiven]

kind of offtopic, but:

I hear about obscure band.. say "Refused"...

I DL a few mp3's

I go buy CD...

They just made money because I stole the songs....

Now multiply this by how many bands I've found and tried by mp3, multiplied again by how many albums I bought by each...

Damn, they made a lot of cash off my my theft, didn't they?

Re:moral/legal high ground?

[shepd]

>I don't require a Viper RT/10, but I just want to have one, so I stole mine.

Interesting how you confuse piracy with larceny.

When you pirate a movie, or music you deprive no one of that movie or music; whereas when you commit GTA you deprive someone of their vehicle.

Since a replicator is to matter as a CD-Burner is to data, would you still consider it theft if you replicated a Viper RT/10 using your own equipment and materials?

If so I would humbly suggest you are a tiny minority of people, and that's the reason why both the dictionary and the law disagree with you.

My search turns up nothing for "theft", "steal", or "larceny" in the Berne Convention. Methinks you are just plain confused on the issue. Hope this clears it up for you!

>So, kindly eat a dick.

Not that I'd want to; But its pretty hard when its shoved so far up your ass.

>People who attempt to justify their theft in any way are fucktards.

Agreed, to a certain degree (Les Miserables come to mind as a particular exemption). That's why Copyright Violation is a violation of copyright law, not (AFAIK) theft.

Or at least that wasn't the intention of the people who created our modern day copyright system.

Re:moral/legal high ground?

[shepd]

>I have never gone above the speed limit in my life -- go suck three cocks.

Have you ever jaywalked?
Have you ever timeshifted programming (such as NFL broadcasts) that specifically limit your right to do so?
Have you forgotten to count your change and noticed that you're a penny richer at the end of the day?
Have you ever broken something borrowed from a friend and told them you'd lost it?
Have you ever written on your desk at school?
Have you ever paid a bill a day late and not included late fees in the hopes that the company won't notice?
Have you ever been infected by a virus?
Do you drive your bike without a helmet?
Do you walk your dogs without a leash?
If not, have you ever forgotten to poop-n-scoop?
Have you ever scratched a rental DVD or creased a rental tape without telling the manager?
Or, are you Mother Theresa?

Now go rim an asshole. Just cause you don't drive doesn't mean you've never broken the law.

Re:moral/legal high ground?

>Try using this argument in a court of law, dickballs.

Its called selective enforcement and has been used as a successful defence at a number of trials, cuntbreath.

Re:moral/legal high ground?

[Wakko+Warner]

Or, are you Mother Theresa?

Yes. I am without sin, and I am casting stones.

Duck, motherfucker.

- A.P.

Re:moral/legal high ground?

>I am without sin,
>Duck, motherfucker.

It seems you are not without sin.

I've yet to meet a recognized religion that recommends public swearing.

Does yours? What is it?

Of course, you might have no religion, in which case you cannot speak of sin, since an understanding of sin would require an understanding of religion.

Re:yeah, it was the RIAA

Geez man the guy is not defending the RIAA in any way shape or form. He is simply implying that stealing is wrong, no matter if you judge the person evil or not.

No he didn't

[commodoresloat]

Don't you mean Stephen King?

Bad Idea!

Umm I would not trust linux iso/rpms on P2P as much as I trust those copys of XP, any exe file, or any file for that matter. I know you already put trust into sites that offer them, but they are more trust worthy then p2p. Having said that, now the trolls are putting their 0wn3D copys up in hope that someone will actully get a broken linux iso from them.

Re:Bad Idea!

You can get MD5 checksums of the RedHat ISOs from the official site and the ISOs themselves from anywhere.

Re:Using P2P/End Users....

[tswinzig]

Yes this is true but ALOT of end users dont know any better or arent smart enough not to or just dont care.

If you mean "A LOT," you are correct. (I don't know what "ALOT" is, though... is it anything like "ALITTLE?")

I know they always say all the time not to do it but I still have end users trying to open virus e-mails

Then if you maintain that network you need to setup a filter to delete executable attachments from incoming/outgoing email!

No, no, no...

He has to take his hard disk out of his computer...

...and then beat the living shit out of it with a sledgehammer.

Problem solved. Symantec's instructions were very specific about this part - this is a very dangerous virus. IBM has sent a warning out about it today. Kaspersky labs have also found that squirrels in the immediate vicinity of an infected system can suddenly burst into flames. Understandably this has Greenpeace upset. DAMN YOU, SPACEMAN!

Use Seeker!

http://www.skyris.com/alpha.html

no spyware, should scale (in theory) - go prove them wrong!

adserver domain closed

[Alan]

Hehehe, if you hit the page that the virus opens to get the author more page impressions (http://benjamin.xww.de/), you get:

"
Domain aufgrund von massiven Beschwerden gesperrt.
Domain closed due to massive abuse.
"

Now I wonder if it was closed because someone wrote a virus, or because the virus worked so well he went over his bandwidth allocation! :)

Use Seeker!

New p2p network using a new secret architecture they claim will scale. No supernodes - whole new idea. Prove them wrong.

no spyware
no spyware
no spyware

check it out at:
http://www.skyris.com/alpha.html

Re:sabotage.....bad.....

You say hypocrite I say fuckin-monkeys using guns get what they deserve. Now if this was an attack for knives or forks [or spoons or sporks] I would have a different position. Knives/forks for instance have far more legitimate uses than guns.

I mean when is the last time you shot someone with a knife? Or reloaded a fork?

Worm? or Trojan?

[GrenDel+Fuego]

They're calling it a worm, but dosen't a worm need to propogate itself?

This is making itself available for unsuspecting people to help it spread. This seems more like a trojan to me.

Re:I don't give a sh*t about karma. This is BIG NE

Who gives a rats ass, start your OWN news site. Be your own Anonymous Editor and censor what you want, christ.

Use Seeker!

the new Seeker always shows you the filename, never executes anything without the user explicity requesting such an act. No spyware, great new network architecture. Check it out at:

http://www.skyris.com/alpha.html

the next generation of file publishing

Re:BBC -- RIAA responsible

[bricriu]

I never used Kazaa... but I (used to) highly recommend KazaaLite. All of the functionality, none of the spyware. Oh well, back to my from-source LimeWire v1.6b.

Oh NO!

My temp files are full of 1k files!

What will I do?

Oh, they are all cookies, forget it...

Re:Overhyped? -offtopic

[dario_moreno]

about your drug dealer method : I remember
a video game arcade opening next to my school.
Since it was 1994, having not seen this in 10
years, we were very excited and promptly went there. There was a staff of three to five
people, one MK2 machine, two pinballs hardly
playable (one leg shorter than the other)...
and that's all. Last time I drove by : it
was still there, when major arcades (with one
70 years old employee) close their doors long ago.
Obvious money-laundering business to me
(it is very hard to check the actual number
of coins going through the machines).

Same thing for a videoclub next to my university...which lasted about three weeks !
Maybe they were not as careful, or did
not bribe the correct people.

Could someone enlighten me?

[Lazyhound]

In addition to eating up free disk space Benjamin takes additional actions: under the name of the infected computer's owner it opens an anonymous web site from which it displays advertising banners. This way Benjamin's creator profits by the resulting increase in advertising displays.

OK, so how and where does the virus open these websites? And what can an infected user do about them?

Re:Could someone enlighten me?

[Lazyhound]

Never mind, I get it. Oddly enough, I didn't get the error message, or the website pop-up. It must have been my security settings. In hindsight, this would explain why I got an "Allow Script?" dialog when there were no IE windows open...

Kaspersky.com

[mjbou]

I have just been sent an email, I got it in Kmail on linux, - I've been sent a few virus emails lately, so far been imune to email infection by using linux + mozilla for certain attachments, to get all my mail.
this seems to be from comcast.com
jkastrati from Kaspersky with a W32.Elkern removal tool install.exe an odd "Attachment: 2" and a .htm which I opened with konqueror - bullshit USA property so I suspect install.exe is a virus

Kaspersky sell Linux antivirus

I use nabou, and fairly tihgt Mndrake Security, plus Bastille and portsentry - which plays me a few bars of Little Feat when I get scanned or port connection attempt.

Re:yeah, it was the RIAA

If you bothered to actually read his post, you'd see he's not defending the RIAA/MPAA in any way. He's just laughing at all the punks who think it's okay to infringe copyrights because they think that the RIAA/MPAA/MS is "evil".

BTW, copyright infringement was illegal LONG before the DMCA.

Been posted already

http://slashdot.org/articles/02/05/20/2223200.shtm l?tid=134

hmmm

[idontneedanickname]

does this also apply to the kazaaLITE? *quickly shuts down a program*-- it wasn't kazaalite! i swear!!

You are a Troll

indeed, don't take out your angst here.

Re:yeah, it was the RIAA

When unlicensed music is outlawed...

Only outlaws will make unlicensed music!

Guess it's kinda like AIDS . . .

You start screwing around with the wrong stuff and you get a bad bug.

Oh, but I use P2P to help people and share things legally!! Yeah right.

Just desserts for pornos and pirates, I say.

--$0.02

Never dload something executable off of P2P

[groberts65]

I am shocked it's taken someone this long to do this. All it takes it for someone to drop a file called something like CrackedPhotoshop7Installer.exe which removes every file on your hard drive into their Kazaa folder to cause "mass hysteria , dogs and cats sleeping together".

The lesson: never, ever download something executable off of a public P2P network like Kazaa, Gnutella, etc.

Re:Never dload something executable off of P2P

[greenrd]

Or even worse:

Email a random mpeg from your downloads directory to all your addressbook, then corrupt (not delete) all your data files, while alternating between displaying an unclosable window with goatse.cx and a satanic picture with "your computer has been possessed" overlayed on it. And, for the icing on the cake, "upgrade" your BIOS and/or CPU microcode so that your machine is unbootable.

That should have the desired effect quite nicely.

Oops, I'm a terrorist now!

Re:Never dload something executable off of P2P

[kraf]

> The lesson: never, ever download something executable off of a public P2P network like Kazaa, Gnutella, etc.

Don't forget, gnutella runs on non-braindead platforms too.

Re:Never dload something executable off of P2P

[EpsCylonB]

If it really fucked up your computer it would spread very far would it ?.

Re:Never dload something executable off of P2P

Ssh.. this is Slashdot.. don't use your brain.

Warhol Worm

[Frogg]

I'd not read about the Warhol Worm before: that's one hell of a bunch truly evil ideas!!

If I had mod points today, you'd get +1 from me coz that's the most fascinating article on any kind of worm (theoretical or otherwise) that I've ever read (heers for the link!)

..what next? A Lord Vader Worm?

+1 funny

Well I thought it was funny man!

Close Call for Me

[doublem]

Today was the first time in weeks I hadn't left my work computer on overnight downloading the latest and greatest 80's MP3s and Star Trek Enterprise AVIs. Tonight it is powered down. Such timing!

Obligatory Nelson Reference

[lkaos]

* pointing at all the half-wit, Windoze using, Kazaamazoo users

HA HA!

* pointing at script kiddie who was too stupid to put a TTL on his worm and therefore, max'd out the bandwidth on his site (along with drawing a whole bunch of attention to himself)

HA HA!

Yeah he did, bitch!

hahahaha you be wrong, you low user id number nigga.

Gould be DEAD, BITCH!

It looks to be a screensaver script file

Looks like my little brother installed this when he thought he was downloading Star Wars.

It creates dummy files for each search term with a .scr extension.

ex: User searches for "Metallica - Enter Sandman" it creates a ~500KB file called Metallica - Enter Sandman.scr containing the worm

Because of all the searches on the network you can imagine how fast a hard drive can be filled with these dummy files.

Turning off Kazaa will make the worm stop creating the files.

access denied?

[incom]

If the infected files/directories won't delete restart and delete them in safe mode.

Re:doesn't affect the giFT network!

gift.sourceforge.net

Found 'em!

[_ph1ux_]

Pay to the order of : Hilary Rosen.

216 KB?

[kubrick]

Benjamin is written in Borland Delphi and is approximately 216 Kb in size.

Bah, virus writers these days.... in my day that virus would have been written in carefully hand-tooled assembly, it would have been polymorphic and it would have been no larger than 5KB. Uphill both ways, etc. etc..... [mutter grumble grumble]

I just saw that in FUDD when I read it:

[_ph1ux_]

"Some wery scawy weseawch has been aimed at discobewing just how fast a worm could infect the entiwe Intewnet"

Mmmquotas

[Bastian]

I had that problem, too, so I had to give my roommate's account on my computer a disk quota. . .

What I really don't get was the way he would download piles of shit that he didn't even like, like boy bands.

Re:Mmmquotas

[jred]

Maybe he just *pretended* not to like them. Suppose it's possible he lived a hidden life, boybands and all? Hmmm.

:)

Conspiracy theory: morpheus?

[seldolivaw]

Given the dodgy tactics KaZaA used to grab market share from Morpheus (by shutting them out of the network) and how pissed off Morpheus was at them for doing that, I'm surprised no one has fingered them as a possible source of the worm. It's not a destructive worm: it just discourages people from using KaZaA. Now, who would *that* kind of worm benefit?

Re:BBC -- RIAA responsible

If all you do is download .MP3 & .AVI, this "worm" shouldn't bother you at all. I think these two files types are safe so far...

I can't see the connection to the Entainment industry. If any organizations would gain from this would be in the slopware business.

what if some of the Al-Qaida members work for MS?

[porky_pig_jr]

What if some of the Al-Qaida members work for Microsoft. We'll never learn what are the bombs they have planted in the code.

I said this would happen, and it did.

[Animats]

In a previous posting on Slashdot, I predicted that this would happen.

Kazaa, as previously discussed, comes bundled with a piece of adware called "Projector", from Brilliant Digital Entertainment. Projector not only accepts ads from some specified server, it sets up a peer to peer network and passes them to other Projector clients. It can also distribute updates to itself in a peer to peer fashion. That's its normal operation. So as delivered, it's basically a worm, one that installs a backdoor in user's systems and sets up a whole network to exploit that backdoor for commercial purposes.

The idea is that it allows Brilliant Digital, which is a tiny company in L.A. that used to produce hip-hop videos, to distribute vast numbers of ads without having a giant server farm. The Projector steals resources from the client machines to push ads around. It's peer-to-peer spam.

This opens up a huge backdoor into millions of systems. All that's necessary to exploit it is to figure out how to insert new content into the peer to peer system. Worse, because this is a push-type system, an attack can spread very fast. It doesn't require any user intervention. It's an ideal environment for distributing an attack, because it has everything an attacker wants. Built-in!

And now, somebody's used it.

As I said previously, if you have any responsibility for computers that do anything important, get Brilliant's software off them now!

Re:I said this would happen, and it did.

[Animats]

Well, after finding a description of how this attack works, it looks like it's dumber than I thought. Apparently, it just floods the Kazaa system with copies of itself under different names, hoping somebody will run them. If run, it puts itself in the registry to run at every startup.

So it requires manual intervention to propagate, and is thus more like a classic virus.

We may yet see a Brilliant Projector based worm, but this apparently isn't it.

Re:I said this would happen, and it did.

Well, after finding a description of how this attack works, it looks like it's dumber than I thought.

Yeah, well, reading the article is usually recommended before you shoot your mouth off. And now you look stupid.

it might be interesting to know that...

[CAIMLAS]

"Benjamin" is the name of a Biblical character that was part of a large family of 12. He was the only one that stood up for his youngest brother, preventing his other brothers from stoning him to death due to jealousy.

I'm not sure what relation this has to the RIAA and such, but I'm sure you can derive parallels. :)

Oh, and it's my first name. Good choice! :)

Re:it might be interesting to know that...

[cydnub]

Acutally, I believe you are thinking of Reuben who was recorded as sticking up for Joseph (other brothers of Benjamin). Joseph was going to be killed by his other brothers because of Joseph's (later true) dreams of his ruling over them. Benjamin *was* the youngest brother. And there were 12 sons plus 1 daughter!

See Genesis 37 and on...

OK, OT me now!

Re:yeah, it was the RIAA

>Are you shpongled?

Only when I have a divine moment of truth, or an inexpressible fault.

2600

[lemonk]

Anyone else notice the cover of the latest issue of 2600 has a crying Benjamin Franklin bill? :)

The next big thing

[Erik+Fish]

WinMX 3.1 was just released a few days ago and it definitely seems to be everything it was hyped as being and more. It's got the many of the features of eDonkey without the bugs and shitty interface. It's also missing the spyware, ad banners and other crap that seems to plague every other p2p network.

Reading this story was the nail in the coffin for Fastrack, AFAIC. I was going to stick around a while until the new WinMX got it's legs, but forget about that now.

Re:The next big thing

[Cl1mh4224rd]

this problem won't remain exclusive to kazaa/fastrack. in fact, if you're a smart user, you won't have to worry one bit about using kazaa. you're being overly paranoid, methinks.

Hi Jonathan!

[sombragris]

Hi Jonathan, I made this post using lynx.

Anti virus

[skinfitz]

I'm just wondering where they are going to steal anti virus software from.

I'll bet at least some of them try P2P as a source...

Re:Fuck the RIAA

no dude, tuxracer is badass!

Re:Ben Coates

Were you tight end for the New England Patriots?

This is a VIRUS, not a WORM.

[Otto]

It's an executable that the user must RUN to get infected. It then spreads itself via Kazaa and tricking other users into downloading it.

Don't download executables over P2P and you won't get infected. Seems a damn_smart thing to do anyway doesn't it? These people getting hit with it are likely also the same guys who spread e-mail viruses by running attachments. :P

Here's how to fix it

[npsimons]

If so, what did you do to clean up?

I patched this hole on all my boxes a long time ago. It's really easy too. I have to warn you, though, the patch is really quite large. About a CD's worth. There are also different versions depending on what your needs are. Go here to download the fix now. Have fun, and happy computing!

Sounds like a job for Sisyphus

Who is now in charge of fixing all security problems instead of pushing a boulder up a hill. Hey, since when does IBM run humor?

Alternatively ...

[Greedo]

Perhaps the virus writer has a bone to pick with the companies that are being advertised, or the brokers.

Making company X pay however many thousands of dollars in banner views is just as valid a motive as trying to collect that same money yourself ... but much easier to get away with, I suspect.

MOD PARENT SIDEWAYS (+-0)

GET IT?

i dont

Ad-Aware

I know this is yesterdays news, and the rants about Brilliant Digital may appear a little off-topic, but a lot of spyware out there can be deleted using Lavasofts Ad-Aware [http://www.lavasoft.de] (i think). I disabled all the spyware found on my computer and KaZaA still runs (as well as other software such as Audiogalaxy). It is also worth remembering this programs also have hacked versions which do not install spyware in the first place.

The only reason I use KaZaA is to download episodes of Cowboy Bebop, as this hasn't even been released in my country yet!!!! I just finished episode 5, it rocked!

It is also important to note that when using p2p to download executable files a risk is involved. The new system of hashing (pioneered by edonkey2000? and now available somewhere for use in conjuction with KaZaa and other p2p clients) greatly limits the risks involved as every file is given a unique key. So files indexed on [http://www.sharereactor.com] will therefore make your downloadables less risky.

Two words (and explanation)

dry run

Whoever is doing this may well be doing a test run to see how well it works. The next one probably WILL do something really bad.

A dimension too many

[vidnet]

The actual contents of the post was point out that a kill-all solution is applied to a group that some concider to be bad, like christian claims of homosexuality and aids.

Guess I added a dimension too much. I'm sorry.