Slashdot Mirror
Targeted Worm Hits Kazaa's Network
sh0rtie writes: "Kaspersky Labs and the BBC are reporting that the Fasttrack network that Kazaa uses has been hit by its first targeted worm virus dubbed 'Benjamin.' Is this a clever RIAA creation or that of a mischievous virus writer? I guess we will never know, but the result is that it seems to be bringing unsuspecting users machines to a crawl with full hard drives and clogging up the Fasttrack network with massive amounts of traffic bringing more headaches for ISPs and sysadmins worldwide."
Yet another reason not to use them. geez....
Don't anthropomorphize computers, they don't like it.
how big of a surprise is this? The whole idea behind kazaa is that you can get music that you don't own. This reminds me a lot of the warez sites out there. How many of us trust them?
You get what you pay for.
From the article...
In addition to eating up free disk space Benjamin takes additional actions: under the name of the infected computer's owner it opens an anonymous web site from which it displays advertising banners. This way Benjamin's creator profits by the resulting increase in advertising displays.
I might be wrong, but I'd think it'd be quite easy to find where the money from the advertising banners is going to. Quite simple to find the virus writer.
Of course, the recipient of the advertising revenue may not be the virus writer, but it's a good place to start.
Stupid people amuse me.
The way I understand the article, it replicates itself in someone's share directory and waits for other Kaaza users to download it. How is it executed on the remote user's computer then? Do they have to specifically run the virus program, or is there a security hole in the Kaaza client somewhere that automatically executes the virus?
.exe from a P2P network and runs it without at least scanning it, deservers what they get.
I'm assuming users that download this file must specifically execute it. If this is true, then IMHO any person who downloads an unknown
Unix is user friendly, it's just selective about who its friends are.
Is this a clever RIAA creation?
What an incredibly irresponsible statement. Don't go pointing fingers until you have some evidence.
Doesn't necessarily point to the culprit. Just because the webserver is hitting/serving up whatever the ad of the hour is, doesn't mean the person getting the checks is the virus writer. How difficult would it be for instance, for a blackhat to write a virus, have it hit/serve a bazillion ads, but send the money to a certain John Ashcroft, who just happens to live in DC, with a job at the DOJ? Especially given the talents of a true blackhat, this wouldn't be difficult at all. Unfortunately, that's what these posts of "Follow the money trail" are doing... it's entirely possible the writer borked up bigtime, but more likely that someone's being made a stooge, and that the money is just a red herring.
I suspect that one of these choices is incorrect. Correct.
Whenever I think of what could be achieved by a virus using a P2P system, I am all the more astounded by the limited imaginations of these puny 13-year-old hackers.
How about using a million computers working in parallel to break an weak encryption and read some third world govenment's military email?
What about creating a secondary virus that uses known windows vulnerabilities and has a mathematically reasonable replication scheme to install itself on hundreds of millions more computers, and then use that to bring down the entire internet on a given day?
What about turning these people's P2P servers into a humungous free proxy network, defeating internet censorship attempts of evil totalitarian regimes (like China)?
I know the RIAA didn't write it, it was proabably some self-rightous bastard alot like yourself. How can you possibly defend a company that acts the way RIAA members do? Do you think they care about you? You think all these "thives" go away that their gonna lower prices, or create good content? HA! They are using file sharing as an exuse to pass legislation that gives them a future stranglehold on content creation. "oh, you want to distrubute a song you wrote and performed? Not without the RIAA watermark seal of approval!" Stop defending companys whose soul goal is to make your computer into a nutered VCR, incapable of doing anything without the xxAA's express writen consent.
Hmm, uses your drive space and bandwidth, pops up ads, modifies your system configuration without your permission...
Looks to me like the only difference between this trojan and the programs it comes in is that one has a EULA.
Time for virus writers to wise up and disclaim liability with an incomprehensible clickthrough like all the other writers of malicious code...
--
Benjamin Coates
And Doctor's "need" the influenza virus. Doesn't mean they like it.
Just filter out all files under 1 meg... it worked for me since I guess it only shows up when searching for software...
People who download .exe's from filesharing systems are kinda asking for trouble, aren't they?
"Some wery scawy weseawch has been aimed at discobewing just how fast a worm could infect the entiwe Intewnet"
> The lesson: never, ever download something executable off of a public P2P network like Kazaa, Gnutella, etc.
Don't forget, gnutella runs on non-braindead platforms too.