Slashdot Mirror
Targeted Worm Hits Kazaa's Network
sh0rtie writes: "Kaspersky Labs and the BBC are reporting that the Fasttrack network that Kazaa uses has been hit by its first targeted worm virus dubbed 'Benjamin.' Is this a clever RIAA creation or that of a mischievous virus writer? I guess we will never know, but the result is that it seems to be bringing unsuspecting users machines to a crawl with full hard drives and clogging up the Fasttrack network with massive amounts of traffic bringing more headaches for ISPs and sysadmins worldwide."
From the article...
In addition to eating up free disk space Benjamin takes additional actions: under the name of the infected computer's owner it opens an anonymous web site from which it displays advertising banners. This way Benjamin's creator profits by the resulting increase in advertising displays.
I might be wrong, but I'd think it'd be quite easy to find where the money from the advertising banners is going to. Quite simple to find the virus writer.
Of course, the recipient of the advertising revenue may not be the virus writer, but it's a good place to start.
Stupid people amuse me.
The way I understand the article, it replicates itself in someone's share directory and waits for other Kaaza users to download it. How is it executed on the remote user's computer then? Do they have to specifically run the virus program, or is there a security hole in the Kaaza client somewhere that automatically executes the virus?
.exe from a P2P network and runs it without at least scanning it, deservers what they get.
I'm assuming users that download this file must specifically execute it. If this is true, then IMHO any person who downloads an unknown
Unix is user friendly, it's just selective about who its friends are.
Doesn't necessarily point to the culprit. Just because the webserver is hitting/serving up whatever the ad of the hour is, doesn't mean the person getting the checks is the virus writer. How difficult would it be for instance, for a blackhat to write a virus, have it hit/serve a bazillion ads, but send the money to a certain John Ashcroft, who just happens to live in DC, with a job at the DOJ? Especially given the talents of a true blackhat, this wouldn't be difficult at all. Unfortunately, that's what these posts of "Follow the money trail" are doing... it's entirely possible the writer borked up bigtime, but more likely that someone's being made a stooge, and that the money is just a red herring.
I suspect that one of these choices is incorrect. Correct.
Whenever I think of what could be achieved by a virus using a P2P system, I am all the more astounded by the limited imaginations of these puny 13-year-old hackers.
How about using a million computers working in parallel to break an weak encryption and read some third world govenment's military email?
What about creating a secondary virus that uses known windows vulnerabilities and has a mathematically reasonable replication scheme to install itself on hundreds of millions more computers, and then use that to bring down the entire internet on a given day?
What about turning these people's P2P servers into a humungous free proxy network, defeating internet censorship attempts of evil totalitarian regimes (like China)?
Hmm, uses your drive space and bandwidth, pops up ads, modifies your system configuration without your permission...
Looks to me like the only difference between this trojan and the programs it comes in is that one has a EULA.
Time for virus writers to wise up and disclaim liability with an incomprehensible clickthrough like all the other writers of malicious code...
--
Benjamin Coates
Just filter out all files under 1 meg... it worked for me since I guess it only shows up when searching for software...
"Some wery scawy weseawch has been aimed at discobewing just how fast a worm could infect the entiwe Intewnet"