Slashdot Mirror

← Back to Stories (view on slashdot.org)

Earthstation 5 Claimed to be Malware

Posted by michael on from the compiled dept.

Rob from RPI writes "You may remember the announcement about a company, or program, or both called Earthstation 5 who recently 'Declared War' on the MPAA. Well guess what? Turns out that it's got code in it that allows anyone to delete any file on your computer. I suggest that you un-install as soon as possible!"

13 of 548 comments (clear)

  1. Well yeah.. by Anonymous Coward · · Score: 5, Insightful

    A P2P service that ACTIVELY PROMOTES piracy? It sounded too good to be true, and it was. All of this wonderful information from some schmoe with an email @yahoo.com? This whole deal is shady, no matter how you look at it.

  2. Tinfoil alarm! by sebi · · Score: 4, Insightful

    Wouldn't that be just the cleverest act of terrorism you can think of? Bait the "foreign devils" with all you hate about them and then, BAM!, nuke millions of computers in an instant. Takes more preparation to get off the ground than your garden variety virus or worm but the pay-off is much greater, isn't it? And if I was living in Palestine threat of legal action by some American interest group would be the least of my worries.

    --
    Hank! White!
    1. Re:Tinfoil alarm! by cybermace5 · · Score: 4, Insightful

      I realize that perhaps, to many of you, computers and the Internet is Life Itself. However, a massive computer mixup is NOT a disaster on the scale of WTC or some other event causing major casualties.

      I just get annoyed when I hear a computer attack referred to as an effective terrorist strategy. I certainly could survive if my computer didn't turn on today; no terror here, just kind of disappointment. Perhaps something like this could be called a "bummer. oh well" attack.

      --
      ...
    2. Re:Tinfoil alarm! by skarmor · · Score: 3, Insightful

      realize that perhaps, to many of you, computers and the Internet is Life Itself. However, a massive computer mixup is NOT a disaster on the scale of WTC or some other event causing major casualties. I just get annoyed when I hear a computer attack referred to as an effective terrorist strategy. I certainly could survive if my computer didn't turn on today; no terror here, just kind of disappointment. Perhaps something like this could be called a "bummer. oh well" attack.

      Nobody really cares if you can turn your computer on. However, a carefully planned attack on financial institutions/networks, military networks and other government systems could be quite effective. This is why said institutions are fanatical about security (or at least they should be).

  3. Battlestations... by finalnight · · Score: 4, Insightful

    This mofos were the ones behind the summer DoS attacks on all the big BT sites, and now this. Gentlemen, start your cracking...

  4. Indulging in paranoid speculation - tinfoil alert by Badgerman · · Score: 5, Insightful

    Tinfoil hat on . . .

    Let's say ES5 is an MPAA/RIAA front to discredit file sharing and harm filesharers.

    Now, apparently, ES5 is in Palestine.

    What better way to do "double damage" than to not only have a way to attack filesharers, but also to connect it to a location people associate with terrorism?

    OK, tinfoil hat off now.

    --
    "The Sage treasures Unity and measures all things by it" - Lao Tzu
  5. If you use a computer by ruiner13 · · Score: 5, Insightful

    I'm sure everyone has at least seen one article where they tell you to NEVER install software from a company you've either never heard of, or don't trust. At this point, the internet has been around long enough that most people realize this, especially if you have data on your machine that is so important that you can't risk getting a virus or a trojan (such as this, apparently) on it. Live by the internet, die by the internet. Just because someone claims to be against the RIAA doesn't make them your friend. Just because someone is against SCO, doesn't make them about free software rights. There are such things as self-serving deeds, even if they appear to be good gestures to all.

    --

    today is spelling optional day.

  6. Not a buffer overflow? by Durzel · · Score: 5, Insightful

    I'm curious - how can it be determined without the benefit of source code for ES5 that the exploit isn't just a horrendous oversight instead of a malicious pre-meditated function of the software?

    If it is malicious it seems odd that they would make it possible for ANYONE to delete someone elses files through crafted search strings, thus significantly increasing the chance of their nefarious plans being uncovered.

    If it were me, and I was secretly working for the RIAA, I'd just code in a simple client/server protocol that the RIAA could use to delete people's files, entirely seperate from the normal operation of the program itself. This would be much harder to identify as malicious code.

    Sorry, but this just looks to me like a bad "failure to chroot()" bug and not the big conspiracy theory its purported to be...

    1. Re:Not a buffer overflow? by Viol8 · · Score: 4, Insightful

      "I'm curious - how can it be determined without the benefit of source code for ES5 that the exploit isn't just a horrendous oversight instead of a malicious pre-meditated function of the software?"

      Even in assembler its not too hard to see when an operation is a bug resulting from jumping to a bit
      of code when some unexpected events coincide and jumping to the same bit of code when a SPECIFIC packet arrives.

  7. Re:Let's be logical about it by Lochin+Rabbar · · Score: 3, Insightful

    Stealing a book from a library == theft.

    Photocopying the same book ==copyright infringement != theft.

    Burning the book == damage.

    See how simple logic is when you're not trolling

  8. I was suspicious by techsoldaten · · Score: 3, Insightful

    I was suspicious of this project from the beginning. The way they market their product, promising immediate access to copyrighted items, was just too rosy and would leave any company wide open for litigation. This passage in the announcement pretty much sums up my take on the whole affair:

    "The question then is 'why did they do it?' I'm sure they won't tell us, but here's a theory: They could be working for the RIAA, MPAA, or a similar organization. Once they have enough users on their ES5 network, they would start deleting all copyrighted files they own which their users are sharing. The users wouldn't know what hit them."

    Can anyone come up with a plausible scenario where a P2P company would release software that destroys a computer, if it is not connected somehow to these groups?

  9. Called it. by 72beetle · · Score: 3, Insightful

    Told ya.

    -72

    --
    -Those who dance are considered insane by those who can't hear the music.
  10. Re:A bit tired of this argument... by pirhana · · Score: 3, Insightful

    Let me clarify my point. Have you ever heard of any back doors in any open source software ? very less(if at all any). Now, have you heard of any back doors in commercial softwares ? Many. Just compare the P2P applications itself. Many of the closed source ones were alleged to have spywayre, backdoors etc(Kazaa and now this one for example). Was there a single case of such incident in open source alternatives ? I dont think so. So my point is that, the chance to find a back door in an open source software is close to zero. But thats not the case in closed source ones. Untill and unless proven otherwise by incidents, this argument will remain valid. I will not say that open source software is panacea or anything like that . But they are inherently more OPEN and transparant. In closed source software , you are trusting a SINGLE company which is not a good idea IMHO.

    --
    http://www.nasirudheen.blogspot/