Slashdot Mirror

← Back to Stories (view on slashdot.org)

Earthstation 5 Claimed to be Malware

Posted by michael on from the compiled dept.

Rob from RPI writes "You may remember the announcement about a company, or program, or both called Earthstation 5 who recently 'Declared War' on the MPAA. Well guess what? Turns out that it's got code in it that allows anyone to delete any file on your computer. I suggest that you un-install as soon as possible!"

7 of 548 comments (clear)

  1. Good thing it wasn't email by Nick+of+NSTime · · Score: 4, Interesting

    If I had received this in my Inbox, I probably would have ignored it. It's interesting that I'm conditioned (brainwashed?) to ignore this stuff when it's in an email, but when I read it on /. I take it seriously.

  2. they'll be more than glad... by fred+ugly · · Score: 5, Interesting

    to hear our comments. http://www.earthstation5.com/contact.html

  3. Methods known by Doesn't_Comment_Code · · Score: 3, Interesting

    Well, even if these guys are backstabbers (which apparently they are) they've disclosed their methods. And that should allow for a somewhat speedy recoding of a similar program that doesn't include screw_up_my_file(char* filename).

    Seriously, it was good theory, but they didn't have anything earthshattering that couldn't be replicated.

    I'll be watching for anything more that is discovered about motives. This seems to be the most curious and intriguing part of the story.

    --

    Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
  4. IT'S A TRAP! by teamhasnoi · · Score: 4, Interesting
    It sounds interesting - any /.ers try the exploit out yet?

    The first place I heard about E5 was on Slashdot, in a sig - I thought about trying it out, but something didn't seem quite right.

    Too much flash and cash on the website, and sweeping claims that hadn't made it elsewhere turned me off.

    I'm thinking it's the same 'spidey sense' that goes off when I get an email with an evil attachment.

  5. Re:Now tell the bastards what you think! by nucal · · Score: 5, Interesting
    This WHOIS just looks incredibly fake to me ...

    earthstation5.com Back-order this name

    Domain EARTHSTATION5.COM

    Date Registered: 2/26/2002
    Date Modified: 6/13/2002
    Expiry Date: 2005-2-26
    DNS1: ns1.earthstationv.com
    DNS2: ns2.earthstationv.com
    Registrant

    Earthstationv Ltd, A Palestinian Corporation
    Jenin refugee camp #23
    Jenin (PS)
    NONE

    Administrative Contact

    EarthstationV Ltd., A Palestinian Corporation
    Mr Domain Administrator
    Jenin refugee camp #23
    Jenin (PS)
    NONE
    067351065
    67351065
    ras@earthstationv.com
    Technical Contact
    EarthstationV Ltd., A Palestinian Corporation
    Mr Domain Administrator
    Jenin refugee camp #23
    Jenin (PS)
    NONE
    067351065
    67351065
    ras@earthstationv.com
    Registrar: NameScout.com

  6. Re:Not a buffer overflow? by dtrent · · Score: 3, Interesting

    Having worked at a small software company, I'll speculate.

    This could have been added as an "internal" feature and forgotten about it. It could have been added by one un-professional programmer, unbeknownst to the rest of the group. It could be in there on purpose, and the team is naive enough to believe it'll never get abused. It could be in there on purpose because they want it there and they don't care about the ramifications. And finally, it could be there because they have plans to use it some day to cause havoc.

    My bet is the on one of the first two, but I wouldn't rule out any of them.

  7. the internet state in palestine by Anonymous Coward · · Score: 3, Interesting

    hey there,

    im an israeli.
    and to tell you the truth, i was a bit afraid to post any comments last time since i didnt want to get into the heat of the argument.

    i just wanted to reveal some details regarding the state of the internet in palestine in an objective manner since i belive the cassual slashdotter might have percieved it wrongfully.

    palestine is currently in a semi anarchistic state. which means that most of its people do not have an internet connection at their disposal.

    a few years back israel started to provide palestinians with internet services.
    we thought that it would do good to open their minds to other world perspectives and international media. we still have no clue regarding the outcome :)

    afaik isps are very limited in palestine and most internet infrastructure is used for academic and government purposes. all internet traffic from palestine passed through israel, im uncertain whether this is true to this day, you can easilly check it.
    so yes its our fault such things happen and so im terribly sorry that it is being put into bad use.

    i would highly doubt that internet is available at jenin. jenin is a refugee camp in which people are forced to live in sub conditions which means,
    its probably one of the last places to have internet in palestine. therefore, i would presume the whois is fake.

    if a palestinian indeed wrote that software he would either be:
    a. a student in one of the universities.
    b. an arab israeli (the 20% of israeli population that live within us in peace which the media never mentions a thing about).

    also, ras kabir is a fake name. it means
    "big head" which means, the man in charge or someone who likes to take care of business.

    and just to ensure you we were not the ones to write it :)

    the israeli p2p app is a hacked version of kazaa lite ;)
    (which is a hacked version of kazaa located at
    http://www.kazaa.co.il)
    although only a low percentage of israeli p2p users actually use it. and it doesnt encourage piracy like es5.

    thats pretty much it, im sorry if i hurt anyone
    if you have any questions feel free to ask,
    just take into mind that im not into starting any flame wars in the proccess.