Earthstation 5 Claimed to be Malware

Rob from RPI writes "You may remember the announcement about a company, or program, or both called Earthstation 5 who recently 'Declared War' on the MPAA. Well guess what? Turns out that it's got code in it that allows anyone to delete any file on your computer. I suggest that you un-install as soon as possible!"

Geocites eh?

Because the link is on geocities it's sure to be /.'d in 23 milliseconds. Here is a mirror I put up with the bin and src.
Don't trust code from sources you don't know. I only provide these for the inevitable geocities /.ing

This is absolutely shocking.

[Ygorl]

Really, I mean it. From looking at their web site one would have thought they were totally legitimate!

Well yeah..

A P2P service that ACTIVELY PROMOTES piracy? It sounded too good to be true, and it was. All of this wonderful information from some schmoe with an email @yahoo.com? This whole deal is shady, no matter how you look at it.

Earth Station 5 - legalese

[Stalyx]

And in other news when Reuter's contacted Earth Station 5's lead programmer, he had apparently mumbled under his breath.. "its not a bug damnit!, it's a feature"

Tinfoil alarm!

[sebi]

Wouldn't that be just the cleverest act of terrorism you can think of? Bait the "foreign devils" with all you hate about them and then, BAM!, nuke millions of computers in an instant. Takes more preparation to get off the ground than your garden variety virus or worm but the pay-off is much greater, isn't it? And if I was living in Palestine threat of legal action by some American interest group would be the least of my worries.

Re:Tinfoil alarm!

[cybermace5]

I realize that perhaps, to many of you, computers and the Internet is Life Itself. However, a massive computer mixup is NOT a disaster on the scale of WTC or some other event causing major casualties.

I just get annoyed when I hear a computer attack referred to as an effective terrorist strategy. I certainly could survive if my computer didn't turn on today; no terror here, just kind of disappointment. Perhaps something like this could be called a "bummer. oh well" attack.

Re:Tinfoil alarm!

[LizardKing]

Please check your history before you post. The Palestinians did not come into existence until 16 years after the British handed over 1/3 of what the UN resolution required to form present-day Israel.

That's either amazing ignorance you've got there, or just the most blatant bit of lying I've seen on Slashdot for days. The "protectorate" of Palestine existed between the two world wars, and was effectively a colony of the British Empire. Jewish immigration increased dramatically during this period, a result of increased interest in Zionism, itself largely a result of anti-Jewish activity in Europe.

Palestine may not have been an independent nation state, but the Palestinian people had existed as a distinct race since biblical times when the Semitic tribes split along religious grounds. Remember that Jews and Palestinians are both Semitic races.

Israel was created following the even bigger influx of Jewsih refugees after the Second World War. Many of these refugees brought bitter memories of the concenration camps with them, and a willingness to use force to gain a nation state. The British were unable to control the situation, having been effectively bankrupted by the war, and eventually pulled out after increased bombings of their official buildings, etc. The result was bloodshed, as the Jewish militias ehnically cleansed large parts of Palestine. Pretty ironic considering the background to the Jewish desire for a nation state.

Chris

Good thing it wasn't email

[Nick+of+NSTime]

If I had received this in my Inbox, I probably would have ignored it. It's interesting that I'm conditioned (brainwashed?) to ignore this stuff when it's in an email, but when I read it on /. I take it seriously.

Re:Good thing it wasn't email

[chicoy]

If I had received this in my Inbox, I probably would have ignored it. It's interesting that I'm conditioned (brainwashed?) to ignore this stuff when it's in an email, but when I read it on /. I take it seriously.

you must be new here.

Not surprising

[skryche]

What about the terrible GUI? That's the real crime here!

they'll be more than glad...

[fred+ugly]

to hear our comments. http://www.earthstation5.com/contact.html

Battlestations...

[finalnight]

This mofos were the ones behind the summer DoS attacks on all the big BT sites, and now this. Gentlemen, start your cracking...

Unconfirmed, as of yet.

[caferace]

This came across the FD list yesterday afternoon. Typically, an announcement of this type would elicit a fair amount of discussion. Usually at leat *one* other person would have confirmed it, or at least rebutted the claim.

As of this writing, I haven't seen a single follow-up post.

Is it true? I don't know, Is it a hoax? I don't know that either. It has more than a few caveats about using the exploit, that's for sure.

What I do know is that that Geocities site with the exploit code will disappear bandwidth constrained faster than snot. :)

Earthstation 5 sounds like...

[vudufixit]

A bad UPN science fiction series.

Indulging in paranoid speculation - tinfoil alert

[Badgerman]

Tinfoil hat on . . .

Let's say ES5 is an MPAA/RIAA front to discredit file sharing and harm filesharers.

Now, apparently, ES5 is in Palestine.

What better way to do "double damage" than to not only have a way to attack filesharers, but also to connect it to a location people associate with terrorism?

OK, tinfoil hat off now.

If you use a computer

[ruiner13]

I'm sure everyone has at least seen one article where they tell you to NEVER install software from a company you've either never heard of, or don't trust. At this point, the internet has been around long enough that most people realize this, especially if you have data on your machine that is so important that you can't risk getting a virus or a trojan (such as this, apparently) on it. Live by the internet, die by the internet. Just because someone claims to be against the RIAA doesn't make them your friend. Just because someone is against SCO, doesn't make them about free software rights. There are such things as self-serving deeds, even if they appear to be good gestures to all.

Dateline "Jenin, West Bank?"

Rest assured, brothers, your files have not been deleted; they have been martyred and are currently being serviced by 72 virgins.

Re:Dateline "Jenin, West Bank?"

[LittleGuy]

Rest assured, brothers, your files have not been deleted; they have been martyred and are currently being serviced by 72 virgins.

So, the standard Tech Support staff?

Not a buffer overflow?

[Durzel]

I'm curious - how can it be determined without the benefit of source code for ES5 that the exploit isn't just a horrendous oversight instead of a malicious pre-meditated function of the software?

If it is malicious it seems odd that they would make it possible for ANYONE to delete someone elses files through crafted search strings, thus significantly increasing the chance of their nefarious plans being uncovered.

If it were me, and I was secretly working for the RIAA, I'd just code in a simple client/server protocol that the RIAA could use to delete people's files, entirely seperate from the normal operation of the program itself. This would be much harder to identify as malicious code.

Sorry, but this just looks to me like a bad "failure to chroot()" bug and not the big conspiracy theory its purported to be...

Re:Not a buffer overflow?

[Viol8]

"I'm curious - how can it be determined without the benefit of source code for ES5 that the exploit isn't just a horrendous oversight instead of a malicious pre-meditated function of the software?"

Even in assembler its not too hard to see when an operation is a bug resulting from jumping to a bit
of code when some unexpected events coincide and jumping to the same bit of code when a SPECIFIC packet arrives.

IT'S A TRAP!

[teamhasnoi]

It sounds interesting - any /.ers try the exploit out yet?

The first place I heard about E5 was on Slashdot, in a sig - I thought about trying it out, but something didn't seem quite right.

Too much flash and cash on the website, and sweeping claims that hadn't made it elsewhere turned me off.

I'm thinking it's the same 'spidey sense' that goes off when I get an email with an evil attachment.

Verify the presence of malware

[Bingo+Foo]

$ grep "rm" ~/W4R3Z/es5
Binary file ~/W4R3Z/es5 matches
$

Anagram conspiracy theory

[mblase]

Did you know that you can rearrange the letters of "EARTHSTATION FIVE" to spell "RIAA VOTES IN THEFT"?

They're behind the whole thing, I'm telling you.

Re:Anagram conspiracy theory

[bpd1069]

Did you know that you can rearrange the letters of "EARTHSTATION FIVE" to spell "RIAA VOTES IN THEFT"?


I also found "SEVENTH TIT OF RIAA"

We all know the RIAA is a bitch, but this just proves it...

Heres the trojan code

[ghost1]

Link to Zeropaid discussion with the actual code http://www.zeropaid.com/news/articles/auto/1002200 3i.php

Re:Now tell the bastards what you think!

[nucal]

This WHOIS just looks incredibly fake to me ...

earthstation5.com Back-order this name

Domain EARTHSTATION5.COM

Date Registered: 2/26/2002
Date Modified: 6/13/2002
Expiry Date: 2005-2-26
DNS1: ns1.earthstationv.com
DNS2: ns2.earthstationv.com
Registrant

Earthstationv Ltd, A Palestinian Corporation
Jenin refugee camp #23
Jenin (PS)
NONE

Administrative Contact

EarthstationV Ltd., A Palestinian Corporation
Mr Domain Administrator
Jenin refugee camp #23
Jenin (PS)
NONE
067351065
67351065
ras@earthstationv.com
Technical Contact
EarthstationV Ltd., A Palestinian Corporation
Mr Domain Administrator
Jenin refugee camp #23
Jenin (PS)
NONE
067351065
67351065
ras@earthstationv.com
Registrar: NameScout.com

Earthstation 5 is a GODSEND

[0x0d0a]

People need to stop trashing Earthstation 5. It's a fantastic program, and does exactly as advertised. Plus, it seems to have built-in compression software -- my free disk space has been steadily increasing ever since I installed it!

Re:Now tell the bastards what you think!

The *maintainer* of Earthstation V's domain record is fom Israel. I do not know what this signifies.

To see this, go here and click on the mnt-by ("maintained by") link.

person: Moshe Maimone
address: 63 Saudia Gaon
Hertzlya, Israel
phone: +39247585
nic-hdl: MM9905-RIPE
mnt-by: SPEEDNET-MNT
changed: Speednet@email.com 20030508
source: RIPE

person: Motti Oran
address: 25 Hasivin Street
Petach Tikva, Israel 49170
phone: +039247585
fax-no: +039247736
mnt-by: SPEEDNET-MNT
notify: speednet@email.com
e-mail: motti@speed-net.com
nic-hdl: MO2551-RIPE
changed: speednet@email.com 20030105
source: RIPE

Oh God not again...

[Theatetus]

Can someone please please PLEASE write a filter that excludes threads that mention the words "Israel" or "Palestine" more than once each?

Here, guys, stop arguing. I'll make all of your arguments for you:

Pro-Palestinian guy: Israel is guilty of $ATROCITY1, $ATROCITY2, and $ATROCITY3

Pro-Israel guy: Surely you're not comparing things like $ATROCITY2 to $ATROCITY4, $ATROCITY5, and $ATROCITY6, which were committed by Palestinians

Pro-Palestinian guy: Oh come on! $ATROCITY6 wasn't nearly as bad as $ATROCITY3! Besides, they only did it because of $ATROCITY3! If Israel had never committed $ATROCITY3 then the Palestinians wouldn't have had to have committed $ATROCITY6!

Pro-Israel guy: but the Israels only committed $ATROCITY3 as a defensive measure because the Palestinians committed $ATROCITY7!

This will continue for about 20 or so posts as both sides try to justify violence because of things that happened 30, 60, 100, or 5000 years ago; apparently in the middle east the moral high ground of a situation is inherited from your parents. I've really never understood that.

Anyways, I've now said EVERY SINGLE THING every partisan in this argument has ever said and will ever say, so you can all just STFU.

RIAA/MPAA "honeypot"

[raresilk]

When Slashdot initially ran the Earthstation V article, I posted a warning that this looked an awful lot like an RIAA/MPAA "honeypot" to me. Everybody ignored me, because they were too busy giving high-fives to Earthstation for bravely taking on the RIAA, etc. Now we learn that Earthstation has exactly the "feature" the Content Mafia would put in a honeypot - the ability to delete content off of your machine. I guess all of us (or at least some of us) are as gullible as the Content Mafia think we are.