Slashdot Mirror

← Back to Stories (view on slashdot.org)

Earthstation 5 Claimed to be Malware

Posted by michael on from the compiled dept.

Rob from RPI writes "You may remember the announcement about a company, or program, or both called Earthstation 5 who recently 'Declared War' on the MPAA. Well guess what? Turns out that it's got code in it that allows anyone to delete any file on your computer. I suggest that you un-install as soon as possible!"

17 of 548 comments (clear)

  1. Geocites eh? by Anonymous Coward · · Score: 5, Informative


    Because the link is on geocities it's sure to be /.'d in 23 milliseconds. Here is a mirror I put up with the bin and src.
    Don't trust code from sources you don't know. I only provide these for the inevitable geocities /.ing

  2. This is absolutely shocking. by Ygorl · · Score: 5, Funny

    Really, I mean it. From looking at their web site one would have thought they were totally legitimate!

  3. Well yeah.. by Anonymous Coward · · Score: 5, Insightful

    A P2P service that ACTIVELY PROMOTES piracy? It sounded too good to be true, and it was. All of this wonderful information from some schmoe with an email @yahoo.com? This whole deal is shady, no matter how you look at it.

  4. Earth Station 5 - legalese by Stalyx · · Score: 5, Funny

    And in other news when Reuter's contacted Earth Station 5's lead programmer, he had apparently mumbled under his breath.. "its not a bug damnit!, it's a feature"

  5. they'll be more than glad... by fred+ugly · · Score: 5, Interesting

    to hear our comments. http://www.earthstation5.com/contact.html

  6. Unconfirmed, as of yet. by caferace · · Score: 5, Informative
    This came across the FD list yesterday afternoon. Typically, an announcement of this type would elicit a fair amount of discussion. Usually at leat *one* other person would have confirmed it, or at least rebutted the claim.

    As of this writing, I haven't seen a single follow-up post.

    Is it true? I don't know, Is it a hoax? I don't know that either. It has more than a few caveats about using the exploit, that's for sure.

    What I do know is that that Geocities site with the exploit code will disappear bandwidth constrained faster than snot. :)

  7. Indulging in paranoid speculation - tinfoil alert by Badgerman · · Score: 5, Insightful

    Tinfoil hat on . . .

    Let's say ES5 is an MPAA/RIAA front to discredit file sharing and harm filesharers.

    Now, apparently, ES5 is in Palestine.

    What better way to do "double damage" than to not only have a way to attack filesharers, but also to connect it to a location people associate with terrorism?

    OK, tinfoil hat off now.

    --
    "The Sage treasures Unity and measures all things by it" - Lao Tzu
  8. If you use a computer by ruiner13 · · Score: 5, Insightful

    I'm sure everyone has at least seen one article where they tell you to NEVER install software from a company you've either never heard of, or don't trust. At this point, the internet has been around long enough that most people realize this, especially if you have data on your machine that is so important that you can't risk getting a virus or a trojan (such as this, apparently) on it. Live by the internet, die by the internet. Just because someone claims to be against the RIAA doesn't make them your friend. Just because someone is against SCO, doesn't make them about free software rights. There are such things as self-serving deeds, even if they appear to be good gestures to all.

    --

    today is spelling optional day.

  9. Not a buffer overflow? by Durzel · · Score: 5, Insightful

    I'm curious - how can it be determined without the benefit of source code for ES5 that the exploit isn't just a horrendous oversight instead of a malicious pre-meditated function of the software?

    If it is malicious it seems odd that they would make it possible for ANYONE to delete someone elses files through crafted search strings, thus significantly increasing the chance of their nefarious plans being uncovered.

    If it were me, and I was secretly working for the RIAA, I'd just code in a simple client/server protocol that the RIAA could use to delete people's files, entirely seperate from the normal operation of the program itself. This would be much harder to identify as malicious code.

    Sorry, but this just looks to me like a bad "failure to chroot()" bug and not the big conspiracy theory its purported to be...

  10. Anagram conspiracy theory by mblase · · Score: 5, Funny

    Did you know that you can rearrange the letters of "EARTHSTATION FIVE" to spell "RIAA VOTES IN THEFT"?

    They're behind the whole thing, I'm telling you.

    1. Re:Anagram conspiracy theory by bpd1069 · · Score: 5, Funny

      Did you know that you can rearrange the letters of "EARTHSTATION FIVE" to spell "RIAA VOTES IN THEFT"?

      I also found "SEVENTH TIT OF RIAA"

      We all know the RIAA is a bitch, but this just proves it...

      --
      --
  11. Heres the trojan code by ghost1 · · Score: 5, Informative

    Link to Zeropaid discussion with the actual code http://www.zeropaid.com/news/articles/auto/1002200 3i.php

  12. Re:Now tell the bastards what you think! by nucal · · Score: 5, Interesting
    This WHOIS just looks incredibly fake to me ...

    earthstation5.com Back-order this name

    Domain EARTHSTATION5.COM

    Date Registered: 2/26/2002
    Date Modified: 6/13/2002
    Expiry Date: 2005-2-26
    DNS1: ns1.earthstationv.com
    DNS2: ns2.earthstationv.com
    Registrant

    Earthstationv Ltd, A Palestinian Corporation
    Jenin refugee camp #23
    Jenin (PS)
    NONE

    Administrative Contact

    EarthstationV Ltd., A Palestinian Corporation
    Mr Domain Administrator
    Jenin refugee camp #23
    Jenin (PS)
    NONE
    067351065
    67351065
    ras@earthstationv.com
    Technical Contact
    EarthstationV Ltd., A Palestinian Corporation
    Mr Domain Administrator
    Jenin refugee camp #23
    Jenin (PS)
    NONE
    067351065
    67351065
    ras@earthstationv.com
    Registrar: NameScout.com

  13. Re:Good thing it wasn't email by chicoy · · Score: 5, Funny

    If I had received this in my Inbox, I probably would have ignored it. It's interesting that I'm conditioned (brainwashed?) to ignore this stuff when it's in an email, but when I read it on /. I take it seriously.

    you must be new here.

    --
    ~the keyboard is mightier than the pen.
  14. Earthstation 5 is a GODSEND by 0x0d0a · · Score: 5, Funny

    People need to stop trashing Earthstation 5. It's a fantastic program, and does exactly as advertised. Plus, it seems to have built-in compression software -- my free disk space has been steadily increasing ever since I installed it!

    --
    May we never see th
  15. Re:Dateline "Jenin, West Bank?" by LittleGuy · · Score: 5, Funny

    Rest assured, brothers, your files have not been deleted; they have been martyred and are currently being serviced by 72 virgins.

    So, the standard Tech Support staff?

    --
    Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
  16. Re:Now tell the bastards what you think! by Anonymous Coward · · Score: 5, Informative

    The *maintainer* of Earthstation V's domain record is fom Israel. I do not know what this signifies.

    To see this, go here and click on the mnt-by ("maintained by") link.

    person: Moshe Maimone
    address: 63 Saudia Gaon
    Hertzlya, Israel
    phone: +39247585
    nic-hdl: MM9905-RIPE
    mnt-by: SPEEDNET-MNT
    changed: Speednet@email.com 20030508
    source: RIPE

    person: Motti Oran
    address: 25 Hasivin Street
    Petach Tikva, Israel 49170
    phone: +039247585
    fax-no: +039247736
    mnt-by: SPEEDNET-MNT
    notify: speednet@email.com
    e-mail: motti@speed-net.com
    nic-hdl: MO2551-RIPE
    changed: speednet@email.com 20030105
    source: RIPE