Slashdot Mirror
Spyware Floods in Through BitTorrent
solareagle writes "Public peer-to-peer networks have always been associated with adware program distributions, but BitTorrent, the program created by Bram Cohen to offer a new approach to sharing digital files, has managed to avoid the stigma. Not any more, anti-spyware advocates warn. According to Chris Boyd, a renowned security researcher who runs the VitalSecurity.org nonprofit resource center, the warm and fuzzy world of BitTorrent has been invaded by a massive software distribution campaign linked to New York-based adware purveyor Direct Revenue LLC."
Which "sites" does this affect? The article and summary says that its flooding in through "BitTorrent." BT is just a protocol, there are have got to be sites hosting trackers that are providing these malicious files. My question is, who are they?
Of course this won't stop some people from blaming Microsoft somehow.
I wouldn't be surprised if the MPAA and RIAA are their number one financial backers, it was probably even their brainchild in an effort to chase wouldbe wrongdoers from downloading music or movies.
"Simplify, simplify, simplify!" Thoreau
Anyone with half a brain will NOT download a 'video file' that ends in .exe
None of the real proper releases are 'infected'. Only way to get spyware is to be a moron and download some 'hot_paris_hilton_sex_video.exe'.
There is no magic way to 'insert' spyware in bittorrent transfers. Tracker has the hash of the file, you cannot modify it. This is just a marketer seeding crap, hoping that idiots bite. Hook, line, sinker -style.
Another problem for the average windows user.
I hate to point out the obvious, but users that don't pay attention to what they are installing deserve their pop-ups.
or just open the file directly with winrar or winzip bypassing the self extracting EXE all together.
Then the downloader is too moronic to own a computer.
There is plenty of crap being seeded. Being able to tell crap from real, proper releases is not rocket science.
90% you say? How far up your ass did you pull that number from?
Not a Twitter sockpuppet... but I wish I was.
Then that's your own damn fault for not being aware of what you're downloading, same as with any file transfer that has ever existed at any point in history for all time, and at all points in the future.
-Jesse
Nothing says "unprofessional job" like wrinkles in your duct tape.
Not a problem in BT communities requiring registrations.
Not a problem if you're sane either, really.
Beware: In C++, your friends can see your privates!
BitTorrent already hashes the download with SHA1, so unless the Spyware industry has come up with some practical way to generate collisions it's not the pieces that are corrupt. It's the whole torrent.
Bittorrent, like any tool, can be used for both legal and illegal activities. It is my prefered way to get LINUX/BSD distributions, for example. Nothing illegal about that.
"All I want is a warm bed and a kind word and unlimited power." - Ashleigh Brilliant
I don't see how the spyware can be installed automatically. When you download a file, it goes in a directory. Unless you execute the infected file(s), the spyware can't be installed. Of course, I'm assuming here that you're using a "real" BT client that won't execute files for you ;)
Furthermore, it shouldn't be too hard to filter out fakes:
- Using things like MD5 to verify 'real' releases. Maybe even GPG signatures?
- Virus/Spyware tools which can scan your downloads and detect known spyware progies.
Renowned security researchers need to flog this stuff to become renowned outside their own heads?
Perhaps I'm betraying my own ignorance (who, me?), but I've never heard of this guy, I don't particularly respect people who flog their MS MVPness as a qualification, and a quick look on Google shows his general tone to be somewhat...hysterical. The spywares are coming to get us! Run away! Run away!
Am I missing something?
What I say does not represent the views of my employers, my friends, my cats, or myself.
I don't suppose the spyware was being attached to any linux downloads...
If they're including their spyware into pirated software, why doesnt the BSA go after these guys and shut them down? Its seams like they're very low-hanging fruit on the tree of software piracy (since its easier to follow money and corporations than individuals and IP address from foreign countries).
The Doormat
If you're not outraged, then you're not paying attention.
Yeah...but those movie files tend to be .exe files, right? How can you install spyware if you're just playing an avi file? And when you're downloading a bittorrent file you can go into your directory and SEE what files you're getting! I sometimes click on torrent files and yes it might be an .exe even though I was expecting an .avi. but then I just cancel the download and grab something else.
Maybe this will get people who don't really know anything?
I think you meant to write illegal and thieving. Fact it, 90% of BT traffic was copyrighted material that was illegal to distribute.
You mean the about 60gigs of linux install images and live disks for x86 and amd64 I download monthly to keep an always uptodate collection is a unique event occuring only once a month on this planet and only I do it.
Ok, I know, I also get some series episodes from somewhere. Still, you and the like just LLLLove trashing the whole damn city out with the bathing water, not just the poor baby.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
Two points really...
DOS can delete them if you feel like paying for the NTFS dos drivers which support both read and write. (read is free).
This kind of thing really strikes me as a virus and why don't more AV programs stop it?
However, if it is listed as a program adaware cannot remove it will attempt to insert itself as the first program run to clean the system.
Yeah, it's a nightmare that I've dealt with, but why don't more AV companies recognize it as a virus rather then adware.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
--File Transfer Protocol Used to Transfer Files. Story at 11.
Not just that, but 13-26 year olds who have *proven* that they'd rather steal stuff than buy it... but surely they'll want to pay for *your* product, right? Idiots.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
It's not a Windows problem.
First of all, I can't think of anything stopping the same thing from happening with Linux software. Although it's ever elusive, if Linux does eventually become the desktop standard, do you think that average Linux users will conscienciously check every MD5 hash for every binary they download? Probably not. Even if some external means of verification exists that a program is authentic, it adds a layer of complexity to using the system that most average people, given the choice, simply won't use.
Which brings me to my second point, that if you have to blame anything you mentioned, the emphasis should be on the USER, not the operating system. And personally, I don't blame the average user because I think that there's no excuse for computers and software not being easy and intuitive enough for average users to use without having to spend hours and hours learning it. So who does the blame lie with? Primarily, the developers of virii and adware. Secondarily, the developer community (closed AND open source) for not putting enough emphasis on security with ease of use. And the problem with feeling that they "deserve their pop-ups" is that they're not just hurting themselves by throttling their own bandwidth, they are collectively throttling the bandwidth of the entire Internet, and that makes it your and my problem, too.
Third, I am a Windows user for around twelve years, and a damn competent one, if I do say so myself. I have never once been hacked, infected, or adwared (can that be used as a verb?) without it being a deliberate action on my part for academic purposes. If Windows were such an insecure operating system, it seems that no amount of virus and adware protection would prevent me from eventually getting some nasty bug. The fact is that with a few simple actions, Windows is as safe and secure for an average user as any other OS.
In addition to pointing out the obvious (which I'm not criticizing you for, sometimes things need to be said), please do something about it. A nice start might be what I did: Buy a spindle of CD-R's and burn a copy of a FOSS antivirus program, adware detector/remover, Firefox, etc. and start handing it out to your friends and family, and offer to help out in giving their machines a periodic tune-up (or overhaul, as the case may be) to make their lives--and by extension, your life--a little easier and better.
This isn't that difficult people. Let's say you just downloaded PhotoshopCS2.torrent, and you go to the folder and you see what looks like a legit photoshop CD folder structure. One of the following could happen:
1 - Setup.exe is a virus/spyware
2 - Setup.exe is the real setup with a virus/spyware attached to it
3 - Keygen.exe is one of the above.
The Digital Couture Collection
When's the last time you had trouble with Windows spyware creeping in with your BSD torrents? ;p
Some of this blame has to go to MS for making an operating system on which not even the administrator can delete a file. It seems like windows presumes that even it's administrators can't be trusted fully. I know that I have had situations where the OS was so confused it would not let me delete a directory no matter what I did even though it was empty, even after rebooting. One day months later I tried on a whim and it let me delete it. Strange OS windows is.
evil is as evil does
It's part of the nature of the OS. Unix variants allow you to delete a running file. DOS variants never let you delete a running file. Windows uses this to optimize virtual memory. When you run a Windows EXE, the file itself because part of swap memory. The advantage of this over the Unix model is that you don't need set-aside swap space for the executable code itself. When a running executable is swapped out on Linux, you end up with two copies of the executable on the disk. (Or perhaps even more, if it's running more than once.)
The disadvantage is, of course, that if an executable is running, it cannot be deleted because the original on disk area the file is in is in direct use by the running program. This is not only a problem in getting rid of malware. It makes updating running software a nightmare. You can't just copy over the old version like you can on a Unix variant. Ever wonder why so many Windows apps require a reboot after install? This is one reason.
I'm sure it made sense to the Microsoft guys did it this way...it definitely reduces the amount of disk space you need. But I suspect they didn't realize how much of a pain in the ass it would make updating or maintaining Windows would be. And unfortunately, I don't see it changing as it's pretty much intrinsic to the OS.
So anyway, it's not a matter of how much they think the administrator should be trusted. They couldn't just change a "let admininistrator delete running apps" setting somewhere down there. Making that change would require a fundamental overhaul of the virtual memory system.
The cake is a pie
Ya know, I've been running Windows XP for several years now and have yet to come in to an attack by spyware or malware. I just don't touch websites that look bad and I use Firefox. Is it really all that hard to teach people?!