Trojan Deletes Your Porn, Music & Warez

E. Vigilant writes "The new Trojan/Erazor-A has an interesting twist. In addition to deleting or disabling various security products and competing malware, it deletes any porn, warez and music in your P2P directories. While some opine that this trojan might have good intentions, remarkably few things infect the text files this trojan also deletes. No one yet knows who wrote this or why."

Altruism? I have my doubts...

[TripMaster+Monkey]

From TFA:

The assumption is that because the Trojan is only deleting certain file types in specific download directories used by P2P programs -- one of the main sources of inadvertent malware infection -- it is attempting to protect those it manages to infect.

Well, that's a remarkably stupid assumption.

What's more likely?

1. The Trojan was designed to protect users from malware by deleting contents of P2P directories,
     - or -
   
2. The Trojan was designed to strike a blow against P2P file sharers deleting contents of P2P directories.
   

Let's analyze who benefits from each scenario:

1. No one benefits, since the 'benefits' of having files that might be infected with malware deleted is more than offset by the security problems introduced by the deactivation of antivirus software, as well as the inadvertent deletion of many innocent files. Also, the Trojan writer, (in this scenario, a "Robin Hood" type character), receives no benefit other than a warm fuzzy feeling.
   
   
2. RIAA, MPAA, and various software companies all realize tangible financial benefits as illegal file sharing is dealt a serious blow. Also, the Trojan writer, (in this scenario, a mercenary for hire) takes home a nice fat paycheck for a job well done.
   

I pick avarice over sloppily executed altruism any day. I find it intriguing that this alternate explanation apparently didn't even occur to PC World.

Slashspin

[eldavojohn]

First off, this article is pure bullshit spin. They mention several points about a virus and the whole time they attempt to spin it the reader as a "good intentions" virus--even comparing it to Charles Bronson. The Slashdot title reads "Trojan Deletes Your Porn, Music & Warez" but it doesnt, if you RTFA:

The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations.

Gosh, I have plenty of MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files ... that aren't porn, illegal music & warez.

What they fail to mention is that people who use P2P networks often want those files that they've collected. So this virus is destroying something they want.

I mean, who installs eMule or Bit Torrent and then wishes that one day someone would come and save them from the files they've downloaded? The very idea is ludicrous.

I use Bit Torrent. If a virus were to come and delete everything I've gotten from it (trailors, WoW patches, an odd assortment of legal videos and mp3s, etc), I don't know about you, but I would be right pissed. This isn't protection and it doesn't seem to discriminate from virile files and good files so it's pure and utter destruction.

The only thing "beneficial" is seen from the eyes of the RIAA or MPAA.

"I don't think this was written with good intentions because it attempts to turn off security," said Cluley. There would be nothing more dangerous than for people to become accustomed to the idea of "beneficial malware" because that might create a false sense of security.

You "don't think" this was written with good intentions? A virus comes onto your machine, disables security & starts to delete files in directories with a certain naming convention. What more to do you need to say, "holy hell, I've got a freaking virus!"?

Re:Slashspin

[nub!s]

Gosh, I have plenty of MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files ... that aren't porn, illegal music & warez.
Me too, I have plenty of those in MY SHARED FOLDER.
I have a few pornographic ripped songs, tho. :P


----nubis :)

Re:Slashspin

[Gumph]

Gosh, I have plenty of MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files ... that aren't porn, illegal music & warez.

Excuse me Sir, we've had some complaints from the other clientele, could you hand in your /. ID on your way out.

Re:Slashspin

[dyslexicbunny]

The only thing "beneficial" is seen from the eyes of the RIAA or MPAA.

Perhaps. They would gain a lot from this but it is likely that it would only be short term. Such files can be replaced and those that got hit will probably take some more procautions than they did before.

If either organization wants to make a serious impact on file sharing/piracy, they should just drop the prices on all of they merchandise. People aren't as stupid as they once were (perhaps debateable though) and considering that it is common knowledge that making CDs or DVDs is not an overly expensive process, there just isn't serious reason to spend the money.

There are many solutions around this, some more feasible than others (many I've seen proposed here). Drop prices to help mitigate piracy and sharing. Cut into their profits and give more back to the actual artists. Just a couple of examples but none will be taken seriously since there is no competition for these organizations.

Beyond what the trojan actually does (which is serious), I say there's nothing to see here. Just the current "Oh noes!!!" virus that everyone is concerned about. Once protections have gone out, it's dust in the wind.

Re:Slashspin

[Zemran]

I would get pretty pissed off if someone deleted my porn :(( there is nothing illegal about porn unless you are underage, the girl is underage or it is extreme. I can imagine that next time my wife says let's watch a video first and I say 'O my god, the virus ate it!!!' I will not be happy :((

Re:Slashspin

[Fallen+Seraph]

I don't post on /. often but the end of this article forced my hand.

Or is Trojan/Erazer-A the ultimate social engineering Trojan, one which fools people into accepting its beneficial promise, only to cause major problems when in its next incarnation as Trojan/Erazer-B or C?

WTF?
"Accepting it's beneficial promise"? Are there poeple out there with Kazaa or Limewire downloading gigabyte upon gigabyte of porn, illegal music, and movies unwillingly? Are they too illiterate to use the delete key? Do they have some weird sleep disorder where they unwittingly download?

Last I checked, illegal or not, it's something people WANT. Is PC World trying to imply there's some fuckwit thinking "Oh wow! This virus deletes everything I download! This is great! I'm keeping this!" This virus isn't Charles Bronson "taking the law into its own hands." This virus is Jason Vorhees intruding upon a couple making out in their car.

The assumption is that because the Trojan is only deleting certain file types in specific download directories used by P2P programs -- one of the main sources of inadvertent malware infection -- it is attempting to protect those it manages to infect.

Have the writers of PC World ever even USED a computer? Because last I checked, disabling my antivirus software DOES NOT protect me. That's like someone telling you not to have sex and punching holes in your condoms.

Re:Slashspin

What if the boy is underage? SEXIST!

Re:Slashspin

[Arker]

...it doesn't seem to discriminate from virile files and good files...

Bloody radical feminists these days... *grumblegrumble*

For anyone that still doesn't get it.

Re:Slashspin

virile files

Don't you mean "viriile files"?

Re:Slashspin

[svkal]

My guess is that the whole article was somehow extrapolated from the comment about the virus "taking the law into its own hands"(made by an employee of Sophos) by an article writer who was totally unfamiliar with the subject matter and misunderstood the comment completely, but nonetheless wanted to use it because it was dramatically well-worded. The commenter probably meant that the virus took copyright law into its own hands, specifically targeting files that are very likely to be either illicitly copied or available for illicit downloading by other parties, not that the virus was in any way beneficial to users infected by it.

The article as it stands, however, is definitely utterly nonsensical.

Re:Slashspin

[Arker]

No, he means viral files.

Re:Slashspin

Your no fun.

Re:Slashspin

[mkiwi]

What if you are in the porn industry and this "trojan" "wipes" all your files off your servers? That is potentially destroying someone's business.

There will be hell to pay if that happens.

Re:Slashspin

Do you realize that only a complete retard would use Windows, right?

This just didi it !

You can not touch my porn ! You slimey insensitive bastards !

the first 'christian' virus?

[humuhumunukunukuapu']

is this the first shot on a new frontier in the war for morality?

Re:the first 'christian' virus?

I don't believe it.

Re:the first 'christian' virus?

[Ohreally_factor]

Why the Christians, necessarily? A more likely culprit would be PETA, trying the protect all those cute fluffy kittens from the hand of a wrathful God.

Re:the first 'christian' virus?

A Christian virus? That wouldn't make sense. Christians are not supposed to judge non-Christians:

"It isn't my responsibility to judge outsiders, but it certainly is your job to judge those inside the church who are sinning in these ways." - 1 Corinthians 5:12

Is this virus only deleting files from computers used by Christians?

Maybe a first 'pseudo-christian' virus...

Re:the first 'christian' virus?

[XorNand]

It's more likely that the person who wrote the worm simply wanted to destory valuable files. To some people Excel spreadsheets and Powerpoint presentations are very important. To another subset of people, MP3s and videos are important. Worms and viruses have targeted the former for many years. The altrustic spin on this piece of "news" is nothing but a PR mindtrick. A special thanks goes to you for injecting unfounded religious speculation into this mess.

Re:the first 'christian' virus?

[Instine]

Hmmm. What would Jesus hack?

Re:the first 'christian' virus?

[mkw87]

mod parent up!

Re:the first 'christian' virus?

My bible doesn't say anything about downloading MP3s, particularly legal files.

The Bible specifically says NOT to do what this virus does.

Re:the first 'christian' virus?

[LordKazan]

Never underestimate the arrogance of a religious individual who has no conception that their way isn't the only way, and is 100% beyond a doubt convinced of their own correctness without a shred of evidence.

My own mother makes snide ethnocentric remarks about my brother's soon-to-be-born daughter's non-christian name "it can be turned into a christian name" (behind his back of course) and she's a fairly liberal christian.

For Reference: My brother and I are atheists, my fiancee is an atheist, and my brother's wife is a neopagan.

Re:the first 'christian' virus?

[Salty+Moran]

I wasn't aware that once you called yourself a Christiwan you were mystically and unescapably bound to the word of the Bible and couldn't act in any way that is proscribed by it.

That must cause some interesting behavioral and mental problems when it comes to trying to unconditionally resolve contradictory passages on a single subject.

Or were you unaware that a very large number of religious individuals have a very common tendency to disregard inconvenient rules and guidelines in their belief systems when they personally or ideologically benefit from doing so?

Re:the first 'christian' virus?

[ketamine-bp]

then there are amazingly many pseudochristians in the US of A challanging the first amendment rights. I thought that they are real christians. oops.

Judge not, for ye be not judged.

Re:the first 'christian' virus?

[Shrug]

Or maybe it's the first substantial assault by the Taliban's computer terrorism division. After all, they banned music, images, and video of *any* kind, regardless of the morality of downloading.

Quick, bump up the funding for the Dept. of Homeland Security! Oh, and in the interests of "national security", monitor all communications regarding this trojan! And, and, intercept all P2P network traffic, and subpoena Google! Close the 3-ring circus and the petting zoo!! Prepare to go to ludicrous intelligence-gathering speed!!!

And, while you're at it, uh, catalogue and archive all the porn sites to preserve them for posterity, just in case "they" unleash more of their weapons of mass deletion.

Re:the first 'christian' virus?

[tehcyder]

To some people Excel spreadsheets and Powerpoint presentations are very important.

I don't think you're allowed to say that on slashdot are you?

Re:the first 'christian' virus?

[Ohreally_factor]

Probably some version of JesOS. Most likely Jes OS X.

Re:the first 'christian' virus?

[autOmato]

mod parent up!

Done. Now what?

Re:the first 'christian' virus?

[mkw87]

1. Mod Parent Up 2. ?? 3. Bash MS 4. Praise Google for an hour 5. Profit

Re:the first 'christian' virus?

[Kadin2048]

Actually this theory sounds more plausible to me than anything else so far (except perhaps the simplest explanation -- that somebody just wanted to be a dick, and decided that people's porn collections are their greatest assets). Suppose you were an up-and-coming black hat virus writer. Suppose you wanted to show off your 1337 skillz; writing a virus that deleted particular types of files from particular locations, that's a marketable skill. Think of what you could do if you could deliver it to particular corporate computers: have it wipe all the Excel files from My Documents, or something.

But assuming you didn't have a buyer for said virus, you wouldn't want to just release it anyway, but you might want to get yourself some PR. So you have it delete some stuff that most people aren't going to complain too loudly about losing, and which really isn't going to hit the radar screens of a lot of corporate MIS types. That way you still have the benefit of surprise (and perserve the market value of) your eventual virus release, but you might get more recognition for it.

Anyway, it's pure conjecture on my part (as is most of this whole discussion) but I thought it was one theory.

People are treating this virus as something that's motivated by a desire to delete people's porn and MP3s, but should realize that ".jpg" and ".mp3" are arbitrarily-chosen extensions. A future virus could just as easily be set to delete ".xls" and ".doc".

Re:the first 'christian' virus?

[nonlnear]

You mean this virus is going to heaven?

Re:the first 'christian' virus?

Only if there was a mythical Jesus virus that died for its sins. The regular Jesus is said to have died for us people, not for viruses!

Re:the first 'christian' virus?

[LordSnooty]

Yeah, we have this kind of guy as bosses...

Re:the first 'christian' virus?

[Instine]

Done. Now what?

No you didn't! I remain un modded-upped. :( Pah! If you were God fearing you'd have modded me good'n propper. As it is I must smite thee with my rightous worm of truth. Actually that sounds gay, scrap that.

Re:the first 'christian' virus?

[typical]

A Christian virus? That wouldn't make sense. Christians are not supposed to judge non-Christians:

There are damned few Christians in the United States, by that standard. If any.

Re:the first 'christian' virus?

[Schraegstrichpunkt]

Jes OS X is for pansies.

Real Christians use Jesux.

Finally!

[Whiney+Mac+Fanboy]

*Applauds*

Finally a threat that will make the average joe start to take computer security seriously! I look forward to a safe internet for everyone (I mean as soon as a few botnet node owner's loose their porn, peole will actually clean up their boxes!)

On a more serious note, quoting the pcworld article:

The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations.

The assumption is that because the Trojan is only deleting certain file types in specific download directories used by P2P programs -- one of the main sources of inadvertent malware infection -- it is attempting to protect those it manages to infect. [emph mine]

WTF? How could anyone think that it's to attempt to protect users when it doesn't delete executables from p2p folders? (for an interesting overview of real "white hat worms" see this vnunet article and the slashdot discussion on the blaster removal worm)

This worm is clearly to scare people away from p2p - not protect them from other p2p malware.

What's the bet that one of the companies that make oodles of money from content are behind this?

Re:Finally!

[hal2814]

"Finally a threat that will make the average joe start to take computer security seriously!" Until a computer virus or trojan can come into your house, shave your eyebrows off while you're asleep, drink all your beer, and leave you with no toilet paper, the average joe will never take computer security seriously.

Re:Finally!

[pvt_medic]

I agree completely, what a horrable thing to delete my porn

Re:Finally!

[Mayhem178]

We can change that. All we need to do is modify this virus to delete *.doc, *.xls, and everything in the My Documents folder. Also, it should hijack IE, set his/her clock to January 1, 1900 (Y2K, anyone?), replace his/her desktop wallpaper with Goatse, and delete every link off his/her desktop and start menu.

That should hit Average Joe User hard enough to make them feel like they got raped by a train.

Re:Finally!

[Salty+Moran]

and everything in the My Documents folder.

Considering the people I know, I think you'd be better off deleting documents from the Desktop... :\

Re:Finally!

[Jugalator]

What's the bet that one of [riaa.com] the companies [mpaa.org] that make oodles of money [apple.com] from content [bpi.co.uk] are behind this?

When they disable various security products? Well, *if* any of those were behind it, it would sure be interesting to see how it unfolded if they were discovered doing it. I personally doubt they'd dare.

Re:Finally!

[zipfaust]

Damn! Drink my beer and leave me without toilet paper?!?. That's pretty harsh.

Re:Finally!

[ajs318]

No. Your "Average Joe User", confronted with that scenario, will simply throw away his old, broken computer, go out and buy a new one, and then start filling that up with crap. And when that is thoroughly full of crap too, and slowing down and going to the wrong web site and crashing and files are going missing ..... rinse and repeat. Because going wrong is just something that computers do.

Mind you, smart skip-divers probably will benefit from this.

Re:Finally!

[magefile]

I visited an internet cafe once where this was happening. And by internet cafe, I mean "half a dozen computers in the back room of a coffee shop that the employees never bother to look at or fix". Goatse on several, "close-up" pictures on the others. Blech. Almost got myself banned for life just for telling the barista.

Re:Finally!

[Mayhem178]

Heh....yes, I know. And I almost mentioned in my original post that only Dell would benefit from such a situation.

Re:Finally!

[Mayhem178]

Sorry for the double post, I just wanted to add something.

Because going wrong is just something that computers do. I with you on this one. This kind of mentality is something that I try to quash anytime I'm fixing someone's computer. I always tell people that beyond taking a hammer, magnet, or cattle prod to a computer, it is remarkably difficult to truly harm it. As delicate as modern computers may seem, they are remarkably resilient. It's incredibly difficult to truly lose data (provided you're willing to pay the fee at a data recovery lab, in a worst-case scenario).

I always tell people to think of viruses, malware, and spyware as an annoyance, not a plague. The motivation for patching, updating, and scanning for these things should be to prevent their spread, not to protect your own ass. Once people get into a "every man for themselves" mentality, then the malware moves beyond being an annoyance, and the writers of such malware have won.

I remember when Blaster hit. I was working at a real estate office as their only IT guy (small office, about 25 computers total, including servers). Everyone was acting like it was Armageddon. I ended up spending half of my time trying to keep people calm. Time I could have spent solving the problem. Eventually I rounded up everyone (about 10 people) to explain the situation and a give them all a crash course in virus detection and prevention. Still, that particular day I ended up staying long after everyone had left the office so I could unplug every computer from the network, remove all the instances of Blaster (some had upwards of 2000 infected files), and patch the vulnerability.

I think the real problem is that a lot of people don't view computers as flexible, ever-changing tools. They want to see them as embedded devices. Something that performs a small, finite set of tasks, always performs them in the exact same way, does not require any maintenance to function, and will work the same way 10 years from now as it does today. This simply isn't the case. I don't know if this spawns from laziness, computer illiteracy, or some combination of both. I've known people who simply don't want to take the time to get a basic understanding of how their computer works. They don't know and don't care, they just want it to perform a very limited set of tasks, and to hell with everything else. Of course, these same people are likely to buy a car and end up seizing the engine by never having the oil changed.

Re:Finally!

[lloydtesterman]

Thank goodness, it was just a virus. I though I had a drinking problem.

Re:Finally!

[bxbaser]

"shave your eyebrows off while you're asleep, drink all your beer, and leave you with no toilet paper"

Man i hate it when that happens.

Re:Finally!

[tehcyder]

...a computer virus or trojan can come into your house, shave your eyebrows off while you're asleep, drink all your beer, and leave you with no toilet paper...

Sneaky bastard!

Ah, the joys of quoting out of context.

Re:Finally!

[Frank+T.+Lofaro+Jr.]

I always tell people that beyond taking a hammer, magnet, or cattle prod to a computer, it is remarkably difficult to truly harm it.

Read about killer pokes. There is the PET killer poke, and setting bit 5 of the I/O register at 53270 on a C-64 that can do damage.

Re:Finally!

[Beryllium+Sphere(tm)]

>I mean as soon as a few botnet node owner's loose their porn

Now I need to cleanse my mind of the mental image of porn that is unleashed and freed from restraint.

Re:Finally!

[Mayhem178]

I don't really think killer pokes are a real enough threat nowadays as to warrant that kind of attention. Though if the person I'm helping does uses a lot of BASIC, I'll be sure to add that to the list of dangers for them. :D

Note to self: buy old C-64 and POKE it. Then POKE it again...with a stick.

Re:Finally!

[couchslug]

"Of course, these same people are likely to buy a car and end up seizing the engine by never having the oil changed."
I get lots of vehicles and 'puters from such folk. May they never change.

Thank god!

[webappsec]

I use linux!

Re:Thank god!

[MobileTatsu-NJG]

"Thank god! I use linux!"

I thought Linux supported porn by now.

Re:Thank god!

yeah.. for now, at least.

Re:Thank god!

[Kilz]

Linux is all about freedom. You are free to look at porn if you want to. Most dont, but you can. At least if you use Linux you wont be infected by malware from visiting porn sites.

Re:Thank god!

Only open-source porn, actually.

Re:Thank god!

[MobileTatsu-NJG]

"You are free to look at porn if you want to. Most dont, but you can."

Most Linux users don't look at porn? Didn't that all change when KDE came along and you didn't need both hands available?

Re:Thank god!

[Cheapy]

If Linux ever supported porn, then nothing would be improved upon. All upgrades are in the search for getting pron to run seamlessly. Once that happens...

Re:Thank god!

[ajs318]

It does; but most Linux users have seen a real naked body.

Re:Thank god!

[dhasenan]

Yeah, but you have to use AALib to view it :(

Re:Thank god!

> It does; but most Linux users have seen a real naked body.

You mean apart from their own?

Re:Thank god!

[phorm]

Of course. I've had no problem browsing pr0n in Links/Lynx. For example, there's a great repository here. Of course, really l33t linux users browse their porn using a direct telnet session to port 80, but for those less technical links works well too.

(Of course, you could always use the normal channels of aMule, BitTornado, Firefox, and Pan or your newsgroup reader of preference). :-)

Re:Thank god!

[WaZiX]

you n00b, we had ASCII art way before KDE!

Re:Thank god!

[Elminst]

Seeing yourself in the mirror of the bathroom in your mom's basement doesn't count...

Geeks unite!

All I know is that this is a very important problem we have to fix!! Destroying our financial records and stealing our identity is one thing. But touch a geek's pr0n collection ------- this means WAR!

Re:Geeks unite!

[Patrik_AKA_RedX]

No worries! I've hired, well, captured and enslaved, 150 people who go over all the code I download before letting it touch my porn-fileservers.
This is just too important to leave to a program or people who do not have to fear for their lifes.

Re:Geeks unite!

[Salty+Moran]

I've hired, well, captured and enslaved, 150 people who go over all the code...

So, basically, what you're saying here is that you're the President of Human Resources at EA Games?

It's probably a lot like Christian games

They're just trying to bridge the gap and establish a "me too" appeal to non-Christians, so they created a trojan virus to show that you can write malicious code if it does "good" things like deleting porn and illegally acquired software. While I applaud their attempt to reach out to the hardcore geek culture, I think the Christian computer world is best left to video games like the Left Behind RTS. I propose a new bracelet WWJC: What Would Jesus Code?

Nis

Re:It's probably a lot like Christian games

Shouldn't it be WWJD?: What would Jesus delete?

Seems obvious to me.

[Jerk+City+Troll]

Of course it would delete your porn! Trojan wants you to go out and have real sex.

Re:Seems obvious to me.

[mobby_6kl]

Trojan wants you to go out and have real sex.

They're not the only ones...

Re:Seems obvious to me.

[Tsen+Wrath]

Wow, my harddrive has never had so much free space.

Re:Seems obvious to me.

[Joebert]

The could just as easily start selling Trojans Indestructable Tube Socks & After Spanking Shower gel.

Win-win situation.

Re:Seems obvious to me.

[chotoro]

I shudder to think what a Trojan Horse means in that context.

Re:Seems obvious to me.

[hero_or_what]

Or as they say - Trojans and P*rn go hand in hand ;-)

It... deletes PR0N??!!

[Noryungi]

I feel a great disturbance in the Force... As if a millions Slashdot posters all cried out in anguish...

Re:It... deletes PR0N??!!

[Patrik_AKA_RedX]

I felt it too. It's like a large evil creature with large teeth and claws with a hunger for human flesh and souls is lurking in the darkness behind you.
But that's enough talking about lawyers..

Re:It... deletes PR0N??!!

Thank god you said anguish.

Re:Altruism? I have my doubts...

[Joebert]

What about the third scenario ?

3) Virus writers stage this to make it look like the RIAA, MPAA, ect, are "pulling a Sony" in an attempt to pull a classic "Throw a rock at the bee hive the ranger is standing next to so BooBoo can grab the pic-a-nic basket".

Uhoh

[dimer0]

Oh crap, I better move my Quicken data files out of my Kazaa downloads directory ...

Re:Uhoh

[gEvil+(beta)]

Don't worry if this thing deletes them. I've got them backed up for you.

Re:Uhoh

[bigmouth_strikes]

Yeah and while your at it, move them out of your /Uploads directory as well. We're tired of laughing at your book keeping skillz.

Re:Uhoh

[blackbeaktux]

I'd like to volunteer my office (basement, parents' house) as a secure off-site backup storage facility.

Good intentions? My computer is MINE!

[Opportunist]

I don't care about the author's intentions. What happens on my computer is MY business. Nobody elses.

On the other hand, if they find and try him, in what way is that different to many DRM implementations?

Re:Good intentions? My computer is MINE!

if they find and try him, in what way is that different to many DRM implementations?

Because if you've got a DRM'd file, chances are you chose to have it, and (Sony rootkits aside) it's not going to trash your other files. If you get hit with the virus, this author is responsible for non-consensual destruction of your property.

Re:Good intentions? My computer is MINE!

[Opportunist]

It's less the DRMized content, more the DRM features in software and OSs.

In theory, you could write software that ensures you comply with DRM by deleting content that does try to infringe copyrights. How is that different from the trojan?

I'm tempted to write a "DRM compliant virus". I.e. one that tells you in no uncertain terms what it's going to do, somewhere encapsulated in the usual non-human-readable format of an EULA. Pretending to do some service for you. Just like lots of "genuine" software does today.

0h n03z my pr0n h4s b33n st0l3d!!!11!

The new Trojan/Erazor-A has an interesting twist. In addition to deleting or disabling various security products and competing malware, it deletes any porn, warez and music.

This thing could delete the Internet

As for the Who and the Why. I blame the RI/MP Ass's. of America.

Apple needs to jump on this quickly!

[dimer0]

... and make a new commercial!

[old guy is coughing, wheezing, ...]

[young guy] On a mac, you don't have to worry about losing your pr0n and warez!

[young asian chic to young guys right seductively takes leg and wraps it around young guys waist]

[cut to pic of imac]

Re:Apple needs to jump on this quickly!

[MobileTatsu-NJG]

"[young asian chic to young guys right seductively takes leg and wraps it around young guys waist]"

[young asian chic opens mouth to talk, unsupported audio codec message appears, young guy just shrubs]

Re:Apple needs to jump on this quickly!

[drinkypoo]

"[young asian chic to young guys right seductively takes leg and wraps it around young guys waist]"

[young asian chic opens mouth to talk, unsupported audio codec message appears, young guy just shrubs]

See, that's what happens to mac lusers. When you try to get to the bush, you end up in the shrub...

Re:OOOOOOOOHHH NOOOOOOO!!

[Opportunist]

Think of the children!

Erh... no, doesn't work too well in that context.

+1 you insensitive clod

Christian virus? Why not call it a right-wing virus, a "family friendly" virus, a RIAA/DMCA virus, a "muslim" virus, a "white hat" virus, or a whole slew of other groups that might find illegal software, illegal music, or pornography offensive?

Or could it just be someone writing a trojan who wants to hit his own particular enemies, or buddies, where it hurts?

At least think before you post, you insensitive clod of a troll. :P

Re:+1 you insensitive clod

The majority of people in the U.S. involved in the continued assault on first amendment rights in the name of "decency" are, in fact, Christians (note that the extreme majority of "Family" groups are, in fact, religiously motivated). As this is a U.S.-centric site, it is not unlikely that the poster is from the U.S., and therefore has commented appropriately on the current social state of the country.

Just because it offends you doesn't make it false. While those other groups may be involved in censorship campaigns as well, as was the implication of the original post, they're in the majority.

While the actual charge the poster made about this virus was pretty much baseless hyperbole, the wider implication that Christians are the majority group involved in campaigns to unconstitutionally ban material they personally find distasteful was neither unfair, nor off the mark.

It's only unfair, after all, if it isn't true, which is something that the screechy preachies on slashdot generally don't seem to understand.

any porn, warez and music in your P2P directories

[digitaldc]

So why not just say it deletes everything in your P2P directories?

Survey says...

Sony!

The next headline on slashdot....

[TheOldSchooler]

Storage Space Mysteriously Triples on File Servers around the World.

Re:The next headline on slashdot....

[barefootgenius]

"Storage Space Mysteriously Triples on File Servers around the World." So true!

Re:The next headline on slashdot....

[rehtonAesoohC]

Followed closely by:

"Internet Traffic Triples Across All Major Pipes"

Re:The next headline on slashdot....

[whathappenedtomonday]

and, of course:

"HDD sales plummet"

honorable mention:

"Project: FreeSpace"

Don't get your hopes up

[Opportunist]

Phishing trojans have been out and about for quite some time now. And they're responsible for QUITE some damage.

Did it result in any change of the average Joe's security awareness. I mean, hey, it's not just some porn or movies you downloaded, it's your MONEY that's at stake!

And? Nada.

Nice to see a destructive payload for once

[fatphil]

Without the pain of personal loss, lusers will not be so inclined to tighten up their system. So what if I'm part of a botnet? I'm not using the machine overnight anyway...

Happy LARTing,
FatPhil

Re:Nice to see a destructive payload for once

Oh yes you are - when else will all those long prime numbers get calculated? But I know you're speaking for Joe user...

You see, your reputation precedes you :-)

M, camb.

How's that different

[DimGeo]

How's that different from any other virus out there? If you get pwn'd, you will most likely have to reformat all hard drives and lose all data anyway. True, an anti-virus might heal the problem when it occurs, but I wouldn't count on it. Just protect yourself with a good firewall and a good antivirus.

THIS IS WAR!

[Progman3K]

First they came for my credit card data, since I did not have Visa, I said nothing.
Then they came phishing for my bank account info, since I did not have a bank account, I said nothing.
Then they came for my porn...

Re:THIS IS WAR!

[blackbeaktux]

Then they came for my porn...

... and it wasn't as though there wasn't anybody left to speak for me, but they were all busy with something.

Dtops a method of idetifying of removing infection

[tuppe666]

It sounds to me, that it doesn't discriminate as to what is downloaded p2p it just deletes everything anything else would be harder to program(not likely to identfy fresh tones, copyright mp3's, or seperate linux iso's from playstation ones)

The reson it does so is more likely to be simply to stop you downloading, a copy XXXX of an anti-virus program for free to remove the virus.

Re:Altruism? I have my doubts...

[WidescreenFreak]

I agree with you very infrequently, but this is one of those infrequent times. Either someone who is good at coding is on a major "hoiler-than-thou", ethics spree or this is the result of a bigger source hiring this person. I completely agree with you on the latter.

But on the other hand, this is not necessarily a bad thing for the rest of us. Most of the people who would be come infected by this - and consequently lose all of their P2P data - are probably Joe User types who don't know any better. So, this might -- I stress might -- actually be a benefit in even minimal ways:

• Fewer people for the RIAA to sue because their files got wiped out (then again, I like seeing them demonize themselves)
• Fewer excuses to claim that P2P is taking away oh-so-much estimated revenue (see above statement about self-demonizing)
• Likelihood of poisoned files getting wiped out also
• Those who get smacked with it might actually learn something about this trivial thing called a "virus scanner"

I list the above points with a bit of sarcasm, of course, because I doubt that this will really have any impact on the above. But I don't doubt that the last item will come into play very often, which could actually be better for the rest of us overall.

Aiming poorly?

[iogan]

The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations.
(...)
"The Erazer Trojan is a vigilante worthy of a Charles Bronson movie, taking the law into its own hands. However, it's perfectly possible for the Trojan to aim poorly and wipe out innocent files too," commented Graham Cluley of Sophos.

Aiming poorly? Yeah, if carpet bombing a country to hit a dart board is what you mean by aiming poorly...

Re:Aiming poorly?

[meringuoid]

Aiming poorly? Yeah, if carpet bombing a country to hit a dart board is what you mean by aiming poorly...

Careful with such analogies. There'll be a bunch of loyal American patriots along in a minute to tell you how wrong you are, and that it's not aiming poorly, it's an enlightened foreign policy.

Re:Aiming poorly?

[computational+super]

If you're not with us, you're against us, and that didn't sound "with us" enough for me. The air force will be preparing your neighborhood for a Haliburton contract in five minutes.

Re:Aiming poorly?

Only a Sith deals in absolutes.

But we have been promised our freedoms will be restored once the terr.. separatist threat has been countered.

Ain't the first trojan to act like this

[Opportunist]

The only "real" news is that it deletes the content of P2P folders (ok, not really "new" either but at least far from usual).

That a trojan kills other trojans is hardly news. About a year ago two groups actually led a battle where one group tried to stab the other group's trojans (and vice versa) with their updates. Some trojans also use the names other trojans use to ensure those trojans can't install after they're already in. Makes detecting them correctly (i.e. as a different beast, not a new version) not really easier.

Almost every trojan today has some anti-anti-trojan functions. Killing Kaspersky, McAfee and Norton AV is more or less a standard feature of most current Trojans, so I wouldn't really call that news either.

The only outstanding feature that's hardly common is the deletion of incoming P2P objects. Which makes one wonder who ... well, cui bono?

Where's the FUD now?

[objekt]

How soon before we see a proof-of-concept version of this virus on the Mac that requires you have a local account and type in an admin password?

Re:Where's the FUD now?

How soon before we see a proof-of-concept version of this virus on the Mac that requires you have a local account and type in an admin password?

Accessing personal files doesn't require a password, you just have to trick someone into running it which isn't too difficult for the lass savvy users (http://en.wikipedia.org/wiki/Dancing_pigs), or take advantage of an exploit to have it auto-execute.

Even if you have a deny-delete permission set on your files, they'll presumably be writable in which case truncating every file to zero bytes will achieve the same thing.

Re:Where's the FUD now?

[A+beautiful+mind]

As soon as someone comes up with a good looking GUI for it.

"Oooh shiny!" [click] [click]

Re:Where's the FUD now?

[amliebsch]

I wasn't aware that you need to type a password on a Mac to access your own user files.

Re:Where's the FUD now?

[ajs318]

If the "write" bit isn't set on a file, you can't delete it either. Deleting a file is considered to be "writing" it. The same bit controls both functions. Dewleting a file is also considered as a write to the directory in which it lives, so that needs "write" and "execute" permissions too.

Re:Where's the FUD now?

Unless MacOS X deals with permissions diffrently than any other *nix I've seen before, you only need execute and write permissions for the directory the file is in to delete the file.

Re:Where's the FUD now?

[stuuf]

"With Linux, you really don't have to worry about..."

Re:Where's the FUD now?

[objekt]

Nice try, but that's not what I said. To answer your troll, it's easy to password protect your files on a Mac. Some do, some don't.

Re:Altruism? I have my doubts...

[phyrebyrd]

I see an option 3 here.

3) A strike against the MPAA, RIAA and any other "law abiding" corporation (who manages to be capable of CREATING those very laws) by targeting the computers that seed the incomplete, misnamed and intentionally infected files and the files on computers that have downloaded from them by users stupid enough to download things under 1kb.

Any smart P2P user changes the default directories to customize their own bitspace so it's easier for the person using the software to find what they've downloaded, not to mention archive on another device or media those files they truly wish to retain.

Do note that I did say *smart*.

Wishful Thinking

[bigdavesmith]

How wonderful would it be if this worm was actually traced back to origins in the RIAA?

Translation please..

[JamesTRexx]

remarkably few things infect the text files this trojan also deletes.

Ehmm... What?

Re:Translation please..

[gEvil+(beta)]

There are only a few things infecting my text files--I call them letters, numbers, and words.

Re:Translation please..

[Ken_g6]

Some of my text files seem to be infected with a pox of periods, an abscess of ampersands, or an eruption of exclamation marks!!!!! (There's one now)

There's also the classic brain virus (a.k.a. the "chain letter") which can infect almost any medium, but it's rarely found in plain text files.

Re:Translation please..

[someone300]

Some of my text files seem to be infected with a pox of periods, an abscess of ampersands, or an eruption of exclamation marks

That's just perl

So?

[NRP128]

If it makes it so that is not longer a fad or fashion to pirate media, and stops the lusers from bringing down the heat of the RIAA and MPAA (face it, piracy, especially of the digital variety, has been around forever, it only became a problem when it was a household name). If you're dumb enough to be on BearShare or eMule or whatever other P2Ps are still running (i gave up keeping track) you're probably not smart enough to run decent A/V software and keep it updated, with a few exceptions of course. Maybe the RIAA did so it...i don't particularly care. I hate to see people lose their 'stuff' but we've all been there, its part of it. eventually you learn to use alternative OSes as your file servers and do as good of a job backing up as you can :)

Re:So?

[Patrik_AKA_RedX]

If they're not smart enough to use some A/V correctly, why do you assume they'll manage to figure out what a "fileserver" is, let alone how to setup and use one?
How about we write a malware proof OS. That's orders of magnitudes easier that the above.

Re:So?

[NRP128]

Hence the 'eventually you learn' thing. Everybody had a catastrophic failure at some point, eventually you learn to plan for the future (for those like me it took more than one...). Though i do agree, a decent OS would help...I moved to OSX for the time being, mainly to get away from the but-ugly UI in Windows, but also for the (temporary) security OSX affords. I'm not one of those zealots who thinks we'll be safe forever, but Apple has a lot more time to prepare their OS for true mainstream use, plus when you figure they're actively developing and releasing updated versions almost yearly...and MS has been producing Vista for....6 years now? 7 or 8 if you count all the roadmapping they probably had to do before the first piece of code was looked at...

Who could be behind this nefarious plot?

[brandor]

Hmm... the RIAA?

Re:Altruism? I have my doubts...

[casings]

Yea, like the RIAA and the MPAA are going to release a virus on the public, which could cost them billions, look how well that turned out for Sony...

In actuality it was probably just some stupid kid who, and probably rightfully so, thought the only thing of any value to anyone on their computers are either text files, or have downloaded from some p2p or similar site.

Honestly if you were looking to cause the most damage to anyones computer, it would be to strike at their heart, their downloaded music.

Avarice

[Mark_MF-WN]

Avarice isn't too bad a theory, but I have trouble believing that the RIAA/MPAA could be so dumb. Sony is still in hot water over a badly designed piece of supposedly legitimate software. This is the kind of thing that could land people in JAIL. Suppose the virus gets onto a government computer and erases some legitimate files? What about a military computer? The US military has demonstratibly poor computer security. This could cause them huge problems if it got loose.

My theory is that this was made by someone who WANTS people to think that the RIAA made it, so that even more people will turn against them and take some heat off of P2P.

Re:Avarice

I can't believe that you can't believe that they are so dumb!

Sony is still in hot water over a badly designed piece of supposedly legitimate software.

What hot water? They installed ROOTKITS on their music CDs, not "a badly designed piece of software." The software was well designed, it did exactly what Sony wanted it to. The rootkit was blatantly illegal, breaking several felony laws. You might want to see what happens to an American citizen who installs rootkits.

I don't see any Sony executives in prison for this, do you? I don't see any big fines or any criminal prosecution whatever.

Had some Sony execs gone to the slammer, or had Sony been forced into Chapter 13 I'd agree with you. But the Sony fiasco showed the **AA that they can do any damned thing they want, no matter how destructive or illegal, and not get in any trouble whatever.

No, this was either the RIAA, the MPAA, or more likely one of their members. My money says Sony is the criminal organization that did this. The rootkit fiasco showed that they are not above breaking the law, destroying private property, or shitting on their customers.

-mcgrew

Re:Avarice

[tbone1]

I have trouble believing that the RIAA/MPAA could be so dumb.

I don't. I've seen how dumb large organizations can be.

Re:Avarice

[Destoo]

Avarice isn't too bad a theory, but I have trouble believing that the RIAA/MPAA could be so dumb.

I don't.
http://www.despair.com/meetings.html
"None of us is as dumb as all of us"

Re:Avarice

[RsG]

What's more, why porn?

Music - RIAA would love to attack P2P music services. Movies - substitue MPAA for RIAA and the same applies. Warez, you got the BSA...

But who the heck cares about porn? Of the affected materials, only the first three qualify as copyright infringement - most porn is legal (and most of what isn't legal, is illegal for reasons unrelated to copyright). You don't see lawsuits or massive industry crusades over pron-piracy.

I'm going to go with "the writer of this software want's to piss people off". It's the explanation that makes the most sense.

Unless, of course, that's what they want us to think....

Re:Avarice

[woolio]

Avarice isn't too bad a theory, but I have trouble believing that the RIAA/MPAA could be so dumb. Sony is still in hot water over a badly designed piece of supposedly legitimate software. This is the kind of thing that could land people in JAIL. Suppose the virus gets onto a government computer and erases some legitimate files? What about a military computer? The US military has demonstratibly poor computer security. This could cause them huge problems if it got loose.

Are you forgetting we had a US President that was basically convicted of breaking and entering / burglary just so we could get a little bit ahead on the next election? (And he was going to win anyway).

Yes, I believe the RIAA is that stupid. They have already shown us their collective stupidity multiple times.

Re:Avarice

[Roduku]

I would hate to see this get into a government computer and delete all their porn downloads.

Re:Avarice

Yeah, ok. That's a nice sentiment, but how many people did you see go to jail over Sony's rootkit, which COMPROMISED THE SECURITY OF THE MACHINE IT WAS ON? Remember, THAT was installed on military PCs, and lots of them, too.

If the **AA wrote it, odds are it'd be a minor PR disaster and that's as bad as it would be to them. Maybe someone loses their job. Remember, this is America. Justice is bought and sold.

Re:Avarice

[1u3hr]

What's more, why porn? Music - RIAA would love to attack P2P music services. Movies - substitue MPAA for RIAA and the same applies. Warez, you got the BSA... But who the heck cares about porn?

I note that stupid as the article in PC World was, that the Slashdot editors went one better. PCW didn't even mention "porn" or "warez" in TFA.

The trojan deletes ANY FILES it finds in various standard locations used to share files by P2P. As for "attacking malware"; more anthropomorphic fantasy. If anyone has actually put malware into mp3 or mpeg files I haven't heard of it.

Re:Avarice

[Esteban]

I have trouble believing that the RIAA/MPAA could be so dumb.
I don't. I've seen how dumb large organizations can be.

I worked for one of RIAA's lawfirms, handling antipiracy stuff in the late '90s, and while I wouldn't say they're dumb, by any stretch, they weren't very subtle, and they weren't very concerned with potential negative press. At least inside the office, there was a feeling of "we're defending the artists!" The concern seemed to be that people pirating music just didn't realize what they were doing. This view is still recognizable in those pre-movie spots the moral of which seems to be "Copying or downloading is stealing."

Re:Avarice

[compro01]

If anyone has actually put malware into mp3 or mpeg files I haven't heard of it.


i've heard of a virus that exists in MP3 files, but AFAIK, its only a proof of concept. i'll see if i can find the article i read about it, though it was a few months ago.

Re:Avarice

[Sepper]

At least inside the office, there was a feeling of "we're defending the artists!"

And that feeling is really nothing more than an illusion. You are really defending a bunch of shareholder. But than again, legaly, they are right: copying music is illegal... at least, until we find a better way to pay artist than distribuing cds. I would rather support groups like http://musiccreators.ca/ than a big Corp.

This Trojan is probably the brainchild of one individual among the RIAA/MPAA out to impress the Brass to get a promotion... or something... It has the signature of the same 'we-dont-get-tech' as before...

Re:Avarice

[1u3hr]

AFAIK, its only a proof of concept.

That's why I wrote "actually". There were some media files that could crash and possibly exploit WinAmp, but that never was a threat. The only real world example I've heard of was the WMF bug.

Re:Avarice

[compro01]

The only real world example I've heard of was the WMF bug.

hmm. that might have been what i heard of. or maybe i got it mixed up with the jpeg virus. i dunno. i need more coffee.

Re:Avarice

[mjwx]

The RIAA and MPIAA are American (US) organisations. They couldn't land in jail if they walked around house to house and held a gun to your head and ordered you to delete anything you haven't paid for (or paid them for).

They would be commended for supporting the arms industry.

Re:Avarice

[Mark_MF-WN]

Hilarious scenario. I'm going to be laughing all week just imagining that...

Re:Avarice

[Khyber]

I guess you haven't heard about the malicious ID3 tags that Winamp's latest update claims to protect against.

Re:Avarice

[hairyfeet]

I've seen infected WMA music files at the pc repair shop I worked at.In fact a lot of adware infections on teenagers boxes brought in could be traced to infect WMA music files.It seems a lot of the teens would look for the tune and click whichever one was the most popular regardless of file ext.

Of course I've seen a LOT of .mp3.exes too.That whole "Hide extensions for known file types" really gets a lot of noobs.

Re:Avarice

[1u3hr]

guess you haven't heard about the malicious ID3 tags that Winamp

I've heard of them. Never heard of anyone actually being infected by them. Probably happens, but it's a pretty remote threat I think.

your own files?

Gosh, I have plenty of MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files ... that aren't porn, illegal music & warez.

Why then, I must ask, do you store them in the default download directory of many popular P2P apps?

If you do not, then they will NOT be deleted.

Re:Altruism? I have my doubts...

[kannibal_klown]

I think it's one of the following:

• Ordinary guy just figured it would be the ultimate annoyance: losing your collection of "questionable content."
  So it's not as malevolent as something that could bring down servers or delete crucial Excel files, just piss off a lot of ordinary Internet users. Who's going to complain on CNN: "I lost hundreds of hours become this guy deleted my carefully organized pron collection."
  
• Someone who believes strongly against "immoral" content decided to take it upon themselves to do it. Not impossible, it's not these strong beliefs make the brain function any less.
  
• As others have said, a way to attack piraters and such.

Re:Altruism? I have my doubts...

[Bogtha]

The first thing I thought was that it was well intentioned - in the long run.

The general public have demonstrated time and time again that they really don't care about security. They'll put up with their computer slowing down and crashing, they'll put up with random popup ads, they'll put up with their computer being used to spam people...

...but take away their porn and music? The virus seems to be designed to piss the computer user off as much as possible without actually causing any real damage or impairing the computer's operation. It seems to me that the virus writer did it to get people to take notice of viruses in future.

Removing virus vectors doesn't solve the problem in the long run. Ultimately, only education will do that. This is a form of education, a lesson that will actually sink in.

Add option #4

[WidescreenFreak]

Call me cynical, but add:

4) Write a trojan to wipe out what people apparently consider to be important so that they are more aware of virus scanners.

Hmmm... would the various anti-virus companies do something like this to advertise the need for their products on people who lose gigs and gigs of files to a trojan? Nahhh....

Re:Add option #4

[grub]

Hmmm... would the various anti-virus companies do something like this to advertise the need for their products on people who lose gigs and gigs of files to a trojan?

I was thinking the same thing, however, the bug actively kills a lot of AV processes. Advertising "Our Version X was killed by that bug, but Version Y is unbreakable!" doesn't instill confidence in the user.

Re:Add option #4

[WidescreenFreak]

Not in users like us, perhaps, but to the average Joe who just lost a few gigs of data, and is therefore still in "gullible, panicked buyer" mode, any virus scanner will likely be desireable. So, if an anti-virus vendor can claim to protects your gigs of fies once the new version come out, you can bet that the people who got smacked by this are going to buy it, if only under the ignorant assumption that it won't happen again.

Re:Add option #4

[simpleparadox]

Once, I had some viruis or something on my computer. While it was popping up porn every two seconds, it was advertising viruis software with message boxes and a fullscreen window it took me a while to get off my desktop, also my desktop and start menu had icons that were made to look like windows security icons that lead to a site selling viruis and spyware protection software.

Re:Add option #4

Oh noes!! My pr0n0g!

Re:Add option #4

[Chelloveck]

Even simpler:

4) Write a trojan to wipe out what people apparently consider to be important just because the trojan writer is a prick.

Re:Add option #4

[nomadic]

Yes, that's what it is. Enough with the conspiracy theories already, people.

Re:Add option #4

Just because you're paranoid, don't mean they're not after you.

Re:Add option #4

[tbannist]

Congratulations! We have a winner.

Occam's Razor salutes you.

Re:Add option #4

[sumdumass]

What about another scenario?

5)use this virus to delete the loades of crap sitting out there that are already viral so it will be easier to download the real thing and not sift thru 5 virus', 4 blank movies and something that no matter how many times you download, still says it is incomplete.

My guess it is a user who want to get back to normal file sharing.

Re:Add option #4

[drsquare]

The mantra spouted on this site is that piracy isn't stealing as they haven't lost anything. Well, technically no CDs or DVDs are destroyed by this virus so you haven't lost anything either, and can't complain!

Simply copy the files back onto the computer from your legally-acquired CDs and DVDs.

Re:Add option #4

To _really_ make people aware of the usefulness of virus scanners, the trojan should send a list of the detected porn to the victims adress book instead of deleting it.

That would probably boost computer security more than anything I can imagine.

Drawback is, lawyers specializing on divorces also would reap tremendous profit... ^^

Re:Add option #4

[Impy+the+Impiuos+Imp]

I swear to god, if my Kazaa/Bearshare/whatever'd copy of Julie Strain in the hottest soft core scene ever filmed disappears, someone's gonna get hurt!

Re:Add option #4

[cogitophobia]

Mod parent up. Man, that is one hell of a good way to put that argument. We'd be hypocrites to continue believing it's not stealing.

If only the content companies would pull their heads out of their asses, and create a viable new business model, we could stop resorting to "piracy" to fulfill the demand for content.

Re:Add option #4

[collectivescott]

That's a cute arguement, but you're missing the point. With file sharing, the record companies aren't deprived of anything when you download a song (discounting theoretical future sales). However, if someone deletes files off of your computer, you are deprived of your music. If someone broke into your computer and deleted your graduate thesis, I'd bet you'd consider that a crime. Probably vandalism rather than theft, but still a crime. The key point here is deprivation.

Re:Add option #4

[FireFury03]

Write a trojan to wipe out what people apparently consider to be important so that they are more aware of virus scanners.

I'm not condoning malware here, but I have been saying for a long time that if the malware blew away people's data then they would give a lot more of a crap about securing their machines. Most malware these days attacks third parties (spambots, DDoS, etc) and really doesn't do a lot of damage to the infected machine so why should the owner care that they're infected?

Re:Add option #4

[Stephen+Samuel]

Hmmm... would the various anti-virus companies do something like this to advertise the need for their products

The first test of that proposition would be if one brand of virus software was curiosly not targeted (or targeted in a clearly ineffectual manner).

Re:Add option #4

[Kadin2048]

Huh? That doesn't make any sense, even in the way you're trying to use it.

If I copy your file, you have a copy, I have a copy. Nobody has lost anything. Therefore, it can't possibly be called stealing by most people's definitions.

If I copy your file and then delete the original, then I have it and you don't, that I think we can all agree, is stealing. Likewise, if it's on physical media which only one of us can possess at a time, and I take the physical media, then it's also stealing.

If I delete something without taking a copy, then it's not stealing, it's just vandalism or destruction of your stuff.

You are mis-stating the argument you're trying to make fun of (the "it's not physical so therefore not stealing") and so your parody falls flat. The fact that data isn't physical isn't the important part, it's the fact that nobody loses their copy in a typical "pirate" transaction. That's what differentiates it from "theft" in the minds of many people.

Personally, I think that unauthorized copying is not theft, but might meet the qualifications for wrongful conversion of property, if you take a wide enough definition of 'property.' (So as not to limit it to real property and chattels, but include the value of data as well.) See this page. Normally it applies only to physical goods. At any rate, there are existing sections of law which are more appropriately applied to the reduction-in-value that occurs when data is unlawfully copied than theft and larceny.

Re:Add option #4

You left out a major point that invalidates your argument. This virus deletes the files that are in the P2P SHARE directories. We aren't talking about copying your own stuff as a backup for yourself only here.

Re:Add option #4

[Trigun]

Send me a copy, and I'll be part of your distributed backup strategy!

Re:Add option #4

[nizo]

This thing should redirect the user's homepage to the XYZ software company that sells virus software. You have to wonder how many people would just buy the software to protect their computer. Meanwhile company XYZ actually gets users to pay them money to download their virus infested software pretending to be anti-virus software.

Re:Add option #4

[grub]

That happens with some spyware/nagware. I've had users bring in their home machines wanting them cleaned because they clicked "OK" (or whatever) to a popup telling them they have spyware and they should click here to remove it...

Re:Add option #4

I've been thinking that since 1995. I mean look at the huge jump in viruses between DOS and Windows 95.
I first thought I was just speculating until a few years ago, they switched to the yearly "subscription updates" business model. Since then I've been looking for an alternative. I found it, and it's called Avast (Grisoft's AV doesn't work very well, and there are a few other good alternates out there). McAfee and Norton, I used both until I realized both products sucked when neither found a virus that Panda AV online scanner discovered and cleaned off my parent's virii infested laptop. (over 100 viruses got on when their mozilla browser got hijacked (not firefox mind you)).

Re:Add option #4

[budgenator]

I doubt that oscams razor would agree with the malicious "trojan writer is a prick" scenario, most viruses/worms/trojans exist to build a 'bot net for nefarious purposes like spamming or protection rackets to prevent DDosing. The noble but asocial hacker/cracker image is most often a smoke-screen for more typical criminal behaviours; and I've seen no evidence to believe this is anything else.

Re:Add option #4

Gotta find a way, a better way, when I'm there....

Re:Add option #4

[kimvette]

I've been thinking that since 1995. I mean look at the huge jump in viruses between DOS and Windows 95.

Wasn't there also a huge jump in the number of users who discovered the Internet around the time that Windows 95 came out? Don't you think that new MSIE users randomly downloading crap off the web might have anything to do with the explosion in number of viruses and trojan horses to infect the average machine, and a couple of years later widespread broadband giving crackers the ability to create botnets?

Nah, it couldn't be that. It could be those eebil virus companies who are the tools of the debil! ;)

Re:Add option #4

That is extremely interesting. I would like to hear more about this.

Re:Add option #4

[mathmathrevolution]

No Kidding. I need to pirate a fresh copy of Norton Anti-Virus off some P2P service before I fall victim to such a Trojan.

Re:Add option #4

[tbannist]

Most viruses/worms/trojans now exist to build a bot net for nefarious purposes. Assuming the analysis of this virus is correct and that it does not install a rootkit and/or bot the machine, then either the virus writer has a different motive for making the virus.

Now given all the scenarios suggested the most least unlikely alternative is that the person who wrote the virus is a jerk who simply seeks to destroy the files that other people spent time downloading. This type of asshat behaviour is certainly not uncommon or unexpected among the expected demographic of the virus writer, ie. young males with too much time on their hands.

Given that this was previously a common reason for releasing damaging viruses in the past, the current wave of professional viruses does not preclude the occasional amateur releasing his own claim to infamy.

To me, this appears to be the assumption that requires the least additional supposition.
It's not necessarily correct, but seems like the most plausible explanation, barring additional information.

Re:Add option #4

[JaxGator75]

If the idea is to punish people who DL, I'd go the other route and copy and re-copy and re-copy the w4r3z and pr0n into every folder on their PC. But then, I'm a cruel bastich from time to time...

Deleting it just makes me want to go get more (as if I needed an excuse).

Re:Add option #4

Ahhh, you mean the trojan writer's an Israeli!

Re:Add option #4

[PReDiToR]

Would be a great link except that Niclas has decided that Slashbots aren't vlauable potential customers.

Copy and paste the link to avoid the referrer check.

Re:Add option #4

[simpleparadox]

Sorry to say that's pretty much it.

Re:Add option #4

[Kreigaffe]

You mean like Spyfalcon and its many other flavors?

It exists. It's pretty evil to get rid of, too -- there's a few varieties floating around that really don't have documentation available online on how to remove 'em.
No lie. Took me 2 days to get it off of a computer. From what I was told, everything started after looking at some free pr0n videos, one of which opened up an in-browser 'player' that said 'codec not found, download now from blahblah'.

Just goes to show you -- don't spend too much time around skanky women, or you'll catch a disease. In person OR on teh intarwab.

Re:Add option #4

[shaitand]

His argument is not based on the source of the files or whether he is sharing those files. In fact, where the files came from and where they are going is completely irrelvent in the statement he made. Please read again.

You and 10,000 people can download a song from my share directory. I have not lost my song, the RIAA/Studios/Artists have not lost a single penny and have actually gained free advertising, and 10,001 people have gained a copy of the song. If you add that up it is good for everyone, not bad and nobody lost a copy.

Artificial restrictions to prevent distribution of intellectual property are a dated concept and need to be reconsidered. The reconsideration CAN and SHOULD put numerous parties and even industries out of business.

The reason we don't embrace this fact in the United States is that we have stopped all of our real physical product production and instead product primarily intellectual property that is only valuable if we get everyone to agree to made up restrictions that limit its distribution.

Re:Add option #4

The english language common usage definiton of "stealing" does not restrict it to cases where property is lost.
There are plenty of instances in common usage where something is stolen without removing it from the owner's possesion.
There's also plenty of examples of something completely intangible being stolen - something that the "owner" didn't actually possess in the first place.

Just because copyright infringements don't meet one definition of stealing doesn't mean it doesn't match others.

It doesn't meet the court definition of stealing, but no one ever said it did.

Damn...

Damn... if i get this virus my HD will be completly washout...

Not necessarily...

[WidescreenFreak]

I would guess that the majority of Slashdot readers know what a virus scanner is. And I have no doubt that they're going out to upgrade their virus definition file at this moment. :)

Re:Not necessarily...

[DemonThing]

Smart people have them done automatically.

Re:Not necessarily...

[WidescreenFreak]

That usually requires a $$$ subscription. Most anti-virus companies offer the latest updates for free as long as you manually install it. I'd like to think that most Slashdot readers are savvy enough not only to protect their systems so that automatic updates aren't essential for their own systems to do that on their own, particularly after the McAfee screw-up a few months ago, but also to be able to have the discipline to download and install virus updates on a regular basis ... unless they want to pay for the convenience.

Dear lord

[Rendo]

I felt a great disturbance from the Net, as if millions of gigs of porn suddenly cried out in terror and were suddenly deleted.

RIAA

[boxxa]

OMG! Its the RIAA taking it into their own hands!

Plain malice

[phasm42]

I think this is simply someone who doesn't like P2P. Maybe they use newsgroups or have connections to warez sites -- from their perspective, P2P is looked down upon as a bunch of lamers. They expect their buddies won't fall for some stupid shit like this, so they figure why not create something that destroys all their P2P media? Piss off a bunch of lamers by destroying their P2P crap.

Re:OOOOOOOOHHH NOOOOOOO!!

[mobby_6kl]

DO NOT WANT!

Re:Altruism? I have my doubts...

Occam's razor anyone?

No clues?

[thaerin]

"no one yet knows who wrote this or why."

For the same reason any of them write a virus, to prove something can be done. I was the exact same way in high school. Our teacher would always say "that can't be done" whenever we had ideas about code - I'd always find a way to prove him wrong. Simple one-upmanship at it's most destructive.

Re:No clues?

[DanHibiki]

I think it's been proven quite a long time ago that you can indeed delete porn. The question of "why would you want to delete porn" has yet to be answered.

Re:No clues?

[MooseTick]

"Our teacher would always say "that can't be done" whenever we had ideas about code - I'd always find a way to prove him wrong. "

Tell us what you did! I'd like to know things a teacher says can't be done that a student can repeatedly prove him wrong. Did he say you couldn't tell if P=NP? Perhaps he quipped that quicksort can't need more than (n2) comparisons.

RIAA STRIKES BACK !!!

[unity100]

Next : RIAA fleet to plunder coastal towns whose citizens are known to indulgue in p2p.

Planned : RIAA prison camps full of former p2p people to be used as slave labor in music industry.

You wont be hiding ... You wont be escaping ... Its coming ... Its RIAA ...

Coming to a theatre near you this summer ... The RIAA Strikes Back !!!

Official site : www.riaastrikesbackwithfear.com

Re:RIAA STRIKES BACK !!!

[Nephroth]

This made me laugh, it kind of reminded me of the issue of 2600 when the whole DeCSS thing broke and it was plastered with pictures of SWAT teams with their uniforms photoshopped to say "MPAA" storming a McDonalds. Funny stuff.

Re:RIAA STRIKES BACK !!!

[LoonyMike]

Torrent link, please

The implications

Every Window user trying to restore their precious porn collection at the same time could bring the internet to a screeching halt.

deleting pr0n!?!?!?!?!?

[AviLazar]

This is the last straw!!!! We have had it with you evil hax0rs!!!!!! Something must be done!!!!! THE PEOPLE WHO WROTE THIS SHOULD BE PUT TO DEATH!!!!

Not cool

[Lord_Dweomer]

There is an unwritten law that you do not touch a man's pr0n. Period. He could have slept with your wife and added pictures of her to his collection, and still, you do not touch his pr0n.

These people have gone too far. If I get infected by this I'm going straight to the FBI, this is too serious to joke about.

Re:Altruism? I have my doubts...

[Zeinfeld]

I think the chance that this is a distraction is much greater than any other motive suggested. It is very unlikely that someone whose moral compass is so broken that they spend their time writing viruses is that upset about other law breakers. I suspect that the author has huge amounts of stolen software and music. More likely this is just a nasty, vicious little perp who is thinking of a way to do something nasty and vicious. Maybe they think that this type of attack is less likely to be taken seriously by the authorities (wrong) or less likely to lead to criminal complaints (right, but there will be enough complaints). Another strong possibility is that the criminals calculate that creating security paranoia is useful for their business and this is a way to increase concern. They will probably follow up with a marketting campaign selling hijacked copies of anti-virus software. Regardless of what immediate damage is caused every trojan has to be treated as if it was intended to be used for phishing.

Troj.RIAA-MPAA-BSA....

[jkrise]

should be a better name for this malware. From TFA:

"The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations."

A real beneficial Trojan would apply all the latest Windows service packs, delete all other malware, Sony and other Phony rootkits etc.

Why DO WE NEVER EVER HEAR of any Trojan that simply formats the hard disk? Intriguing, to say the least.
-

Re:Troj.RIAA-MPAA-BSA....

[Rob+T+Firefly]

Why DO WE NEVER EVER HEAR of any Trojan that simply formats the hard disk? Intriguing, to say the least.

Because without a computer, how are any of the victims ever going to get onto the net to tell the tale? Game over, man! Game over!

Re:Troj.RIAA-MPAA-BSA....

because it wouldnt be a trojen then.

The point everyone seems to miss is the purpose of a trojen is to take control of your computer.

The deletion of the files is just a distraction. Which i would suggest is to encorage you not to use certain forms of p2p. Prehaps it will then spam u with popups for a p2p service that "works" at $5 a month.

This just goes to prove...

[ylikone]

... it's best to make sure you have your porn, music and warez all burned to DVD!!

Re:Altruism? I have my doubts...

[silverkniveshotmail.]

Who cares? Anything, ANYTHING that torments and confounds microcomputer users (especially Windows users) is 100% welcome in my book. Anyone, ANYONE who writes these programs to me is an out and out hero. Mainframers are laughing at you, micro-lusers.

Micricomputer users? Who the fuck uses the phrase "microcomputer"???? And why would anyone use a mainframe for looking at web pages anyway?

Bullshit

It doesn't erase pr0n, it just paints a pair of good eggs and an enormous pennis.

Obviously the photos are not exciting anymore.

Re:Altruism? I have my doubts...

Yea, like the RIAA and the MPAA are going to release a virus on the public, which could cost them billions, look how well that turned out for Sony...

They already asked congress to make that legal a couple of years ago. I don't know if they got what they wanted, but how can they argue that they didn't do it, when they already showed that they are willing to do it?

How that turned out for Sony? They did what any regular virus writer would have gotten several years in jail for, and had to recall a couple of CDs... If the RIAA didn't already get the law to make it legal, they'll at most get a small fine, smaller than the bills they send out to teenagers who get caught downloading. But more likely, nothing is going to happen at all.

You don't need more than about a 20Gig HD

[ylikone]

If this virus were to wipe out most peoples HDs, they would realize that a 20Gig HD is sufficient to handle their programs and non-media related data. Porn, music and warez is what drives harddrive sales!

Re:You don't need more than about a 20Gig HD

That's funny, I have 80 gigs of games installed. UT2004 and its various free mods is 13 gig alone.
Plus my desktop at work uses about 100 gig, no games or mp3 on there.

Re:You don't need more than about a 20Gig HD

[TommydCat]

One of my maxims: The bigger the storage space, the faster it gets filled.

Sort of a corollary to: All flat level surfaces are soon covered.

foad ameriturds

neeegerooooo

The boss

[SurfSlade]

I fowarded the story to my boss,
Five min later he ask me for a full back-up of his PC

I wonder why.....

Re:The boss

[dohzer]

Because he realised that you've been sitting on your arse doing nothing but read /. posts for the last hour?

Re:The boss

[alexandreracine]

All you have to do then is to submit all content of his hard drive to HIS boss and you'll get is position! :)

Stupidity gone rampant

[Billosaur]

The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations.

The assumption is that because the Trojan is only deleting certain file types in specific download directories used by P2P programs -- one of the main sources of inadvertent malware infection -- it is attempting to protect those it manages to infect.

Can somebody buy these people a clue? This is malevolent; it is making its way onto your friendly neighborhood computer and deleting files, any files with those extensions, not just porn. In my book, this is a bad thing!!!

It's bad enough there's a set of people out there with programming skills and ill intent, without lauding them in any way, shape, or form. Do we have to encourage these people? Don't they do enough damage already? Track the person who wrote this down and haull their ass into court and let them pay restitution for all the files they destroyed. Do that with every virus writer/hacker who decides your PC is their playground and maybe, just maybe, the word will go out that doing this is a BAD IDEA! Rant over. Move along, nothing to see here.

Re:Stupidity gone rampant

do u hav a dl for this? i ned to tris it out wit the perl scrit.
i ned to hex0r paths to clense my gf's boxen

protection: download virus identity (IDE)

[rs232]

Protection * Download virus identity (IDE) file

No, for real protection download a Linux distro

PC World couldn't read the Sophos article!

[flokemon]

The article on the Sophos website actually puts things as they are.
The PC World rehash just (deliberately?) misinterprets it.

Let's have a wee comparison:

Sophos: - "The Erazer Trojan targets internet users it believes are involved in piracy, but fails to discriminate between the true criminals and those who may have MP3 music files or home movies that they have created themselves. Malware is not the way to fight internet piracy."

PC World: - "A "vigilante" Trojan, that attempts to protect infected PCs from the effects of malware caught while using peer-to-peer file-sharing networks, has been discovered."

Now how they came up with that from the Sophos article is beyond my understanding.

Re:PC World couldn't read the Sophos article!

[flokemon]

And obviously, I forgot to give the link to the original Sophos article:
http://www.sophos.com/pressoffice/news/articles/20 06/05/erazer.html

Re:PC World couldn't read the Sophos article!

Now how they came up with that from the Sophos article is beyond my understanding.

Sounds like PC World is pulling a Fox News on behalf of the big media companies.

Re:PC World couldn't read the Sophos article!

[MenTaLguY]

I suppose it's the same logic whereby grandma must stand at the top of the stairs in order to be protected from the Terrible Secret of Space.

Re:PC World couldn't read the Sophos article!

[glesga_kiss]

Now how they came up with that from the Sophos article is beyond my understanding.

You must be new to this planet. This happens all the time, including Slashdot summaries that almost contract the story they are discussing.

Outrage -> pageviews -> adverts -> $cashMoney$

Been like that since the printing press.

New Service

[MobileTatsu-NJG]

Greetings, all.

I just wanted to offer my new backup service for all who of you who fear this trojan. Just contact me so we can arrange transfers. Please do not be wary of my generosity, for helping is its own reward.

Re:New Service

[erbmjw]

ROFLAMO

I wish I had mod points because that was so well written I'm still wondering if it's understated humour .... or not.

Re:New Service

[Papi99]

Just make sure you don't stash everyone else's porn in the default directory. It would suck to get that trojan and lose everyone's backup... Then again, you can just do them the favor of re-downloading all of their porn for them as some sort of guarantee.

Re:New Service

[cerberusss]

Great! If you can supply a username, password and IP address.

cat /dev/random | ssh user@host -c cat > somefile.tmp

(No I haven't tested this, you bunch of nerds)

Re:New Service

[typical]

(No I haven't tested this, you bunch of nerds)

If you had, you'd have used /dev/urandom. /dev/random will quickly exhaust the entropy pool and slow to a crawl.

So thats why allofmp3 has shut down!

[Ilex]

Apparently they've been offline since last friday.

AllofMp3 Shutdown.

The IFPI has denied responsibility.

Seriously though. I wonder whats up with them?

Re:Altruism? I have my doubts...

[mgblst]

look how well that turned out for Sony...
 
So what exactly happened to Sony - some bad press, that I only saw on the tv news once. Has anybody stopped buying sony gear? Has their share price dropped? Are they in court? No, no, no... so nothing has actually happened to Sony over this. Sure, we may hate them here and a few over places on the net, but most people don't care enough. I hated them before because of Atrac and their crappy software.

paraphrasing...

[Churla]

Never attest to malice what can be adequately attributed to stupidity.

In this case I think it's stupidity to create a virus that deletes the files it would be most likely to be able to propogate itself through.

Maybe some little hacker kiddie got caught wanking it by his mom and she deleted all his pr0n so he's on a "if I can't have it nobody can" rampage.

Re:paraphrasing...

I'm guessing it was done by someone who is into porn themselves but feels really guilty about it.

Re:paraphrasing...

[rickthewizkid]

Heh - any geek worth his keyboard has his pr0n backed up on write-once media...

Back in the 'day, my folks tried to wipe my... er... collection, several times. Of course, I had it all backed up on QIC-80 tape. Just had to wait till they were gone so they would not hear it running the restore routine.

Man, that tape drive was LOUD!

Of course if I was a kid these days I'd use some sort of "plasuable deniability" encryption system
 
...Just my "Please-insert-tape-number-2's worth"
--RickTheWizKid

Re:paraphrasing...

[typical]

Maybe some little hacker kiddie got caught wanking it by his mom and she deleted all his pr0n so he's on a "if I can't have it nobody can" rampage.

Because, obviously, masses of sexually frusterated people are the best possible makeup for a society.

I can only conclude that people at PC World ain't

[SmallFurryCreature]

I can only conclude that people at PC World ain't got a clue about PC's. Since when can .avi .mp3 etc etc contain virusses or malware?

If it only deleted .exe .bat .com etc etc then I could understand the logic BUT deleting media files does not protect anyone.

They almost touch on the simplest explenation. Vigilante. Believe it or not but there are some individuals who feel they have a need to stop others from downloading via p2p.

They would be intrested in deleting any media files you downloaded via p2p. They would not be protecting you but making your (in their eyes illegal) activity worthless. So that explains why they delete harmless files.

It also explains why they try to disable security programs, yet another punishment. That way you are far more at risk from using P2P by being infected. The logic being that pirates do not deserve to be safe.

Vigilante seeking to punish p2p users. Not the RIAA and not some guardian angel. The RIAA would have to have some extremly bad lawyers to have allowed this and a guardian angel would only destroy files wich put you at risk and not disable security software.

Vigilantes have done stuff like this before. It falls in the same field as those "jezus loves you" posts in porn usenet groups. Or so I been told. Not that I would know anything about that offcourse.

Note that the trojan also steals information.

What information is is stealing? Could it perhaps be passing data to the RIAA/MPAA?

Would beat the heck out of the painful process of obtaining warrants.

Re:Altruism? I have my doubts...

[ronanbear]

It's just freeing up bandwidth and shutting out other trojans before they get on the system. If it is more successfull than other trojans the authors will continue development along these lines. Most likely this will really get more people to do full installs more often. It will indirectly get rid of lots of old trojans that would be too hard to code for individually.

Lets break this down a bit.

[oztiks]

You know it seems so senseless and absent minded to create a virus/trojan like this.

Most people would want be exploiting the whole "remote" aspect of the whole virus/trojan concept and try and gain access to peoples porn / warez / music would one stop to think?

Plus how does it know if its Warez, sheet, it could be perfectly legitimate software its deleting? What does it do scan for the licence number, contact adobe and check to see if its authentic, if not, go and run the removal application?

Re:Altruism? I have my doubts...

[elrond2003]

I see option 4: the trojan is protecting itself by reducing the nmber of possible virus/trojan alerts you might get and by reducing your bandwidth use by eliminating sharing the P2P files.

Re:Add option #5

[Instine]

Any small time time interested party, who doesn't like being small time. e.g. an unscrupulous mp3 download site trying to make a buck selling files it probably doesn't really have the rights to anyway, doesn't like the fact that its putative clients can still simply use Kazza/Morpheus/BT and would like to see a migration of folks from these options to their easy, low cost download service.

beside the big boys using a mercinary, this is the most likely sinario in view.

Re:Altruism? I have my doubts...

[Chrondeath]

Maybe it was Orrin Hatch...

No kidding

[SmallFurryCreature]

On windows you would use acdsee to browse your porn. On linux? Pornview, I kid you not.

On the other hand nothing beats OS-X for porn. The capability to have audio volume per program rather then a global volume level makes it very easy to set the porn volume low and the mp3 volume high to hide your activity.

When you see someone buy an Mac Mini you know what they are going to be using it for. The perverts.

Sony?

I can't be the only person who, upon reading this, thought "what the hell have Sony done now?"

VLC

[objekt]

Young guy downloads VLC http://www.videolan.org/vlc/

Re:Altruism? I have my doubts...

customize their own bitspace

That up-your-own-arse babble a PHB would be proud of and a nick of 'phyrebyrd' made me instantly peg you as thirteen years old. If you want to be considered as somebody with maturity, I suggest a nick change and using language that doesn't make you sound like computers give you a hard-on.

Mplayer

[objekt]

Or better yet, Mplayer http://mplayerosx.sourceforge.net/

Re: Mplayer

[gidds]

VLC's pretty good these days. (And a lot more stable than a couple of versions back!)

Last time I saw MPlayer, it was slow, ugly, and didn't even have a proper GUI. How does it compare now, e.g. for playing DVDs?

Re: Mplayer

[objekt]

If I had one nearby, I'd tell ya. I find MPlayer is the one is most likely to play mpegs (that VLC won't) and with the best quality. I still have both, but MPlayer is my first choice.

Hi.. my name is Tom Osborne...

[modi123]

... and I approve this virus. I was the third district republican congressman from Nebraska. More importantly I was the Husker's football coach. I attempted to run for state governor recently on the coattails of my fame as a coach. I am a 'promise keeper' and I side with Jack Thompson on the overly abundant evidence that videogames lead to kids killing kids. Additionally I believe that pr0n leads to rape, dehumanization, kiddie molestation, and sexual deviance. Clearly as an aging football coach from a generally backwards red state I wrote this virus.

No one yet knows who wrote this or why."

Re:Altruism? I have my doubts...

You don't think music companies would try it? you think they have morals?

Sony BMG installed hacker tools onto peoples machines. They even conned them into doing it saying they need to login as an admin to play a CD.

They installed a hacker tool designed to comprimise a machines security, disrupte anti-virus systems by hiding ALL virus, malware or spyware that requested to be hidden, and comprimised system stabillity. And they had it dial home aswell.

How much more of a step is it to go from that to an actual virus. They got fined 7 dollars for that offence, what do they have to loose? they may get fined upto 20 dollars, wow.

Plus hasn't the RIAA wanted a change in the law to allow them to hack into poeples computers to check for and delete copyrighted items? Maybe the got tired of waiting for a change in the law and thought they would do it illegally as no-one would suspect them or care about it. And seems the perpitrator has not been caught they may be right as whoever it is has got away with it so far.

Oh and this doesn't such much highlight the need for AV as it shows AV is to slow to block it, but it does show the need for:

1. A secure OS
2. Using your OS in a secure manner (running with limited privalages)
3. Backup Software (so when bad things happen all your files are restored).

Also another very important point is distributing a file is not always legal. Infact it is a human right.
The european cnvention on human rights states:

Everyone has the right to freedom of expression. this right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.

If I record my ideas or information in a file, do I not then have the right to distribute it how I want, for instance P2P?

How about this for an explanation...

[idontgno]

one which requires neither multinational corporate conspiracy theories or bluenose blackhats.

The trojan deletes the most "desirable" files in a P2P share directory and then posts copies of itself in that same share directory...masquerading as the same kinds of "desirable" files it just eliminated.

Think of it as elbowing the competition off the track to increase the likelihood copies of itself will be picked for downloading.

It certainly squares with what most of us understand as the motivation of VXers: disseminate their work as far as possible, for either ego gratification or "ownership" of botnets, spyware takings, etc.

Deep Freeze

[airjrdn]

Deep Freeze and it's competitor products are looking better and better.

If only there were an open source version!

Re:Altruism? I have my doubts...

[d!rtyboy]

The general public have demonstrated time and time again that they really don't care about security. They'll put up with their computer slowing down and crashing, they'll put up with random popup ads, they'll put up with their computer being used to spam people...

That is so true. I can't count the amount of people I've met that have weatherbug or whatever on their computer and I explain to them that it has spyware, then I remove it and the spyware. Then a day or so later, they're like, "WTF? You deleted weatherbug" and I find they've reinstalled it. People just don't care, and I don't expect to ever understand why.

Re:Altruism? I have my doubts...

[BaltikaTroika]

I pick avarice over sloppily executed altruism any day.

In related news, dictionary.com has suffered the slashdot effect after a massive spike in searches for the definitions of "avarice" and "altruism".

Oh okay

[SmallFurryCreature]

Me: Just line up against that wall over there. Want a cigarette? Wha, you say smoking kills you? Not a problem. Now just stand still for a sec.

*The sound of a dozen guns firing in a split second*.

Me: what a stupid way to die.

Random slashdotter: do you think he meant that " THE PEOPLE WHO WROTE THIS TROJAN SHOULD BE PUT TO DEATH!!!!"

Me: Who cares, we got dupe posters to shoot and it looks like it is going to be an allnighter.

Re:Oh okay

[AviLazar]

LOL. Though in context of the story I do not thing I was incorrect. My statement referenced "hax0rs" and it would be unfair to call a slashdot story poster a hax0r without further evidence.

ORLY?

[ryran]

pfft. nowhere near as cool as w32/hoots-a. (http://www.metafilter.com/mefi/51637)

Safe formats

[base_chakra]

Gosh, I have plenty of MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files ... that aren't porn, illegal music & warez.

Cor... Now I don't feel so anachronistic for storing all my porn pics in PICT and PCX.

P.S., If anyone wants some red hot VISCII art, PM me.

Re:Altruism? I have my doubts...

[casings]

bad press, cd recall, and class action lawsuits.
and that was for a rootkit on a purchased cd.

just imagine what would happen to the RIAA if they let out a trojan to the masses.

I bet the people wouldn't rest until they were bankrupt.

But why?

[farker+haiku]

So I was thinking to myself, why would the RIAA or MPAA delete all those files? Well, one possible reason for that would be to start a clean log of files downloaded from a p2p program. Say one year down the line the RIAA calls for another round of lawsuits. By subpoenaing (sp?) joe blow's computer based off his IP address, and "finding out" that the virus hit him on May 16th, they can determine that he's shared x number of songs x number of times. Maybe the virus starts a clean slate so that it can be sure how many times you've downloaded stuff.

Re:I can only conclude that people at PC World ain

[d!rtyboy]

"I can only conclude that people at PC World ain't got a clue about PC's. Since when can .avi .mp3 etc etc contain virusses or malware?"

You can stick a virus in a jpeg, so I don't see why you couldn't stick one in an avi, etc. Of course, I'm not the worlds leading virus expert...

Though I do agree with the rest of your post. I was wondering why they were calling it a "vigilante" virus at all. I thought I was going a little crazy untill I read my thoughts here in the posts.

Re:Altruism? I have my doubts...

[Zephyros]

...without actually causing any real damage or impairing the computer's operation.

Um, maybe it's just me, but I'd call disabling antivirus impairing the computer's operation. Yeah, sure, it's not installing a spam zombie client, but it is unlocking the door for someone who will...

Add option #5

[Foobar+of+Borg]

5) Pat Robertson and Jerry Falwell want to wipe out pr0n from the internet, so they assemble a team of computer experts and tell them, "Pr0n is the 5ux0rs! We need 1337 h@x0r5 to pwn their warez, w00t, w00t!"

Or, maybe not...

Re:Add option #5

[Eradicator2k3]

Pr0n is the 5ux0rs! We need 1337 h@x0r5 to pwn their warez, w00t, w00t!"

You spelled "teh" and "there" wrong. Or did you mean "they're"?

Re:Add option #5

[iamlucky13]

The comment is funny, but if I were going to guess on who wrote this virus and why, that would be my guess. Well, not Pat Robertson, but some other person who disagrees morally with pornography and illegal music sharing.

Regardless of their intent or your own positions on porn and music sharing (I personally dislike porn and conditionally dislike music sharing), I think we can pretty safely agree this isn't the way to go about your crusade.

Still it sounds much less unpleasant than dealing with the RIAA.

Re:Add option #5

[Foobar+of+Borg]

You spelled "teh" and "there" wrong. Or did you mean "they're"?

You are right (*sniff*). I'm afraid I'm only 1336 (*sniff*)...

Re:Add option #5

[commodoresloat]

... and I, for one, welcome our new Trojan overlords!

Re:Add option #5

[Cecil]

Pr0n is the 5ux0rs! We need 1337 h@x0r5 to pwn their warez, w00t, w00t!"

You spelled "teh" and "there" wrong. Or did you mean "they're"?

He also spelled "Wii" wrong.

Re:Add option #5

While I was expecting "Bush did it", I figured something along these lines had to be coming. This is afterall Slashdot, where lame predictable leftie humor is the rule.

Re:Add option #5

Bush write a program? Now THAT'S humour!

Re:Add option #5

[wheany]

Of course he meant they're, he meant to use the possessive form. Possessive forms have apostrophes. Duh!

Plausible deniability.

[Ihlosi]

Avarice isn't too bad a theory, but I have trouble believing that the RIAA/MPAA could be so dumb.

They're probably not dumb enough to leave a blindingly obvious money-/paper-trail from the author of the trojan to any high ranking execs of theirs.

Where can I find a Linux version?

[WhiteWolf666]

Once again, this is Windows only.

Damn! Obviously, Linux isn't ready for the home user.

Never Altruism....

[Iriantuu]

I tend not to believe in altruism, but I think there's also a much simpler explanation for a virus that deletes porn, warez, and other illegally downloaded material.

It's Jesus.

Yes, the savior finally has a CS degree and he's using it to wipe out eSin (R)(TM). Look out, the iRapture (R)(TM) is coming soon!

Re:Altruism? I have my doubts...

Micricomputer users? Who the fuck uses the phrase "microcomputer"???? And why would anyone use a mainframe for looking at web pages anyway?

YUO CANNOT AFFORD.

Re:I can only conclude that people at PC World ain

You know, "virus in an AVI" is something I remember hearing alot of in the Windows 3.1 days but had all but disappeared since. Ironically, it seems to be inversely proportional to the likelihood of it actually being true. Remember what a pain in the ass it was to manually install a driver or just get a program to view it's particular file type at all?

Now we have stuff like WMF, ActiveX, Flash, etc mixing code and data, executing either at will, along with autorun for CDs and a fuller and fuller startup tray in Windows. It's ridiculous, because we have more less educated users at the same time that more is being automated and interlinked to the point where it really is dangerous and harder to recover from misplaced trust.

bruce lee kills trojans.

[jasonevans]

maybe the person who wrote the trojan, wrote it to be an asshole with no other intentions in mind; besides to be annoying. Many people who are infected with trojans/other tyes of virus' are not that internet/computer savy. When they engage in illeagle file trading they typically use p2p networks such as lime wire, where it is much easier to download malware and what not. Lets face it, the most popular types of files to download are pretty much porn and music. So theres no better way to piss a ton of people off other than deleting what they value most on their computers. Just my thought.

Re:bruce lee kills trojans.

Ill eagle? Why is the eagle Ill?

Re:bruce lee kills trojans.

[jasonevans]

beucase i was over hung, hung over. cool attempt at flaming me for a typo.

bah

[Colendus]

First off, I don't mean any offense to any loyal slashdotters such as yourselves. But I have to point this out. Isn't it JUST like /. to jump to a bunch of ridiculous conclusions about factual evidence? (i'm referring to all the option #1,2,3,4,5... crap up top, among other comments). Come on, people. Someone tells me that a virus deletes P2P directory data contents, and all you can say is "OMG! it's robin hood stopping malware!" COME ON! It deletes your content. You spend time downloading music, porn, all sorts of files illegally, and the writer of this virus is all "Ha hahahah! Gotcha!" The simplest explanation...

How about the other way around?

[tgibbs]

I'm waiting for a reverse version of the virus that includes a PTP client that silently stocks your computer's HD with music and videos. "It wasn't me, officer, I can prove that my computer has a virus!"

Re:How about the other way around?

[Grey+Ninja]

That would be so fucking awesome. Install a custom command line bittorrent client, and start downloading huge quantities of music and porn. The strange thing is that this is very possible, and nobody has done it yet.

Re:Altruism? I have my doubts...

[skarphace]

bad press

Went away already.

cd recall

So they could remove the rootkit. However, their key software is still on their disks.

and class action lawsuits

Oh yeah, those are going great...

Re:Deep Freeze eTelemetry

eTelemetry is more fun!

Add option #5

[Sigg3.net]

Not even that:

5) Trojan not only sentient, but self-sustainable and conventionally biased. Will take over the world.

Proof of Intelligent Design? You be the judge.

Re:I can only conclude that people at PC World ain

[skarphace]

Since when can .avi .mp3 etc etc contain virusses or malware?

Since the people making the media players haven't figured out how to properly code. It is definetly possible to get infected or compromized via a media file. Look at the whole Microsoft image rendering problem a few months ago. One look at a specially crafted image on a website and you're compromized.

Re:Altruism? I have my doubts...

[dhasenan]

Hm. I just downloaded Equilibrium, the soundtrack to Bored of the Rings, and a group of four thousand ebooks, and they're all missing. Do I have a virus? I must have misplaced the files.

OR

Hm. All my files are intact and my computer's running okay, and I'm not getting any alerts from my virus scanner. Do I have a virus?

Recall that this virus, like many, disables antivirus software.

#5. evolution theory.

[leuk_he]

Option 5: Delete all competing content from the p2p directories so the upload bandwidth is fully available to the virus and it does not have to share the upload bandthwith with other content (like p0rn).

It is called evolution theory, this virus kills of the weaker content to spread itself.

Note that is also stops process like "gator". this virus allows no competition.

Re:Altruism? I have my doubts...

[LoonyMike]

Fewer people for the RIAA to sue because their files got wiped out

Since when would this make the RIAA forget about it? They'll probably sue anyone *thinking* about downloading files.

Re:Add option #5 ... unless ...

[WidescreenFreak]

Unless it also displays a dialog box stating that, "The Lord has decided that thou hast broken the following commandments: Thou Shalt Not Steal and Thou Shalt Not Have Naughty Thoughts. Your files have been deleted according to the rights granted to us by God as his Holy Warriors, and your screen saver is now made of publicity stills from The Passion of the Christ. Go with God."

Then, maybe so... :)

Re:Altruism? I have my doubts...

[From+A+Far+Away+Land]

Everyone here is assigning their own personal bias to the virus writer's motives.

My bias tells me that the simplest explanation for writing is it often the case. Since it deletes specific files, we can assume that's the intended outcome - to delete files.

Just because McAfee benefits from people losing files doesn't mean they commissioned it.
Just because MP3s might be lost doesn't mean the RIAA commissioned it.
What we do know is the virus writer is a prick [or pricks], who wanted to delete files. Everything else is just speculation.

Maybe the space aliens wrote it to test our virus defence capability before disabling our Internet?

Re:Altruism? I have my doubts...

[tehcyder]

It seems to me that the virus writer did it to get people to take notice of viruses in future.

Nonsense - if that was your intention, you would just get the Trojan to flash up a big warning message saying "look, I could have just deleted all your files if I was a real virus" or something.

Ahhh! Not my porn...

[gijoel]

... Ugh, I mean, won't someone think of the children.

Who wrote it?

[danratherfoe]

No one yet knows who wrote this or why

It was a joint project of the computer science department at Liberty University ( http://www.liberty.edu/ ).

Oh yeah

[SmallFurryCreature]

Forgot about that thing. I am still stuck in the past where pure data files were considered safe. Silly me.

I stand corrected.

Re:Altruism? I have my doubts...

[IQpierce]

>> The assumption is that because the Trojan is only deleting certain file types in specific download directories used by P2P programs -- one of the main sources of inadvertent malware infection -- it is attempting to protect those it manages to infect.

> Well, that's a remarkably stupid assumption.

Are you kidding? It seems completely obvious to me that the person who wrote this Trojan had only good intentions. It's only trying to delete your downloaded files because some of those files might contain malware.

And you'll realize just how altruistic the programmer is once you also realize that some of those files could (potentially) be 'N Sync songs. Truly this man is doing us all a good turn.

Re:Altruism? I have my doubts...

[Jeremi]

Then a day or so later, they're like, "WTF? You deleted weatherbug" and I find they've
reinstalled it. People just don't care, and I don't expect to ever understand why

People assume that anything that happens on their computer is visible in the GUI. Therefore if weatherbug doesn't pop up a requester saying "I'm spying on you now, please type something interesting", naive people will assume it's not doing that.

I suspect this misapprehension will change only through hard experience.

Re:Altruism? I have my doubts...

[Eli+Gottlieb]

Why would people listen to that?

sorry ;)

[miruku]

6) profit!!

Re:sorry ;)

[MoogMan]

You missed...

5.5) ???

Curiously, nothing on Symnatec/McAfee sites...

[jseeley]

I just checked both the McAfee and Symantec "security centers" and neither has this trojan listed as a current threat.

Wonder why that is????

Re:Curiously, nothing on Symnatec/McAfee sites...

Because they work on D.H.S. live exercises? Sophos don't, or do they?

Life Imitates Art

[Lazbien]

Robot Chicken, the claymation creation from Seth Green and Matthew Senreich (who?), did this last week in 2x06.

Reporter: And in other news, a porn eating virus has been unleashed on the internet
*cut to mass riots, panic, destruction*
*cut to a kid with his pants down coming out his front door holding a laptop*
Kid: I wasn't finished! *sobbing* I wasn't finished!
*cut to reporter*
Reporter: The President had this message...
*cut to President Bush at a white house press conference*
GWB: If those terrorists that have unleashed this terrible evil are listening, I have this one message for you: cut it out man! Seriously! It's not cool! Give us our porn back, man!

I think I took some liberties with the quoting as I don't have the episode in front of me (work and all that jazz...), but you get the idea. Go watch the episode...

Re:Altruism? I have my doubts...

a classic "Throw a rock at the bee hive the ranger is standing next to so BooBoo can grab the pic-a-nic basket".

Ah yes. The classic "smarter than the average user", or "Yogi" gambit. This technique has also been co-opted by the republican party and updated to the "look - terrists!" move.

OH NOES

[Malakusen]

ALL MY PRONZ IS GONEZ!

No, I don't really talk like that. Heh heh, and I also back up all my pron to a protable HD.

Pat Robertson

[macdaddy]

Damn you Pat Robertson!!!

Re:Altruism? I have my doubts...

[shawn(at)fsu]

Or it was written by someone just to be an Ass. Never underestimate how malicious some people can be on their own with the cover of anonimity.

I don't feel that much concerned...

"The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations."

Since I'm not storing any of the RAR, OGG and PNG files that I've downloaded in the default [P2P Name] folder, Since I've got BACKUPS and since I can dual-boot in Linux mode, well actually I do not feel that much concerned. "Nothing to see here citizen, move along."

Virtual machines

[macdaddy]

This also emphasizes why all P2P users should quarantine their P2P software inside a virtual machine. VMWare's recently renamed VMWare Server" product is free and is a perfect way to isolate your P2P software from the rest of your machine. I actually employ this method myself. Much of the documentation I download is infected and this method prevents that infection from getting back to the host server. Plus it's quite easy to rollback changes to a time before the infection and start over.

Re:Virtual machines

[Elminst]

Much of the documentation I download is infected

Ahh... I see you also use "documentation" as a euphamism for pr0n... ;)

Re:Virtual machines

[macdaddy]

LOL. Only if I was blind and it was in braille. ;-)

Actually I've been downloading gigs of training material (PDFs, CHMs, videos). That would be the documentation I was referring to. There's a substantial amount of this data on BT. I believe the other kind of "documentation" is more prevalent on the other types of P2P services.

Re: Virtual machines

[gidds]

all P2P users should quarantine their P2P software inside a virtual machine.

You mean: quarantine their P2P-sourced software, or quarantine their P2P file transfer software itself?

The first makes sense in most cases. (For Windows users, anyway.) Though it probably makes even more sense never to download executables via P2P anyway. But I can't see much need for the second.

Re: Virtual machines

[macdaddy]

Both really. I literally have a virtual machine dedicated to Azureus. It's a 2k3 Server (to save resources on the VMWare box) that runs one application: Azureus. The main output directory from Azureus does resides on a network share so that I can more easily expand it after the fact. It isn't virus-checked by the virtual machine and the host machine though so I feel fairly safe.

I agree though that downloading executables nowadays is not a good idea. Alas people still do it.

Rumour is...

[octopus72]

It is also called the "RIAA/MPAA trojan".

Re:Altruism? I have my doubts...

[RedShoeRider]

" Has anybody stopped buying sony gear?"

Yup. And I wrote a polite, yet firmly worded letter to Sony North America explaining why, too. Sure, I'm a drop in the bucket, but if you have enough drops..... The media dropped this one like a hot potato(e), 'cause I don't think the average consumer really gives a shit.

(and no, I'm not just a home consumer. My lab does some A/V work as well, and had a great fondness for Sony monitors up until a few months ago...)

No way, that would ever happen

[budword]

There is no way Pat Robertson and Jerry Falwell would ever risk their own secret porn stash. The parent is clearly a troll.

Re:No way, that would ever happen

A mod point! A mod point! My kingdom for a mod point!

Does anybody know what this is supposed to mean?

[Blakey+Rat]

While some opine that this trojan might have good intentions, remarkably few things infect the text files this trojan also deletes.

I've attempted to read that sentence about a dozen times, and I have no clue what the writer's trying to say.

Hmmm....

[zerosix]

What I think is interesting is the fact that everyone is argueing over whether or not it's okay to delete the "cheaters" files...good or bad intentions a virus is wrong, it's like genocide on a software level, how sad. :(

life imittating art?

[cyrax777]

anyone remember that clip from robot chicken a couple weeks back about the virrus that was deleting porn from the internet?

Re:Altruism? I have my doubts...

[tehcyder]

Why wouldn't they?

Maybe you could make the message more helpful, provide advice and free software, or whatever.

My original point was that it would be absurd to treat this as some sort of "cruel to be kind" virus when it is genuinely causing damage/loss.

It would be analogous to the police breaking into your house, trashing it, stealing your plasma TV and leaving a note saying "next time buy better locks" as a way of crime prevention.

Re:Altruism? I have my doubts...

Given how easy it is to download new porn, I doubt the lesson is very effective.

Now, sending a list of those files to the victims adressbook, _that_ would be a really effective call for security.

Of course, it would also be rather ...unfriendly thing to do, especially given the prevalent moral double standards.

Re:Altruism? I have my doubts...

[Eli+Gottlieb]

Actually, the police doing that wouldn't surprise me at all. They'd be assholes to do it, but nowadays it wouldn't be a surprise.

So, what..

[Kortec]

For about 80% of the windows users out there, this sounds pretty fatal. It'd have to delete their entire OS as well as any apps above notepad, so that hurts pretty bad. I guess there's now an economic argument as to why open source OSes are safer.

It's not Slashdot where the spin is!

> First off, this article is pure bullshit spin. They mention several points about a virus and the whole time they attempt to spin it the reader as a "good intentions" virus--even comparing it to Charles Bronson. The Slashdot title reads "Trojan Deletes Your Porn, Music & Warez" but it doesnt, if you RTFA:

Hi. Just FYI, I wrote the article submitted to Slashdot precisely to correct this idiotic story (Slashdot should hopefully get picked up by Google, etc. and thus be more available to those who will read this). I think the writer over there was trying to find an angle on it and couldn't get past "P2P == bad, viruses == bad" so they fell back on one of the "content" industry talking points (and I use the word "content" loosely).

To anyone who has a functioning brain, the fact that it deletes your files, installs a keylogger, and disables security products (as well as a few incidental bits of competing malware) is more than enough to realize that it has only malicious intentions.

Re:Altruism? I have my doubts...

[smackt4rd]

No one benefits

The baby Jesus and the little kittens benefit!

Re:Altruism? I have my doubts...

[drinkypoo]

If the trojan author is at all clueful, it's looking in the registry and/or in .ini files to find out where the P2P directories are. Thus changing dirs won't help. Also, I don't change default dirs unless they are ordinarily located in the program directory, which is stupid; they should be in the Profile\My Documents directory (on windows systems.) Why would I, if the defaults are good?

HMMMM coincedence???

[drfrog]

deletes porn and music??

sounds like the mpaa or riaa might have something to do with tis .....

I can translate that for you.

Hi, I wrote this Slashdot submission:

> remarkably few things infect the text files this trojan also deletes.

It's there to counter the assertion in TFA that this trojan is a "good" thing because it deletes files that might infect you. In other words, it's there to point out that this trojan is completely malicious--something obvious to all Slashdotters, but which seems to have eluded the writer of TFA.

Re:I can translate that for you.

Poster: "remarkably few things infect the text files this trojan also deletes."
JamesTRexx: "Ehmm... What?"
Poster: "It's there to counter the assertion in TFA that this trojan is a "good" thing because it deletes files that might infect you. In other words, it's there to point out that this trojan is completely malicious"

Or, in still other words, you were being sarcastic. Unfortunately, sarcasm rarely comes across well in written communication without further explanation such as adding a "smiley". It is just too easy to mistake for serious intention. It should never be used in a Slashdot submission, where a percentage of readers (such as JamesTRexx) will certainly misinterpret it.

Re:I can translate that for you.

[JamesTRexx]

It's not so much the sarcasm, but I just couldn't comprehend the grammar of that sentence. I had an idea what he meant, but I just couldn't read that in there. :-)

OS infected

[vlad30]

"Affected operating systems - Windows" wake me if i infects something I use such as OS X or Linux

Oh, it missed mine

[SlappyBastard]

All mine is labelled "Nice college girls" and such.

Re:Altruism? I have my doubts...

[LunaticTippy]

You don't use a mainframe to look at web pages.

You use a terminal. Connected to a mainframe. Running lynx.

The 80s are back! Let's do it right!

Re:Avarice - Round & Round we go...

[VinB]

It's more likely some guy who has already gone through the social aspects of who people would try to pin this on and is now having a field day watching us trying to figure it out. People who write viruses are social misfits who get a sick sort of high from releasing havoc on unsuspecting users. This guy is getting a double shot of joy juice by watching the media chase its tail trying to figure out who would have a motive for something like this.

So inaccurate

She wouldn't open her mouth to talk.

Re:Altruism? I have my doubts...

[Politburo]

Weatherbug is what I call "functional spyware" in that it does provide a real function in addition to it's spying functions. Most spyware now fits this profile, but the original spyware, Gator, did not.

When removing functional spyware you must attempt to provide a replacement application that can do the same function. The user in your scenario can't be bothered to go to a website to get the weather, so you might want to try finding another weather tray tool. I don't know of any off the top of my head but there have to be several out there.

Furthermore, Weatherbug is a special case as they've managed to grow into a legitimate brand. The weather promo here on ABC in DC is the "Weatherbug Network". For the average user, something like that really legitimizes the software, whether it's deserved or not.

People just don't care, and I don't expect to ever understand why.

It doesn't sound like you're trying to understand. From what I can tell (2 mins on google), Weatherbug modified their program and it is no longer spyware.

Re:Altruism? I have my doubts...

[shadwstalkr]

I suspect this misapprehension will change only through hard experience.

Most average users couldn't care less about privacy, and a lot of them take it for granted that their every move is being watched, online and off. And really, there is almost nothing that the average user stands to lose from being spied on, outside of credit card and bank fraud, which were real threats that most people ignored before computers too. Hell, I worked at a restaurant that printed your entire credit card number on the slip that you sign and leave on the table, and only one person complained in the entire time I worked there.

You're right that average users don't understand that just because they can't see it happening doesn't mean it isn't. As a corollary to this, they wouldn't understand that their credit cards have been maxed out at a shoe shop in Buenos Aires because they accidentally installed a program by clicking the wrong thing to close a popup. Instead, they'll probably assume that Amazon was hacked, or that someone found their bank statement in the trash, etc. since something like that was in the news awhile ago.

That does it!

it deletes any porn, warez and music in your P2P directories.

Ok...that does it! It is one thing to steal my bank account information and credit cards, but when you go after my Pr0n, you have crossed the line buddy!

robot chicken

[zx-15]

Never let programmers watch robot chicken. I think in the last episode there was a sketch about a virus that deleted pr0n not only in user's computers but everywhere. The sketch ended with George W Bush begging an anonymous villan to give back the porn.

I guess someone took that idea seriously and implemented it.

PC World couldn't care less and is insulting

[twitter]

The part of the quote Dunn ignores does not seem to be part of Dunn's narrow world view. He concludes, in part, "...this is a beneficial program most users would probably not want help from," and must have used every ounce of will power to resist continuing, "but the dirty little pirates need this and prison!" He agrees with the malware author that P2P is all about "stealing."

It's pretty obvious that John Dunn does not care about people who create their own media or use P2P to share content that others want you to share. He tries to push it off onto Sophos by quoting them about Charles Bronson movies, where the hero is a murderer. He even leaves in, "...it's perfectly possible for the Trojan to aim poorly and wipe out innocent files too," but Dunn the only thing he worries about, while droning on about "benefits", is "security" being turned off and the next versions that might wipe out something else. If you are using P2P, Dunn does not like you and does not mind if someone wipes out your music, movies and photoalbum. It seems beyond Dunn that people outside the big three music publishers might make and share music, photo albums and movies that other find interesting. By his authoritative opinion, we are all consumers or pirates of pornography. Anything that gets in the way of big dumb companies making money, like alternate entertainment distribution systems, competition or viruses deleting M$ Word.docs, is EVIL and the people who use them must be grubby little masturbators.

Porn? Dunn does not use the word. Sophos consider the name "goporn.exe" which is left in the users directory "tempting." The masturbator and warez insults are entirely the trojan author's. Neither Sophos nor Dunn point out how insulting it would be to find porn or warez in what used to be a directory of baby pictures, movies and music. Such an omission is tacit approval. He can't even imagine such a thing.

Get this Dunn: there are no benefits to malware. If someone is on your computer eating your bandwith and doing things you did not ask for, they are fucking you. What I share has nothing to do with .DOC, porn or cracked software. I do use P2P, http and sftp and I don't want you or anyone else wiping that out.

Re:PC World couldn't care less and is insulting

I wonder how many times you have to use the word "masturbate" along with "M$" to cause a rift in the Metaverse.

Re:PC World couldn't care less and is insulting

[jb.hl.com]

Um, if you're downloading someone's own homemade content, there are far better ways available to download it.

Face it. Practically nobody uses P2P to download legal stuff.

Re:I can only conclude that people at PC World ain

Actually, sticking a virus in an avi or even an mp3 is easy, it is getting the virus to actually execute that is the problem. Remember wrapster, which would take arbitrary files and turn them into a 100% valid mp3 so that other files could be shared over napster? The problem is that barring buffer overruns or some other exploit, the media player will most likely play either static or silence, not run the virus code.

Re:Altruism? I have my doubts...

I too have doubts. but i'm betting on a simple explaination.

Basically, the more virii and trojans a computer has, the less effective it is for the purpose of any single virus writer*. if a zombie computer crashes repeatedly because of some other unstable virus, its not too useful. likewise if the zombie is supposed to DOS some target, but its hosts file redirects the attack, well, its humorous, but not useful.

since other virii are often distributed by porn, music, and warez, it makes sense to remove all of these. This helps prevent the user from installing other virii.

I would not be suprised if future versions were not more refined, possibly corrupting some of these files instead of deleting them. deleted files would signal a virus is present after all.

*assuming the purpose was to hijack the computer and use it.

sounds like an overly elaborate plan gone bust :)

[koroviev+(begemot)]

..which makes you connect to P2P again/more often to download "da stuff" again i.e. helping the trojan spread, by increasing online time and P2P time. OR makes you go out and play. tsts. evil geniuses can be beneficial sometimes, when they miss something :)

Anyone told the Department of Homeland Security?

In 'Cyberstorm' earlier this year, a nasty virus did the rounds at or around the same time as the government exercise was allegedly being held. That particular 'wild' virus just so happened to not infect .mil and .gov domains - who would have thought of that? That was a first, and at the same time as a government exercise - did I say fish, or was that 'E'?
  The government claimed that the exercise was held on some mythical private-exact-copy-of-the-web, however, the evidence of the time did not point that way - just don't ask anyone exposed to the 'Karma Sutra Worm'...
As well as normal users, businesses and special PC's (as in the sort used in hospitals) could not cope with the network overload. At the time nobody was putting two and two together, and the Department of Homeland Security were not put under scrutiny.
Given the form of The Department of Homeland Security (the people with the 2.5Tb RAM-drives for everyone's primary keys...) and the class of individual attracted to its ranks, one has to ask if they alone have the means, the motive and the opportunity to pull off such a stunt as the new fangled virus. Usually they gloat, so expect a few words about how well they have done wiping out tonnes of data direct from the hard-drives of tens of thousands of terrorist-training-camp grade al-qaeda operatives, from all over the globe in the mainstream media anytime soon.
With Cyberstorm, A/V vendors, operating system vendors, network equipment manufacturers and others that should know better, overstepped a line that they were not forced to, and took part in 'cyber-theater exercises' that were down-right rotten, costing lots of people lots of time and effort that could have been better directed elsewhere.
This new virus might be the same as the Cyber-storm malweaponry, with SECGEN Rumsfeld watching how the citizenry respond. Do you warn everyone in your mailbox that you could have emailed them a deadly virus? Do you write to the likes of Slashdot with help for others? I don't know, but SECGEN Rumsfeld will.
With Cyberstorm there was also 'Full Spectrum Dominance' propaganda/public diplomacy in the media as well as in blogs. This gave an operational capability to control a word-of-mouth internet campaign, whether that be word of crisis, political disaster, whatever.
'Cyberstorm' came with psychological payload - 'the sky is falling in' and the guys on the exercise were testing their abilities to control and contain a new 'digital Pearl Harbour'. The D.H.S. are suspiciously quiet when it comes to the 'real' threats, has anyone checked if any more government 'cyber' exercises are scheduled?

Re:Altruism? I have my doubts...

[orielbean]

I didn't RTFA, but what if the Trojan just checks the bitpath for downloads in your P2P settings. Then it would know to delete the stuff in the user-defined directories vs the defaults.

Re:Altruism? I have my doubts...

[phyrebyrd]

Same reason I do, I suppose. Limewire, for instance, defaults to a directory that is automatically shared. I may download files, but that doesn't necessarily mean I WANT to immediately share what I just downloaded.

For that reason, I have a download directory (removed from the share path) and then a different share directory, that way what I download isn't automatically shared.

Not everyone does this... Most folks don't. But I like to make sure the files I share are the genuine article before I let someone else download it. No sense in spreading unverified files if I can take the initiative to validate their quality and authenticity first.

Re:Altruism? I have my doubts...

[iamlucky13]

Dude, people didn't even listen when the blaster worm came out with its bug that would give a 60 second warning before shutting down the computer. We tried to explain to them what was going on, why they needed an AV suite, why they needed to run Windows Update, and why they shouldn't click on popups and stuff, and they ignored it. I was still removing blaster occasionally from people's computers 2 years after Microsoft released the patch. There were people who would ask what all the fuss was about, to whom I would explain, including about how the virus made your computer shut down for no reason, and a week later they would call me up asking if I could figure out why their computer shut down at 2 PM every day. My words went in one ear and out the other. There were people who's systems I reformatted to get rid of blaster, set Windows update to automatic, and installed AVG. Sure enough, give 'em just two or three weeks and they either downloaded an infected file or opened up an unprotected network share (something else I told them not to do).

A message saying "You been haxored, grow a brain" would just get a "Whatever, my computer still works moron" response (or better yet, "but the Norton scan came up clean..."). If shutting down while a student was typing a paper due the next day (and hadn't saved yet) didn't inspire a little bit of sensibility, I seriously doubt deleting a few music files will. Especially since most users definitely seem to be shifting away from P2P in favor of legal music sources, and probably wouldn't have much targeted by this trojan.

Crusading against pornography and file-sharing seems far more likely.

Anti-business version

Next, the anti-business version. Finds ".xls" files, and looks for dollar numbers greater than $1,000,000. If it finds any, all spreadsheets are slightly altered, with numbers randomly changed by about 5%, one in 1000 numbers changed by an order of magnitude, and about one in 500 macro references changed by one row position.

Also examines ".doc" files. If the occurence of terms found in legal documents is moderately high, about 1% of the sentences in the middle of paragraphs are deleted. Randomly, 20% of the occurences of the word "not" are deleted.

Re:Altruism? I have my doubts...

[d!rtyboy]

"It doesn't sound like you're trying to understand. From what I can tell (2 mins on google), Weatherbug modified their program and it is no longer spyware."

OH, I just thought of the first thing that came to my head that I knew had spyware. Had being the key word it seems. I was actually referring to a few people I knew back when it had spyware, just as an example. I still know these people and they still have the same attitude, so my point still stands if my example does not.

so then

[hwsb]

wouldn't the next logical step be a worm that downloads a whole bunch of warez and porn for you? not only that, but GOOD warez & pron? i'll infect my machines straightaway.

So virus scanner's now check for pron...

[zenst]

So virus scanner's now check for pron and generate a potential virus alert if none is found. Dont think so but would be interesting thought.

TRANSLATION into article terms: Many office users are infected already as every PC we checked had no pron whatsoever, which is clearly a sign of the virus at work.

Overall it add's to the saying you get what you pay for. That and virus's are actualy avoidable with the right approach to computers., but show me a boring persion with an STD and I'll have to rethink things :D

--
There are YES men(1) and there are NO men(0). But computers still manage to count the ones unsure(?) using binary; And we want to have AI!
--

What about non porn files?

[LinuxRulz]

Last time I scanned my system for porn, all that was detected was LaTex (which isn't porn). I hope it doesn't delete tex files or I know a lot of people who will get frustrated.

Re:Add option #5 ... unless ...

[davidsyes]

Yeh, but the Anti-Troj could be:

"Blessed is he who comes in the name of the Lord"

It's better to come in peace then go in pieces...

(Adjust spelling to suit your circumstances).

It recognizes porn

[kabloom]

It can tell porn from other images? It can't describe them, but it knows it when it sees it.

Robot Chicken

[wcrowe]

You know, on Robot Chicken, this was all just a joke...

Give us our porn back..!

RIAA Thanks

[tgraupmann]

The trojan is written and funded by the RIAA. Everybody say thanks.

Re:Altruism? I have my doubts...

[kanzels]

I agree with this... third might be some antivirus company afraid of loosing some money with upcoming Vista and M$ antivirus program :)

wow

[Joe+the+Lesser]

You never appreciate your girlfriend, or for most here the possibility of having one, until your happy convienent pr0n movie box fails.

Re:Altruism? I have my doubts...

[Mistshadow2k4]

"The user in your scenario can't be bothered to go to a website to get the weather, so you might want to try finding another weather tray tool. I don't know of any off the top of my head but there have to be several out there."

Weather Watcher comes in a freeware version and an ad-supported version. Neither contains actual spyware.

Not quite...

>> I am still stuck in the past where pure data files were considered safe. Silly me.

From the last line of the Slashdot submission:

> remarkably few things infect the text files this trojan also deletes.

So while all of the others may well have overflows or other exploits associated with them, the fact that they delete .txt files, which really *ought* to be safe, pretty much proves them to be malicious.

Where can I get this trojan?

No, seriously (yes I'd free up a lot of wasted pr0n-space), I'd like to take a look at it. Surely someone must've put it on a web page. (And no, it can't be illegal to do so, at least not in a non-paranoid western shit country like mine).

The real crime.

[rvw14]

If someone broke into your computer and deleted your graduate thesis, I'd bet you'd consider that a crime.

The real crime would be not backing up something as important as your graduate thesis.

Handy Dan

[devfsadm]

Imagine a trojan that removes other trojans and various
spyware programs then removes itself. And tells you to have
a nice day.
-Wow that would be nice.

Re:Add option #5 ... unless ...

delete my p2p porn stash?

aint going to happen. Ive made the directory sticky

Re:Altruism? I have my doubts...

I find it intriguing that this alternate explanation apparently didn't even occur to PC World.


Because it got bumped in favor of the "Bigfoot wrote it with the grassy hill gunmen to prove once and for all that the Loch Ness monster has been pwned" theory.

Which, as would have it, is exponentially less assinine than the concept that the MPAA put this into the wild.

/. - Where those who pride themselves on logic and knowledge go to completely throw both out the window.

(all smart @$$ness aside, come on: "some punk script kiddie thought it would impress his punk peers" is not a sound enough hypothesis to be ranked above the MPAA Black Hat theory???)

I know it's irrelevant...

[SanityInAnarchy]

... but I believe even Windows runs on UNIX time by now, which began on January 1, 1970. It's simply impossible to set your clock to 1900, or even 1969. Yes, UNIX missed the Summer of Love... :'(

Re:I know it's irrelevant...

[Mayhem178]

Hmm, well, I admit I don't tend to keep up-to-date on all of Microsoft's meanderings. It seems you're at least partially right. I just tried and can't set my clock back to 1900. I can't seem to set it back to 1970 either, though. It will go back as far as 1980.

We only wish...

[SanityInAnarchy]

lusers will never tighten up their systems unless it becomes illegal to be part of a botnet.

Innagoddadevida

[vpalexander]

Damn Mormons are on the loose again.

Trojan Deletes Your Porn, Music & Warez

[DamienNightbane]

DO NOT WANT!

Re:Altruism? I have my doubts...

[DerekLyons]

I agree with you very infrequently, but this is one of those infrequent times. Either someone who is good at coding is on a major "hoiler-than-thou", ethics spree or this is the result of a bigger source hiring this person.

Or the author is just being an asshole and attacking things that people feel are important - like 99.99% of such authors across the history of computing.

note that

[alizard]

the Sony r00tkit itself proves that there are people in big technology companies capable of signing off on that kind of idiocy. And they basically got off with a gentle pat on the wrist and fingers wagged at them, not one of the corporate officers getting an involuntary vacation at Club Fed for infringing anti-hacking laws that would be directed against private individuals doing the same thing.

I can easily see some computer-illiterate Luddite at a *AA member organization looking at what happened with Sony and deciding to tell somebody with half a clue to look for a "security consultant" to write an anti-P2P virus.

Did this happen that way? I don't know, but these companies have both motive, opportunity, and for practical purposes, near-immunity from prosecution; if they get caught, they can always go to the Congresscritters they 0wN and buy a law to make their misconduct legal.

It only deletes the files?

[Schraegstrichpunkt]

Sounds like a cheap cut-down version of the Lamer Exterminator for the PC.

Re:I can only conclude that people at PC World ain

and they also said you can't get a virus or other malware from looking at a picture.