Slashdot Mirror
Trojan Deletes Your Porn, Music & Warez
E. Vigilant writes "The new Trojan/Erazor-A has an interesting twist. In addition to deleting or disabling various security products and competing malware, it deletes any porn, warez and music in your P2P directories. While some opine that this trojan might have good intentions, remarkably few things infect the text files this trojan also deletes. No one yet knows who wrote this or why."
From TFA: Well, that's a remarkably stupid assumption.
What's more likely?
- or -
Let's analyze who benefits from each scenario:
I pick avarice over sloppily executed altruism any day. I find it intriguing that this alternate explanation apparently didn't even occur to PC World.
____
~ |rip/\/\aster /\/\onkey
What they fail to mention is that people who use P2P networks often want those files that they've collected. So this virus is destroying something they want.
I mean, who installs eMule or Bit Torrent and then wishes that one day someone would come and save them from the files they've downloaded? The very idea is ludicrous.
I use Bit Torrent. If a virus were to come and delete everything I've gotten from it (trailors, WoW patches, an odd assortment of legal videos and mp3s, etc), I don't know about you, but I would be right pissed. This isn't protection and it doesn't seem to discriminate from virile files and good files so it's pure and utter destruction.
The only thing "beneficial" is seen from the eyes of the RIAA or MPAA.
You "don't think" this was written with good intentions? A virus comes onto your machine, disables security & starts to delete files in directories with a certain naming convention. What more to do you need to say, "holy hell, I've got a freaking virus!"?
My work here is dung.
is this the first shot on a new frontier in the war for morality?
i saw the baby, and the baby looked at me
Finally a threat that will make the average joe start to take computer security seriously! I look forward to a safe internet for everyone (I mean as soon as a few botnet node owner's loose their porn, peole will actually clean up their boxes!)
On a more serious note, quoting the pcworld article:WTF? How could anyone think that it's to attempt to protect users when it doesn't delete executables from p2p folders? (for an interesting overview of real "white hat worms" see this vnunet article and the slashdot discussion on the blaster removal worm)
This worm is clearly to scare people away from p2p - not protect them from other p2p malware.
What's the bet that one of the companies that make oodles of money from content are behind this?
There are shills on slashdot. Apparently, I'm one of them.
All I know is that this is a very important problem we have to fix!! Destroying our financial records and stealing our identity is one thing. But touch a geek's pr0n collection ------- this means WAR!
Of course it would delete your porn! Trojan wants you to go out and have real sex.
Join Tor today!
I feel a great disturbance in the Force... As if a millions Slashdot posters all cried out in anguish...
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
What about the third scenario ?
3) Virus writers stage this to make it look like the RIAA, MPAA, ect, are "pulling a Sony" in an attempt to pull a classic "Throw a rock at the bee hive the ranger is standing next to so BooBoo can grab the pic-a-nic basket".
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
"Thank god! I use linux!"
I thought Linux supported porn by now.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
This thing could delete the Internet
As for the Who and the Why. I blame the RI/MP Ass's. of America.
... and make a new commercial!
...]
[old guy is coughing, wheezing,
[young guy] On a mac, you don't have to worry about losing your pr0n and warez!
[young asian chic to young guys right seductively takes leg and wraps it around young guys waist]
[cut to pic of imac]
Storage Space Mysteriously Triples on File Servers around the World.
Without the pain of personal loss, lusers will not be so inclined to tighten up their system. So what if I'm part of a botnet? I'm not using the machine overnight anyway...
Happy LARTing,
FatPhil
Also FatPhil on SoylentNews, id 863
First they came for my credit card data, since I did not have Visa, I said nothing.
Then they came phishing for my bank account info, since I did not have a bank account, I said nothing.
Then they came for my porn...
I don't know the meaning of the word 'don't' - J
But on the other hand, this is not necessarily a bad thing for the rest of us. Most of the people who would be come infected by this - and consequently lose all of their P2P data - are probably Joe User types who don't know any better. So, this might -- I stress might -- actually be a benefit in even minimal ways:
I list the above points with a bit of sarcasm, of course, because I doubt that this will really have any impact on the above. But I don't doubt that the last item will come into play very often, which could actually be better for the rest of us overall.
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations.
(...)
"The Erazer Trojan is a vigilante worthy of a Charles Bronson movie, taking the law into its own hands. However, it's perfectly possible for the Trojan to aim poorly and wipe out innocent files too," commented Graham Cluley of Sophos.
Aiming poorly? Yeah, if carpet bombing a country to hit a dart board is what you mean by aiming poorly...
Nyhetsankaret.com -- det bÃsta av Sveriges Nyhetssido
The only "real" news is that it deletes the content of P2P folders (ok, not really "new" either but at least far from usual).
... well, cui bono?
That a trojan kills other trojans is hardly news. About a year ago two groups actually led a battle where one group tried to stab the other group's trojans (and vice versa) with their updates. Some trojans also use the names other trojans use to ensure those trojans can't install after they're already in. Makes detecting them correctly (i.e. as a different beast, not a new version) not really easier.
Almost every trojan today has some anti-anti-trojan functions. Killing Kaspersky, McAfee and Norton AV is more or less a standard feature of most current Trojans, so I wouldn't really call that news either.
The only outstanding feature that's hardly common is the deletion of incoming P2P objects. Which makes one wonder who
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I see an option 3 here.
3) A strike against the MPAA, RIAA and any other "law abiding" corporation (who manages to be capable of CREATING those very laws) by targeting the computers that seed the incomplete, misnamed and intentionally infected files and the files on computers that have downloaded from them by users stupid enough to download things under 1kb.
Any smart P2P user changes the default directories to customize their own bitspace so it's easier for the person using the software to find what they've downloaded, not to mention archive on another device or media those files they truly wish to retain.
Do note that I did say *smart*.
"When the people fear their government, there is tyranny; when the government fears the people, there is liberty." -Thom
remarkably few things infect the text files this trojan also deletes.
Ehmm... What?
home
Yea, like the RIAA and the MPAA are going to release a virus on the public, which could cost them billions, look how well that turned out for Sony...
In actuality it was probably just some stupid kid who, and probably rightfully so, thought the only thing of any value to anyone on their computers are either text files, or have downloaded from some p2p or similar site.
Honestly if you were looking to cause the most damage to anyones computer, it would be to strike at their heart, their downloaded music.
My theory is that this was made by someone who WANTS people to think that the RIAA made it, so that even more people will turn against them and take some heat off of P2P.
Don't worry if this thing deletes them. I've got them backed up for you.
This guy's the limit!
The first thing I thought was that it was well intentioned - in the long run.
The general public have demonstrated time and time again that they really don't care about security. They'll put up with their computer slowing down and crashing, they'll put up with random popup ads, they'll put up with their computer being used to spam people...
Removing virus vectors doesn't solve the problem in the long run. Ultimately, only education will do that. This is a form of education, a lesson that will actually sink in.
Bogtha Bogtha Bogtha
Call me cynical, but add:
4) Write a trojan to wipe out what people apparently consider to be important so that they are more aware of virus scanners.
Hmmm... would the various anti-virus companies do something like this to advertise the need for their products on people who lose gigs and gigs of files to a trojan? Nahhh....
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
I felt a great disturbance from the Net, as if millions of gigs of porn suddenly cried out in terror and were suddenly deleted.
As soon as someone comes up with a good looking GUI for it.
"Oooh shiny!" [click] [click]
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
Next : RIAA fleet to plunder coastal towns whose citizens are known to indulgue in p2p.
... You wont be escaping ... Its coming ... Its RIAA ...
... The RIAA Strikes Back !!!
Planned : RIAA prison camps full of former p2p people to be used as slave labor in music industry.
You wont be hiding
Coming to a theatre near you this summer
Official site : www.riaastrikesbackwithfear.com
Read radical news here
These people have gone too far. If I get infected by this I'm going straight to the FBI, this is too serious to joke about.
Buy Steampunk Clothing Online!
I think the chance that this is a distraction is much greater than any other motive suggested. It is very unlikely that someone whose moral compass is so broken that they spend their time writing viruses is that upset about other law breakers. I suspect that the author has huge amounts of stolen software and music. More likely this is just a nasty, vicious little perp who is thinking of a way to do something nasty and vicious. Maybe they think that this type of attack is less likely to be taken seriously by the authorities (wrong) or less likely to lead to criminal complaints (right, but there will be enough complaints). Another strong possibility is that the criminals calculate that creating security paranoia is useful for their business and this is a way to increase concern. They will probably follow up with a marketting campaign selling hijacked copies of anti-virus software. Regardless of what immediate damage is caused every trojan has to be treated as if it was intended to be used for phishing.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
If they're not smart enough to use some A/V correctly, why do you assume they'll manage to figure out what a "fileserver" is, let alone how to setup and use one?
How about we write a malware proof OS. That's orders of magnitudes easier that the above.
I fowarded the story to my boss,
Five min later he ask me for a full back-up of his PC
I wonder why.....
The article on the Sophos website actually puts things as they are.
The PC World rehash just (deliberately?) misinterprets it.
Let's have a wee comparison:
Sophos: - "The Erazer Trojan targets internet users it believes are involved in piracy, but fails to discriminate between the true criminals and those who may have MP3 music files or home movies that they have created themselves. Malware is not the way to fight internet piracy."
PC World: - "A "vigilante" Trojan, that attempts to protect infected PCs from the effects of malware caught while using peer-to-peer file-sharing networks, has been discovered."
Now how they came up with that from the Sophos article is beyond my understanding.
Greetings, all.
I just wanted to offer my new backup service for all who of you who fear this trojan. Just contact me so we can arrange transfers. Please do not be wary of my generosity, for helping is its own reward.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
look how well that turned out for Sony...
So what exactly happened to Sony - some bad press, that I only saw on the tv news once. Has anybody stopped buying sony gear? Has their share price dropped? Are they in court? No, no, no... so nothing has actually happened to Sony over this. Sure, we may hate them here and a few over places on the net, but most people don't care enough. I hated them before because of Atrac and their crappy software.
Never attest to malice what can be adequately attributed to stupidity.
In this case I think it's stupidity to create a virus that deletes the files it would be most likely to be able to propogate itself through.
Maybe some little hacker kiddie got caught wanking it by his mom and she deleted all his pr0n so he's on a "if I can't have it nobody can" rampage.
I'm a fiscal conservative, it's a pity we don't have a political party anymore
If it only deleted .exe .bat .com etc etc then I could understand the logic BUT deleting media files does not protect anyone.
They almost touch on the simplest explenation. Vigilante. Believe it or not but there are some individuals who feel they have a need to stop others from downloading via p2p.
They would be intrested in deleting any media files you downloaded via p2p. They would not be protecting you but making your (in their eyes illegal) activity worthless. So that explains why they delete harmless files.
It also explains why they try to disable security programs, yet another punishment. That way you are far more at risk from using P2P by being infected. The logic being that pirates do not deserve to be safe.
Vigilante seeking to punish p2p users. Not the RIAA and not some guardian angel. The RIAA would have to have some extremly bad lawyers to have allowed this and a guardian angel would only destroy files wich put you at risk and not disable security software.
Vigilantes have done stuff like this before. It falls in the same field as those "jezus loves you" posts in porn usenet groups. Or so I been told. Not that I would know anything about that offcourse.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
"You are free to look at porn if you want to. Most dont, but you can."
Most Linux users don't look at porn? Didn't that all change when KDE came along and you didn't need both hands available?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
That is so true. I can't count the amount of people I've met that have weatherbug or whatever on their computer and I explain to them that it has spyware, then I remove it and the spyware. Then a day or so later, they're like, "WTF? You deleted weatherbug" and I find they've reinstalled it. People just don't care, and I don't expect to ever understand why.
~ So sayeth the wise Alaundo
In related news, dictionary.com has suffered the slashdot effect after a massive spike in searches for the definitions of "avarice" and "altruism".
"I can only conclude that people at PC World ain't got a clue about PC's. Since when can .avi .mp3 etc etc contain virusses or malware?"
You can stick a virus in a jpeg, so I don't see why you couldn't stick one in an avi, etc. Of course, I'm not the worlds leading virus expert...
Though I do agree with the rest of your post. I was wondering why they were calling it a "vigilante" virus at all. I thought I was going a little crazy untill I read my thoughts here in the posts.
~ So sayeth the wise Alaundo
Um, maybe it's just me, but I'd call disabling antivirus impairing the computer's operation. Yeah, sure, it's not installing a spam zombie client, but it is unlocking the door for someone who will...
Or, maybe not...
Similar to the upcoming US election results
Once again, this is Windows only.
Damn! Obviously, Linux isn't ready for the home user.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
maybe the person who wrote the trojan, wrote it to be an asshole with no other intentions in mind; besides to be annoying. Many people who are infected with trojans/other tyes of virus' are not that internet/computer savy. When they engage in illeagle file trading they typically use p2p networks such as lime wire, where it is much easier to download malware and what not. Lets face it, the most popular types of files to download are pretty much porn and music. So theres no better way to piss a ton of people off other than deleting what they value most on their computers. Just my thought.
bad press
Went away already.
cd recall
So they could remove the rootkit. However, their key software is still on their disks.
and class action lawsuits
Oh yeah, those are going great...
Bullish Machine Tzar
Not even that:
5) Trojan not only sentient, but self-sustainable and conventionally biased. Will take over the world.
Proof of Intelligent Design? You be the judge.
Defining Statistics and Social Research
Since when can .avi .mp3 etc etc contain virusses or malware?
Since the people making the media players haven't figured out how to properly code. It is definetly possible to get infected or compromized via a media file. Look at the whole Microsoft image rendering problem a few months ago. One look at a specially crafted image on a website and you're compromized.
Bullish Machine Tzar
Option 5: Delete all competing content from the p2p directories so the upload bandwidth is fully available to the virus and it does not have to share the upload bandthwith with other content (like p0rn).
It is called evolution theory, this virus kills of the weaker content to spread itself.
Note that is also stops process like "gator". this virus allows no competition.
Unless it also displays a dialog box stating that, "The Lord has decided that thou hast broken the following commandments: Thou Shalt Not Steal and Thou Shalt Not Have Naughty Thoughts. Your files have been deleted according to the rights granted to us by God as his Holy Warriors, and your screen saver is now made of publicity stills from The Passion of the Christ. Go with God."
:)
Then, maybe so...
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
reinstalled it. People just don't care, and I don't expect to ever understand why
People assume that anything that happens on their computer is visible in the GUI. Therefore if weatherbug doesn't pop up a requester saying "I'm spying on you now, please type something interesting", naive people will assume it's not doing that.
I suspect this misapprehension will change only through hard experience.
I don't care if it's 90,000 hectares. That lake was not my doing.
6) profit!!
MilkMiruku
This also emphasizes why all P2P users should quarantine their P2P software inside a virtual machine. VMWare's recently renamed VMWare Server" product is free and is a perfect way to isolate your P2P software from the rest of your machine. I actually employ this method myself. Much of the documentation I download is infected and this method prevents that infection from getting back to the host server. Plus it's quite easy to rollback changes to a time before the infection and start over.
There is no way Pat Robertson and Jerry Falwell would ever risk their own secret porn stash. The parent is clearly a troll.
While some opine that this trojan might have good intentions, remarkably few things infect the text files this trojan also deletes.
I've attempted to read that sentence about a dozen times, and I have no clue what the writer's trying to say.
Comment of the year
> First off, this article is pure bullshit spin. They mention several points about a virus and the whole time they attempt to spin it the reader as a "good intentions" virus--even comparing it to Charles Bronson. The Slashdot title reads "Trojan Deletes Your Porn, Music & Warez" but it doesnt, if you RTFA:
Hi. Just FYI, I wrote the article submitted to Slashdot precisely to correct this idiotic story (Slashdot should hopefully get picked up by Google, etc. and thus be more available to those who will read this). I think the writer over there was trying to find an angle on it and couldn't get past "P2P == bad, viruses == bad" so they fell back on one of the "content" industry talking points (and I use the word "content" loosely).
To anyone who has a functioning brain, the fact that it deletes your files, installs a keylogger, and disables security products (as well as a few incidental bits of competing malware) is more than enough to realize that it has only malicious intentions.
Weatherbug is what I call "functional spyware" in that it does provide a real function in addition to it's spying functions. Most spyware now fits this profile, but the original spyware, Gator, did not.
When removing functional spyware you must attempt to provide a replacement application that can do the same function. The user in your scenario can't be bothered to go to a website to get the weather, so you might want to try finding another weather tray tool. I don't know of any off the top of my head but there have to be several out there.
Furthermore, Weatherbug is a special case as they've managed to grow into a legitimate brand. The weather promo here on ABC in DC is the "Weatherbug Network". For the average user, something like that really legitimizes the software, whether it's deserved or not.
People just don't care, and I don't expect to ever understand why.
It doesn't sound like you're trying to understand. From what I can tell (2 mins on google), Weatherbug modified their program and it is no longer spyware.
..which makes you connect to P2P again/more often to download "da stuff" again i.e. helping the trojan spread, by increasing online time and P2P time. OR makes you go out and play. tsts. evil geniuses can be beneficial sometimes, when they miss something :)
Dude, people didn't even listen when the blaster worm came out with its bug that would give a 60 second warning before shutting down the computer. We tried to explain to them what was going on, why they needed an AV suite, why they needed to run Windows Update, and why they shouldn't click on popups and stuff, and they ignored it. I was still removing blaster occasionally from people's computers 2 years after Microsoft released the patch. There were people who would ask what all the fuss was about, to whom I would explain, including about how the virus made your computer shut down for no reason, and a week later they would call me up asking if I could figure out why their computer shut down at 2 PM every day. My words went in one ear and out the other. There were people who's systems I reformatted to get rid of blaster, set Windows update to automatic, and installed AVG. Sure enough, give 'em just two or three weeks and they either downloaded an infected file or opened up an unprotected network share (something else I told them not to do).
A message saying "You been haxored, grow a brain" would just get a "Whatever, my computer still works moron" response (or better yet, "but the Norton scan came up clean..."). If shutting down while a student was typing a paper due the next day (and hadn't saved yet) didn't inspire a little bit of sensibility, I seriously doubt deleting a few music files will. Especially since most users definitely seem to be shifting away from P2P in favor of legal music sources, and probably wouldn't have much targeted by this trojan.
Crusading against pornography and file-sharing seems far more likely.
Last time I scanned my system for porn, all that was detected was LaTex (which isn't porn). I hope it doesn't delete tex files or I know a lot of people who will get frustrated.