Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Deletes Your Porn, Music & Warez

Posted by ryuzaki0 on from the someone-else-to-think-for-you dept.

E. Vigilant writes "The new Trojan/Erazor-A has an interesting twist. In addition to deleting or disabling various security products and competing malware, it deletes any porn, warez and music in your P2P directories. While some opine that this trojan might have good intentions, remarkably few things infect the text files this trojan also deletes. No one yet knows who wrote this or why."

39 of 400 comments (clear)

  1. Altruism? I have my doubts... by TripMaster+Monkey · · Score: 5, Insightful

    From TFA:
    The assumption is that because the Trojan is only deleting certain file types in specific download directories used by P2P programs -- one of the main sources of inadvertent malware infection -- it is attempting to protect those it manages to infect.
    Well, that's a remarkably stupid assumption.

    What's more likely?
    1. The Trojan was designed to protect users from malware by deleting contents of P2P directories,
        - or -
    2. The Trojan was designed to strike a blow against P2P file sharers deleting contents of P2P directories.


    Let's analyze who benefits from each scenario:
    1. No one benefits, since the 'benefits' of having files that might be infected with malware deleted is more than offset by the security problems introduced by the deactivation of antivirus software, as well as the inadvertent deletion of many innocent files. Also, the Trojan writer, (in this scenario, a "Robin Hood" type character), receives no benefit other than a warm fuzzy feeling.

    2. RIAA, MPAA, and various software companies all realize tangible financial benefits as illegal file sharing is dealt a serious blow. Also, the Trojan writer, (in this scenario, a mercenary for hire) takes home a nice fat paycheck for a job well done.


    I pick avarice over sloppily executed altruism any day. I find it intriguing that this alternate explanation apparently didn't even occur to PC World.
    --
    ____

    ~ |rip/\/\aster /\/\onkey

  2. Slashspin by eldavojohn · · Score: 4, Insightful
    First off, this article is pure bullshit spin. They mention several points about a virus and the whole time they attempt to spin it the reader as a "good intentions" virus--even comparing it to Charles Bronson. The Slashdot title reads "Trojan Deletes Your Porn, Music & Warez" but it doesnt, if you RTFA:
    The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations.
    Gosh, I have plenty of MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files ... that aren't porn, illegal music & warez.

    What they fail to mention is that people who use P2P networks often want those files that they've collected. So this virus is destroying something they want.

    I mean, who installs eMule or Bit Torrent and then wishes that one day someone would come and save them from the files they've downloaded? The very idea is ludicrous.

    I use Bit Torrent. If a virus were to come and delete everything I've gotten from it (trailors, WoW patches, an odd assortment of legal videos and mp3s, etc), I don't know about you, but I would be right pissed. This isn't protection and it doesn't seem to discriminate from virile files and good files so it's pure and utter destruction.

    The only thing "beneficial" is seen from the eyes of the RIAA or MPAA.

    "I don't think this was written with good intentions because it attempts to turn off security," said Cluley. There would be nothing more dangerous than for people to become accustomed to the idea of "beneficial malware" because that might create a false sense of security.
    You "don't think" this was written with good intentions? A virus comes onto your machine, disables security & starts to delete files in directories with a certain naming convention. What more to do you need to say, "holy hell, I've got a freaking virus!"?
    --
    My work here is dung.
    1. Re:Slashspin by Gumph · · Score: 5, Funny

      Gosh, I have plenty of MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files ... that aren't porn, illegal music & warez.

      Excuse me Sir, we've had some complaints from the other clientele, could you hand in your /. ID on your way out.

      --
      'By the pricking of my thumbs, something wicked this way comes'
  3. Finally! by Whiney+Mac+Fanboy · · Score: 5, Insightful
    *Applauds*

    Finally a threat that will make the average joe start to take computer security seriously! I look forward to a safe internet for everyone (I mean as soon as a few botnet node owner's loose their porn, peole will actually clean up their boxes!)

    On a more serious note, quoting the pcworld article:
    The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations.

    The assumption is that because the Trojan is only deleting certain file types in specific download directories used by P2P programs -- one of the main sources of inadvertent malware infection -- it is attempting to protect those it manages to infect. [emph mine]
    WTF? How could anyone think that it's to attempt to protect users when it doesn't delete executables from p2p folders? (for an interesting overview of real "white hat worms" see this vnunet article and the slashdot discussion on the blaster removal worm)

    This worm is clearly to scare people away from p2p - not protect them from other p2p malware.

    What's the bet that one of the companies that make oodles of money from content are behind this?
    --
    There are shills on slashdot. Apparently, I'm one of them.
    1. Re:Finally! by hal2814 · · Score: 4, Funny

      "Finally a threat that will make the average joe start to take computer security seriously!" Until a computer virus or trojan can come into your house, shave your eyebrows off while you're asleep, drink all your beer, and leave you with no toilet paper, the average joe will never take computer security seriously.

  4. Geeks unite! by Anonymous Coward · · Score: 5, Funny

    All I know is that this is a very important problem we have to fix!! Destroying our financial records and stealing our identity is one thing. But touch a geek's pr0n collection ------- this means WAR!

  5. Seems obvious to me. by Jerk+City+Troll · · Score: 4, Funny

    Of course it would delete your porn! Trojan wants you to go out and have real sex.

    --
    Join Tor today!
    1. Re:Seems obvious to me. by mobby_6kl · · Score: 5, Funny

      Trojan wants you to go out and have real sex.

      They're not the only ones...

  6. It... deletes PR0N??!! by Noryungi · · Score: 5, Funny

    I feel a great disturbance in the Force... As if a millions Slashdot posters all cried out in anguish...

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
  7. Re:Altruism? I have my doubts... by Joebert · · Score: 5, Insightful

    What about the third scenario ?

    3) Virus writers stage this to make it look like the RIAA, MPAA, ect, are "pulling a Sony" in an attempt to pull a classic "Throw a rock at the bee hive the ranger is standing next to so BooBoo can grab the pic-a-nic basket".

    --
    Wanna fight ? Bend over, stick your head up your ass, and fight for air.
  8. Re:Thank god! by MobileTatsu-NJG · · Score: 5, Funny

    "Thank god! I use linux!"

    I thought Linux supported porn by now.

    --

    "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

  9. Apple needs to jump on this quickly! by dimer0 · · Score: 5, Funny

    ... and make a new commercial!

    [old guy is coughing, wheezing, ...]

    [young guy] On a mac, you don't have to worry about losing your pr0n and warez!

    [young asian chic to young guys right seductively takes leg and wraps it around young guys waist]

    [cut to pic of imac]

  10. The next headline on slashdot.... by TheOldSchooler · · Score: 5, Funny

    Storage Space Mysteriously Triples on File Servers around the World.

  11. Nice to see a destructive payload for once by fatphil · · Score: 4, Interesting

    Without the pain of personal loss, lusers will not be so inclined to tighten up their system. So what if I'm part of a botnet? I'm not using the machine overnight anyway...

    Happy LARTing,
    FatPhil

    --
    Also FatPhil on SoylentNews, id 863
  12. THIS IS WAR! by Progman3K · · Score: 5, Funny

    First they came for my credit card data, since I did not have Visa, I said nothing.
    Then they came phishing for my bank account info, since I did not have a bank account, I said nothing.
    Then they came for my porn...

    --
    I don't know the meaning of the word 'don't' - J
  13. Aiming poorly? by iogan · · Score: 4, Funny

    The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations.
    (...)
    "The Erazer Trojan is a vigilante worthy of a Charles Bronson movie, taking the law into its own hands. However, it's perfectly possible for the Trojan to aim poorly and wipe out innocent files too," commented Graham Cluley of Sophos.

    Aiming poorly? Yeah, if carpet bombing a country to hit a dart board is what you mean by aiming poorly...

    --
    Nyhetsankaret.com -- det bÃsta av Sveriges Nyhetssido
    1. Re:Aiming poorly? by meringuoid · · Score: 4, Funny
      Aiming poorly? Yeah, if carpet bombing a country to hit a dart board is what you mean by aiming poorly...

      Careful with such analogies. There'll be a bunch of loyal American patriots along in a minute to tell you how wrong you are, and that it's not aiming poorly, it's an enlightened foreign policy.

      --
      Real Daleks don't climb stairs - they level the building.
    2. Re:Aiming poorly? by computational+super · · Score: 4, Funny

      If you're not with us, you're against us, and that didn't sound "with us" enough for me. The air force will be preparing your neighborhood for a Haliburton contract in five minutes.

      --
      Proud neuron in the Slashdot hivemind since 2002.
  14. Re:Altruism? I have my doubts... by phyrebyrd · · Score: 5, Interesting

    I see an option 3 here.

    3) A strike against the MPAA, RIAA and any other "law abiding" corporation (who manages to be capable of CREATING those very laws) by targeting the computers that seed the incomplete, misnamed and intentionally infected files and the files on computers that have downloaded from them by users stupid enough to download things under 1kb.

    Any smart P2P user changes the default directories to customize their own bitspace so it's easier for the person using the software to find what they've downloaded, not to mention archive on another device or media those files they truly wish to retain.

    Do note that I did say *smart*.

    --
    "When the people fear their government, there is tyranny; when the government fears the people, there is liberty." -Thom
  15. Translation please.. by JamesTRexx · · Score: 4, Insightful

    remarkably few things infect the text files this trojan also deletes.

    Ehmm... What?

    --
    home
  16. Re:Uhoh by gEvil+(beta) · · Score: 4, Funny

    Don't worry if this thing deletes them. I've got them backed up for you.

    --
    This guy's the limit!
  17. Re:Altruism? I have my doubts... by Bogtha · · Score: 4, Insightful

    The first thing I thought was that it was well intentioned - in the long run.

    The general public have demonstrated time and time again that they really don't care about security. They'll put up with their computer slowing down and crashing, they'll put up with random popup ads, they'll put up with their computer being used to spam people...

    ...but take away their porn and music? The virus seems to be designed to piss the computer user off as much as possible without actually causing any real damage or impairing the computer's operation. It seems to me that the virus writer did it to get people to take notice of viruses in future.

    Removing virus vectors doesn't solve the problem in the long run. Ultimately, only education will do that. This is a form of education, a lesson that will actually sink in.

    --
    Bogtha Bogtha Bogtha
  18. Add option #4 by WidescreenFreak · · Score: 5, Interesting

    Call me cynical, but add:

    4) Write a trojan to wipe out what people apparently consider to be important so that they are more aware of virus scanners.

    Hmmm... would the various anti-virus companies do something like this to advertise the need for their products on people who lose gigs and gigs of files to a trojan? Nahhh....

    --
    The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
    1. Re:Add option #4 by Chelloveck · · Score: 5, Insightful

      Even simpler:

      4) Write a trojan to wipe out what people apparently consider to be important just because the trojan writer is a prick.

      --
      Chelloveck
      I give up on debugging. From now on, SIGSEGV is a feature.
  19. Re:the first 'christian' virus? by Ohreally_factor · · Score: 4, Funny

    Why the Christians, necessarily? A more likely culprit would be PETA, trying the protect all those cute fluffy kittens from the hand of a wrathful God.

    --
    It's not offtopic, dumbass. It's orthogonal.
  20. Re:Avarice by tbone1 · · Score: 4, Insightful
    I have trouble believing that the RIAA/MPAA could be so dumb.

    I don't. I've seen how dumb large organizations can be.

    --

    The Independent: Reverend Spooner Arrested in Friar Tuck Incident - ISIHAC, Historical Headlines
  21. PC World couldn't read the Sophos article! by flokemon · · Score: 4, Interesting

    The article on the Sophos website actually puts things as they are.
    The PC World rehash just (deliberately?) misinterprets it.

    Let's have a wee comparison:

    Sophos: - "The Erazer Trojan targets internet users it believes are involved in piracy, but fails to discriminate between the true criminals and those who may have MP3 music files or home movies that they have created themselves. Malware is not the way to fight internet piracy."

    PC World: - "A "vigilante" Trojan, that attempts to protect infected PCs from the effects of malware caught while using peer-to-peer file-sharing networks, has been discovered."

    Now how they came up with that from the Sophos article is beyond my understanding.

  22. New Service by MobileTatsu-NJG · · Score: 4, Funny

    Greetings, all.

    I just wanted to offer my new backup service for all who of you who fear this trojan. Just contact me so we can arrange transfers. Please do not be wary of my generosity, for helping is its own reward.

    --

    "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

  23. I can only conclude that people at PC World ain't by SmallFurryCreature · · Score: 4, Insightful
    I can only conclude that people at PC World ain't got a clue about PC's. Since when can .avi .mp3 etc etc contain virusses or malware?

    If it only deleted .exe .bat .com etc etc then I could understand the logic BUT deleting media files does not protect anyone.

    They almost touch on the simplest explenation. Vigilante. Believe it or not but there are some individuals who feel they have a need to stop others from downloading via p2p.

    They would be intrested in deleting any media files you downloaded via p2p. They would not be protecting you but making your (in their eyes illegal) activity worthless. So that explains why they delete harmless files.

    It also explains why they try to disable security programs, yet another punishment. That way you are far more at risk from using P2P by being infected. The logic being that pirates do not deserve to be safe.

    Vigilante seeking to punish p2p users. Not the RIAA and not some guardian angel. The RIAA would have to have some extremly bad lawyers to have allowed this and a guardian angel would only destroy files wich put you at risk and not disable security software.

    Vigilantes have done stuff like this before. It falls in the same field as those "jezus loves you" posts in porn usenet groups. Or so I been told. Not that I would know anything about that offcourse.

    --

    MMO Quests are like orgasms:

    You may solo them, I prefer them in a group.

  24. Re:Thank god! by MobileTatsu-NJG · · Score: 4, Funny

    "You are free to look at porn if you want to. Most dont, but you can."

    Most Linux users don't look at porn? Didn't that all change when KDE came along and you didn't need both hands available?

    --

    "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

  25. Add option #5 by Foobar+of+Borg · · Score: 4, Funny
    5) Pat Robertson and Jerry Falwell want to wipe out pr0n from the internet, so they assemble a team of computer experts and tell them, "Pr0n is the 5ux0rs! We need 1337 h@x0r5 to pwn their warez, w00t, w00t!"

    Or, maybe not...

    --
    Similar to the upcoming US election results
    1. Re:Add option #5 by Foobar+of+Borg · · Score: 4, Funny
      You spelled "teh" and "there" wrong. Or did you mean "they're"?

      You are right (*sniff*). I'm afraid I'm only 1336 (*sniff*)...

      --
      Similar to the upcoming US election results
  26. Add option #5 by Sigg3.net · · Score: 5, Funny

    Not even that:

    5) Trojan not only sentient, but self-sustainable and conventionally biased. Will take over the world.

    Proof of Intelligent Design? You be the judge.

    --
    Defining Statistics and Social Research
  27. Re:I can only conclude that people at PC World ain by skarphace · · Score: 4, Informative

    Since when can .avi .mp3 etc etc contain virusses or malware?

    Since the people making the media players haven't figured out how to properly code. It is definetly possible to get infected or compromized via a media file. Look at the whole Microsoft image rendering problem a few months ago. One look at a specially crafted image on a website and you're compromized.

    --
    Bullish Machine Tzar
  28. Re:Add option #5 ... unless ... by WidescreenFreak · · Score: 4, Funny

    Unless it also displays a dialog box stating that, "The Lord has decided that thou hast broken the following commandments: Thou Shalt Not Steal and Thou Shalt Not Have Naughty Thoughts. Your files have been deleted according to the rights granted to us by God as his Holy Warriors, and your screen saver is now made of publicity stills from The Passion of the Christ. Go with God."

    Then, maybe so... :)

    --
    The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
  29. Re:Altruism? I have my doubts... by Jeremi · · Score: 4, Insightful
    Then a day or so later, they're like, "WTF? You deleted weatherbug" and I find they've
    reinstalled it. People just don't care, and I don't expect to ever understand why


    People assume that anything that happens on their computer is visible in the GUI. Therefore if weatherbug doesn't pop up a requester saying "I'm spying on you now, please type something interesting", naive people will assume it's not doing that.


    I suspect this misapprehension will change only through hard experience.

    --


    I don't care if it's 90,000 hectares. That lake was not my doing.
  30. sorry ;) by miruku · · Score: 5, Funny

    6) profit!!

    --
    MilkMiruku
  31. Virtual machines by macdaddy · · Score: 4, Interesting

    This also emphasizes why all P2P users should quarantine their P2P software inside a virtual machine. VMWare's recently renamed VMWare Server" product is free and is a perfect way to isolate your P2P software from the rest of your machine. I actually employ this method myself. Much of the documentation I download is infected and this method prevents that infection from getting back to the host server. Plus it's quite easy to rollback changes to a time before the infection and start over.

  32. No way, that would ever happen by budword · · Score: 5, Funny

    There is no way Pat Robertson and Jerry Falwell would ever risk their own secret porn stash. The parent is clearly a troll.