Slashdot Mirror
Trojan Found At Torrent Sites Insists "Downloading Is Wrong"
NoisySplatter writes "Ernesto, founder of TorrentFreak, reports that a new trojan, 'Troj/Qhost-AC,' has been distributed on The Pirate Bay. The virus was disguised as a serial key generator, and the offending torrent has since been removed, but the source has not been identified. Troj/Qhost-AC makes changes to the user's hosts file that redirects The Pirate Bay, Suprbay, and Mininova to 127.0.0.1. In addition to making three popular torrent sites inaccessible, the virus also plays a sound file that says: 'downloading is wrong.' It looks like someone has finally stepped up to the plate to challenge Madonna for the title of 'Most Obnoxious Anti-Piracy Stunt.' Of course, this could just be the software industry's attempt at outdoing the RIAA and MPAA."
There once was a man who could boast
that due to his low latency host
when blog posts went down,
he was always around
to sit down and type swiftly "FIRST POST"
127.0.0.1 turns out to be *my* private IP address. So everyone with that virus is connecting to my Internet. That would explain why my connection has been so slow lately. I sure hope they find the bastard who did this to me. I'll gladly add my own lawsuit to the pile.
This could be the piracy groups themselves throwing this out there to stir up sentiment against the RIAA, MPAA, etc.
Of course that's like adding a few cords of wood to the fires of HELL, but it is a possibility.
P.S - This is not nearly as bad as the Sony Rootkit.
-rw-r--r-- 1 root root 1061 2007-04-05 12:18 /etc/hosts
Ahhh, windows, gotta love it.
A virus that instead plays "Downloading is right" and redirects the homepages of big software, music and movie companies to piratebay, mininova, etc...
Justice is the sheep getting arrested while an impartial judge declares the vote void.
It's pretty crazy to be running keygens on your system. Every time I do it, I think to myself "what are these guys getting for all their hard work?" The same thing with cracked software - you run an installer yourself how could the cracker pass up that type opportunity? I just assume most of them infect your computer with some spyware and trojans.
(\(\
(^.^) INFECTED
(")")
Does anyone know what it was claiming to be a keygen for? That would be a likely lead as to who is responsible for the virus, assuming it was the software industry who released this.
Behold, another webcomic!
<barrywhite>
But baby....how can it be wrong...when it feels so right....
</barrywhite>
Weaselmancer
rediculous.
From everything I've read (the slashdot summary excluded) this isn't really a virus -- it's a straight trojan. That means you would have to be trying to download a serial key generator in order to get it on your system. (ie. It doesn't spread to you from other people's machines.)
I'm all against nefarious software creeping onto my system, but this is like complaining that the guy you tried to buy drugs from turned out to be a cop.
..which of course according to the recording is wrong. Oh, I'm in the middle of downloading packets of data for TV since I'm using satellite TV, which is also wrong I guess. Where did I go so wrong in life.
...for Windows.
But no...no reason to consider alternatives.
I'd like somebody to please explain to me why my company should not compile versions of our software for torrent that do horrible and terrible things to the downloaders' PCs after say, the third run. We have no duty of care nor contract with such downloaders and due to the nature of our software, it is 100% certain that those who download pirated versions will never become legitimate customers. Furthermore, because of the way our software is licensed and its data is accessed, we can be 100% sure that none of our legitimate users are using pirated versions. No really. I'd like you guys to tell me why not. it's something I've fantasized about. We'd even put noticed at the beginning of the software telling the user quite explicitly about the horrible things that the software would do, and we would not hold the users "hostage" to purchasing our software in any way. Of course, we could open ourselves up to retribution attacks, but, imagining for a moment if that was not an issue, i'd like to hear some opinions. As you can see by the responses here to this article, many slashdotters have abandoned even the pretense of soome pseudophilosophical justification for their piracy and are just concentrating on the technical tricks involved in being better pirates ("virtual machines, baby", etc.)
Just to spite those who uploaded that trojan, I will start downloading FreeBSD 7.1 later today.
Here it is:
http://www.mininova.org/search/?search=freebsd
Ha!
Synthmaker, a music DSP authoring utility which allows 'full version' owners to export VSTs (virtual instruments) which they can then redistribute / sell had an interesting post a couple months ago from one of the users talking about how a VST they had offered for something like $10 ended up being posted with a crack on usenet.
Stuff like that happens all the time and directly affects the little guy even more than it does the big faceless corporations.
So it's tough for me to think that any company would take the immense risk of doing something as stupid as distributing a virus, whereas a disgruntled independent developer with spare time and a personal axe to grind against piracy might not care as long as some homebrew justice gets metered out.
It replaces all your audio files with Barry Manilow songs. The initials refer to the users reaction when they realize they now have 30,000 copies of "Mandy" choking their hard drive.
So really it's more like the guy you were trying to buy medical marijuana from turned out to be the naggy guy behind the Above the Influence campaign.
Aside from a ridiculous audio message I think it's pretty funny. If you're downloading software from an unsecured and anonymous source and executing it on your computer what do you expect to happen? At least they didn't go hog wild and destroy the OS.
Ha. I like it (: But it needs a better recording.
No sig for you. YOU GET NO SIG!
As soon as happy user loads the trojan, he/she won't use torrent anymore (or at least he gets rid of it), thus how can this thing spread?
I'd like to give the Author of the Trojan a +5 "Magnificent Bastard" Moderation
Clue-Passive, because those with clue will remove it in 2 seconds...
"L33t Script-Kiddie" hax0rs will say: "The site was removed, argh I'm being tracked!!!" (and hopefully either stop, so SysAdmins don't have to de-virus their machines constantly, or learn enough so they understand a little bit more about what they're doing).
All in all, a clever combination of Technology and good understanding of Human-Computer Interaction.
Disclaimer: No, I didn't write it.
A Man's ethical behavior should be based effectually on sympathy, education, and social ties -- Albert Einstein
Comment removed based on user account deletion
What I want to know is WHY did the piratebay take it down? I tought that they belived in freedom of information and have claimed time end time again that they can not take down a torrent just cause someone os offended or hurt by it (or that its illegal). Why are they changing there minds now? maybe they are in this for the money and not for the "freedom" as they claim?
The tragic thing is, it's not doing anything but annoying those who weren't going to buy their product anyway (provided it's indeed a disgruntled developer). So in effect, unlike an after-school special where everyone learns something and grows as human beings, this just annoys some dude who was stupid enough not to use a VM to run suspect programs. :) It's all a monumental stack of steaming shit because we've allowed ourselves to be tricked into believing the Founding Fathers intended for Disney to rape the Public Domain and charge us perpetually for things they didn't even have to pay for. It's a bloody tragic b-movie where we all get caught with our pants down. And yet, nothing changes.
:) While it's silly that something that sells for $10 is posted on usenet, the inevitability of such an action should be no surprise to even the RIAA.
:-/
Both sides of this argument have emotional ties to the subject, and their imagery always degenerates into the "starving artist/artisan" and the "freedom loving anarchist".
We simply need to get away from the "copyright guarantees revenue" that the big faceless corporations are trying to turn into a cultural meme through misinformation and buying legislation. Once we get those assholes out of the argument, we might actually find a productive middle ground where freedom prevails for all involved. Putting a simple trojan up on a torrent site, or like Madonna's stupid limewire trick, do nothing but make for an interesting read and continue to give the faceless entities fodder to use in their spread of propaganda and misinformation to the great unwashed.
*Sigh.* I wish there was a better solution, but as long as there have been things that have a perceived value, there have always been those who simply want to take from others. It's ingrained into the deepest instincts, and I don't know how to make anyone act civil. The **AA's think you can scare and sue people into civility... Now I'm depressed.
It's the Stay-Puft Marshmallow Man.
...hot :3
Or like complaining that instead of office chair, package contained bobcat.
Just wait 'til you get a dumbass letter from the RIAA saying that the IP 127.0.0.1 has been identified as a computer uploading copyrighted material. Then the shit will really hit the fan ;)
I'm all against nefarious software creeping onto my system, but this is like complaining that the guy you tried to buy drugs from turned out to be a cop.
What, you don't get pissed when that happens to you?
Property is theft.
Yep disney is relevant to this discussion because I'm SURE that these applications being cracked are at LEAST 16 years old.
Pics or it never happened!
I hate printers.
This used to be a great place to read about tech and have interesting tech discussions. Key words: used to. But in the last 6 months or so it has frankly turned into shit. Any discussion is more than 80% anon cowards, and most of those are variations on "nigger nigger nigger" "(fill in the blank) are faggots" etc. Honestly it is getting to the point that I read a post, go down and see the discussions are nothing but trolls, and then go to somewhere else. What the hell happened?
If this doesn't change I can see Slashdot just dying out, because who wants to bother when there are only a handful of posts and the rest are all troll crap. So what happened to Slashdot? Is this a temporary thing, or has all the good posters simply moved on and been replaced with trolls? Does the IP logs show it is only a few trolls posting like mad, or is this a chanology style mass trolling? Seriously Slashdot editors, what is going on?
ACs don't waste your time replying, your posts are never seen by me.
It's surprising that this kind of thing doesn't happen more often.
I allways use *Mule programs like : eMule, aMule and JMule and have no problem with trojans and viruses.
JMule user, enjoy it : http://www.jmule.org
What I want to know is WHY did the piratebay take it down?
Maybe because it was editing the hosts file and therefore blocking thepiratebay.com? Where is your freedom of information if you can't access the infromation?
I agree in the past I have gotten trojans from doing this, but I could only blame myself because I wasn't cautious enough. Now were is that link at, so I can download it......
you win more arguments with persuasion than with obnoxiousness.
I wonder if anybody else gets the reference in your sig :-)
edit hosts file and make a back up
hten before you go there and after replace it with back up
this1 minute job thus negates a complete waste a time and all it technically need to be is a windows batch file that move a copy of a hosts file over yours or appends , JESUS thats retarded to do.
this just makes me want to download more and more.
What pirate bay needs is to setup a system where ANY upload before it goes public is 100% checked as in downloaded and verified to not be retarded.
YA ok you aint gonna get it 1 hr as fast for most movies or tv but this would guarantee YOU aint getting shit on by the stupist human virii creator of all time.
P.S. that virus was also circulated from torrent damage a while back and i got hit wiht it and OH it took what 2 seconds to fix and i dropped there site like a hot potato , oddly also things i upped there myself had been ALTERED and that made me wonder what the hell that private site was up too.
Well , the trojan has been removed , and i'm sure the user uploading has also been identified and banned.
If it changes the hosts file , it's easy to identify, and remove.
We get trojan and virus uploaders all the time, and they are removed at first sight, so this is nothing new, and nothing TPB can't handle.
Slipping shoelaces ?
Actually i think this is an interesting action. As a communicative act, this trojan shows several things, e.g. that the internet stays an unstable place where everything is mostly determined by convention -- even with pirates -- AND that TPB is taking down torrents they don't like, despite being a stronghold of free speech. Of course "malicious software" is the argument here for removal of the torrent, but who defines what is malicious? In the end TPB caters to the needs of its community, by filtering "content" this community doesn't approve of.
The trojan was posted by neither a pirate group nor the RIAA/MPAA/etc. The trojan was posted by a 4chan member in search of the fleeting and elusive yet enlightened state called "lulz".
http://www.vnunet.com/vnunet/news/2123077/anti-blaster-worm-spreads-patches
every day http://en.wikipedia.org/wiki/Special:Random
First, it takes a lot of time to find out what it really does. And even if you manage to hack it to pieces in a dis, you are never really 100% certain. Disassembled Assembler code tends to be unclear if anything. It's easy to overlook a branch that seemingly never gets executed... until something happens. If it's done creatively, you can hide the real bomb fairly well in something that, let's say, self encrypts itself and only reveals its function right at the moment when it hits.
A piece of malware on your PC is a foot in the door. Unless you wrote it yourself, consider it harmful.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I long ago dropped the idea of discriminating between virus, worm, trojan and whatever other type of malware we tried to classify in the earlier days. Today, you have usually so many functions rolled into one that it's hard to really find a suitable classification for a certain piece of malware. And while this is maybe the most classic definition of a trojan (malware disguised as something else), maybe it's time to get rid of the idea to classify and qualify malware.
Malware is something you do not want in your PC, that is brought there against your intentions and that has negative and often harmful effects on your PCs reliability, stability or security. It's already hard enough to explain to people what malware is without confusing them with conflicting terms. They distract from the real problem more than they explain it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
OMG! They're leeching from The Elite Warez Network! YRLY!
Patches your flash player so that everything you look at on Youtube gets replaced by Mr. Astley's stellar performance.
It's not just this trojan, the whole Elite Warez Network is leeching your porn.
You have said it yourself: "it is 100% certain that those who download pirated versions will never become legitimate customers." Ergo, the real damage (loss of profits) from those pirates incurred by you is exactly zero. On the other hand, you are going to inflict some real, very non-zero damage to these people by your hypothetical actions. Therefore these actions would be wrong even if we are to disregard all PR and legal reasons already cited by others here.
Somewhat relevant quote from Clientcopia:
In my previous life as a fed agent I was often asked to assist with some "undercover" sting operations all over the Northeast US. One of the most memorable was a op in northern Maine. I was to play the brother-in-law of our source whose co-worker had recently asked him if he knew of any good dealers of crack.
Long story short, they brought me in to sell him crack. We met the "Client" as planned and you should have seen this kids eyes when I pulled out this giant bag of crack we had obtained from a previous bust. He looked like he was going to start crying, like he had just come to know Jesus or something... anyway he wanted to buy it all, every last gram of it, but he had only brought $150.00 bucks with him.
I thought for a second and asked him if had his checkbook on him and he did. I asked him how much money he had in the bank, he told me and I told him he could just write me a check for the total. This kid didn't think twice about it and started writing the thing out. As he was writing he asked me all the usual questions, correct spelling of my name, confirmed the date, then stopped writing for a second, put his pen down, and I started to panic.
He looked me straight in the eye and he stated that he always wrote down "the reason" in the little space provided in the lower left hand of checks for that purpose. Before I could even speak he picked his pen back up again and started writing, then folded the check in half and handed it to me. Before I handed him the crack I wanted to see what he wrote, so I unfolded the check and read aloud; "For Illegal Drugs", the second I read that out loud we could all hear very loud laughter coming from the room next door. You see I was wired and 6 agents were in the next room, hanging on every word. They knew they had alerted this guy and without delay came charging into the room to arrest him, but what a strange sight it was to see 6 armed feds tearing into a room, guns drawn and laughing so hard they really could not even speak in complete sentences...
A virus that instead plays "Downloading is right" and redirects the homepages of big software, music and movie companies to piratebay, mininova, etc...
Its much easier to modify the existing virus with a disassembler.
Shame they took it down. Anyone care to put it up on google code? : )
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Can we have the name of the person who downloaded the "serial key generator" and found this trojan? What did it claim to generate a serial key for, Duke Nukem vs Predator 2?
There is no reason to run a keygen on your system, period.
There are sites out there which will run a keygen server side and carry lists of serialz.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Even though it was probbaly intended to be a troll, it is worthy of discussion.
As a responsible software development shop, you should know that you absolutely do NOT want any version of your software floating around that attacks a users machine.
All I need to hear is that your Application 2.1 will say, format a harddrive and delete all partitions... and I woould not touch it with a 10 foot pole.
So. If you want to completely destry your customer base - go ahead and pull such a stunt.
I am very small, utmostly microscopic.
Tell that to SourceForge.
If these people are caught with ties to any industry the FTC needs to come down on them, hard.
---- Booth was a patriot ----
I'm all against nefarious software creeping onto my system, but this is like complaining that the guy you tried to buy drugs from turned out to be a cop.
Not all agree with you, and some feel that mis-representation is wrong too.
---- Booth was a patriot ----
So what if instead of a re-direct it phones home to the BSA with your IP and intended software.
Get a country wide 'search warrant' so the above is admissible in court ...
Arrest 100000's of people and remove all their rights.
Black list these 10000's of people and create new democratic voters living on handouts.
Profit! ( if you are a politician )
---- Booth was a patriot ----
Very few 'viruses' are technically viruses as almost all need some level of human interaction.. But its the term the media uses.
---- Booth was a patriot ----
That's what you get for downloading ostensibly pirated executable code from BitTorrent or any other filesharing network! It's like buying illicit drugs from some stranger in an alleyway, and assuming that the shit is pure and not cut with something that's going to fuck you up: be sure to let me know how that's working for you, if you survive that is.
I'm all against nefarious software creeping onto my system, but this is like complaining that the guy you tried to buy drugs from turned out to be a cop.
That's a very appropriate analogy, considering that both drugs and keygens should be legal. What goes on between consenting adults and their computers is nobody else's business.
Give me Classic Slashdot or give me death!
What what!
Your idiot! [yes, the possessive]
You're annoying!
Madonna has since adopted an even nastier tactic, that of producing such lousy crap no one will want to pirate it (specifically her most recent album!).
Let's celebrate the nine heroes who have actually given this feedback on eBay. :^D
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Now all we need is a torrent download of a sound file that says viruses are wrong. =)
I use Windows... like a two dollar wh.. why don't I just go ahead and not finish that sentence.
Just to clarify,a keylogger is different from a keygen. The former being used to record what keys are being pressed on a user's keyboard, etc, while the keygen creates serial #'s etc for various software.
well, I didn't.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
Several new sources are reporting that Somali pirates drown with ransom after freeing Saudi supertanker.
Anyone care to comment on how this will affect piracy?
CD keys were always written on the CD with a sharpie. It fixes that problem.
Changing to Ubuntu made life even easier. I don't see CD keys anymore.
The truth shall set you free!
I've heard of the piratebay before but never Superbay and Mininova. Awesome! I have to tell all my friend.
---
Yes, I know.
heh nah this can be even better - there needs to be a "friendly" virus, that infects every computer with a p2p client, and increase the number of base users from >20 million peers to >100 million peers.
Users would have banner ads replaced with links to free downloads of the latest music and movies, with a client that becomes available under the start menu. It should make use of the latest encrypted bittorrent protocol, UPnP ...
The author should make use of encryption to verify that the update for the client and protocol is authentic.
We are in an arms race - the rest of society versus the handful of wealthy artists. There are many very talented musicians and artists who never see even 1/1000000th the income as ones who've broken into the pop scene. And many of them will never reach the popularity required to receive a respectable income, because they're not willing to compromise certain aspects of their work, just to increase their listener base. That's why a considerable amount of popular music sounds the fucking same ...
I like how every new article cites "global decline in CD sales" - well no shit - people have portable mp3 players now, because it's a more compact format compared to CD. Why the fuck would anyone want to lug around a CD wallet with a CD player, when you can have all that music in a device you can easily lose down your pants. This is like arguing "global decline in vinyl record sales" - hrmmm... maybe because people started buying CDs!?! So obviously they're excluding sales figures from iTunes in these articles.
Plus really, Madonna can't afford her multimillion dollar mansions, luxury vehicles, yoga dances, because instead of earning $50 million she's earned $40 million. Oh the suffering she must go through.
Oddly enough, there's news articles about her criticizing modern pop music - since it creates a homogenized culture. Isn't that what "popular" culture is about? Increasing the audience base to the largest possible size? Isn't there a need to create cultural homogenization to increase the base audience of pop music? She only has herself to blame for this - she basically set the framework for doing this - her and Michael Jackson, the Beatles, Elvis ...
In the end, If you're a fan of a particular artist, even if you've downloaded pirated copies of their music, inevitably you will spend money towards them, increasing the base revenue of their franchise. In periods of economic downturn, everyone should expect a decrease in sales ...
Piracy, on a long enough time line, should increase the revenue for local artists, and decrease revenue for the major pop acts. The local artists just need to improve their local promotion and distribution. Pop artists who have gained the respect of a large number of minor acts, should maintain their pop status, while those who do not, will eventually disappear from the industry - like Vanilla Ice. :-) There's a reason someone like Ozzy will generally remain profitable as long he can still perform - just about every metal band in the world has respect for him, and will speak positively about him, bringing his music to their fans, constantly providing new customers.
Pop artists should almost operate as a label in of themselves - someone like Trent Reznor has significant influence on his fans when he introduces them to other bands and musicians. In turn, those bands and musicians provide Trent with new fans. He would benefit, the other less popular acts would benefit, it's win-win all around. Piracy, or providing free sources of music - like MySpace or Youtube - help generate interest in the base set of fans, and expand their likelihood on spending money.
The only people who really start losing in all of this, is Britney Spears, Madonna, Backstreet Boys ... but they make money in other ways, perfumes, children's backp
1. Buying drugs is a crime. Copyright infringement is a civil matter.
2. As others have pointed out, while buying drugs is pretty much always illegal (not counting perhaps medical marijuana, but you'd get that in a pharmacy, anyway), generating a new serial may not be.
3. For that matter, generating a new serial IN ITSELF is never copyright infringement, and neither is downloading or using a keygen.
4. Don't you think there's a difference between a cop doing something and a private company doing something?
5. For that matter, do you think cops just decide to randomly go around offering people drugs, instead of getting a judge's warrant first?
Where is your freedom of information if you can't access the infromation?
Where is your freedom of information when you can't access malware?
So this definition excludes Trojans because you cannot say "this is a trojan". When you know it is not a trojan anymore.
Since I always log in as a "limited user" where changes to the hosts file is not allowed.
Kaspersky detected this yesterday:
detected: Trojan program Trojan.JS.Agent.ja
URL: http://savelocity.com/form43810aas.html
and all I did was type in Gran Torino into the search field on the Bay. Crazy.
a serial key generator is used for what legitimate purpose? not debating the sharing of grey material, I just cannot see too many people using a serial key generator for anything more than using software that they don't have any right to have.
Some keygens query Windows for certain unique system identifiers (e.g. MAC address, C: Volume Serial Number) which are used to generate the key. Hence, the key generated by the keygen that ran the VM or Sandbox would only be valid for the application installed in that operating environment.
w00t
Thanks for missing my entire point. Public school graduate, I presume? :)
:) I don't want to put forth the wrong expectation, but I do think that every salvo in this war of ideas should be halted until we can at least agree that Copyright in its current form is _NOT_ what the Founders were after. If we can at least get that far (we know the *AA's and copyright holding houses like Disney won't budge), maybe we can get some sanity back into this and stop trying to stamp these things out with viruses, trojans, legislation, criminalization, and excessive litigation.
The secondary point is how copyright has gotten completely out of hand. But suffice to say, most people have enough of a bias that they miss the point entirely. Did I endorse piracy? No. Did I condone the trojan? No. But, thanks for reading anyway.
It's the Stay-Puft Marshmallow Man.
Vote Monkey! :)
It's the Stay-Puft Marshmallow Man.
You just woke up Cthulhu and his 5 servants ! Better make up now!
Bow to your new summoned overloard!
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
With that kind of stupidity this guy sure doesn't deserve drugs!
Do something illegal? Don't get caught!
How is drugs even remotely comparable to food or handicapped people?
Drugs is a choice; being handicapped and (often) having no food isn't!
Even when the choice can be difficult to get rid of, it's still a choice where you can change your life.
Try that without arms or legs.
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
Wow, I didn't know about Suprbay, and Mininova
Thanks for the tip trojan author.
by giving it attention you are giving it power ... there's this mc2 thing that says everything is like -euhm- energy ... and stuuff... and -euhm ... well, dont spend your energy on shit like that???
beware he who denies you access to information for in his mind, he already deems himself to be your master (SMAC-ish)