Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Found At Torrent Sites Insists "Downloading Is Wrong"

Posted by Soulskill on from the attack-of-conscience dept.

NoisySplatter writes "Ernesto, founder of TorrentFreak, reports that a new trojan, 'Troj/Qhost-AC,' has been distributed on The Pirate Bay. The virus was disguised as a serial key generator, and the offending torrent has since been removed, but the source has not been identified. Troj/Qhost-AC makes changes to the user's hosts file that redirects The Pirate Bay, Suprbay, and Mininova to 127.0.0.1. In addition to making three popular torrent sites inaccessible, the virus also plays a sound file that says: 'downloading is wrong.' It looks like someone has finally stepped up to the plate to challenge Madonna for the title of 'Most Obnoxious Anti-Piracy Stunt.' Of course, this could just be the software industry's attempt at outdoing the RIAA and MPAA."

14 of 345 comments (clear)

  1. Running as admin is fun by Anonymous Coward · · Score: 1, Informative

    -rw-r--r-- 1 root root 1061 2007-04-05 12:18 /etc/hosts

    Ahhh, windows, gotta love it.

    1. Re:Running as admin is fun by Hal_Porter · · Score: 3, Informative

      C:\Windows\System32\drivers\etc>cacls hosts
      C:\Windows\System32\drivers\etc\hosts NT AUTHORITY\SYSTEM:(ID)F
                                                                                  BUILTIN\Administrators:(ID)F
                                                                                  BUILTIN\Users:(ID)R

      So only SYSTEM and Admin can write. On Vista with UAC enabled I can't write to it, even though I'm an Admin.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    2. Re:Running as admin is fun by calmofthestorm · · Score: 2, Informative

      Well if you want to go there, most modern linux filesystems support ACLs as well, they're just not generally needed since programs only ask for root if they need it...

      --
      93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
    3. Re:Running as admin is fun by techprophet · · Score: 2, Informative

      And then some parts of the APIs have no docs or at least not ones that tell what a function does.

  2. Re:Keygens by Anpheus · · Score: 4, Informative

    Virtual machines baby, boot it up, run the keylogger, run the install up to the point where it gives you whatever you need to install, and then reset the hard drive state.

  3. Re:Nice by Anonymous Coward · · Score: 0, Informative

    That wasn't even close to being an actual limerick, and even if it was, it would be the suckiet limerick in the world.

    Whatever you do, don't become a poet. That was dreadful. For real.

  4. Re:Please explain to me by spathi-wa · · Score: 3, Informative

    It's OK to pull a gun on someone who is robbing your store only if local and state laws specifically say so.

    Downloading and using software without a valid license is not covered by laws that allow the licensed distributor to do anything to other people's data.

    Being other people's data, which the distributor or developer do not and cannot have any rights over, it is unlikely that any such law will be passed.

  5. Re:First? by kdemetter · · Score: 4, Informative

    Well , the trojan has been removed , and i'm sure the user uploading has also been identified and banned.

    If it changes the hosts file , it's easy to identify, and remove.

    We get trojan and virus uploaders all the time, and they are removed at first sight, so this is nothing new, and nothing TPB can't handle.

    --
    Slipping shoelaces ?
  6. Re:Please explain to me by drx · · Score: 2, Informative

    Because the internet is not the USA?

  7. Re:Expect the reverse by Anonymous Coward · · Score: 1, Informative

    Downloading is wrong. That's why I always aim to upload back at least as much as I download to offset the badness of downloading.

  8. Re:Keygens by Anonymous Coward · · Score: 4, Informative

    That is actually a very bad idea. Many default installs of Wine offer access to your entire filesystem (including your home directory). Wine is not a isolated environment like most VM's are. It lets you run Windows applications as native binaries, including viruses and trojans with many of their effects still intact. It is very possible to infect a Linux machine with malicious Windows binaries running in Wine.

    Personally I have never seen a real keygen that did anything other than it was suppose to. There are some flat out trojans like this article is talking about but I have never seen a working keygen that was malicious. With that said, there is always a first time. I would only run them in a VM and with networking disabled too. Wipe/reset the VM back to a known state afterwards of course.

  9. Re:Keygens by geekboy642 · · Score: 2, Informative

    http://www.linux.com/articles/42031

    Infect? no. It would have to be a custom targeted virus. You're fine as long as you don't have that exact setup, and run random .exes in wine, and piss off some bored geek.

    --
    Just another "DOJ fascist authoritarian totalitarian bootlicker" -- Zeio
  10. For the Japanese-impaired by TheoMurpse · · Score: 2, Informative

    What what!
    Your idiot! [yes, the possessive]
    You're annoying!

  11. Thanks - didn't know about suprbay by Werrismys · · Score: 3, Informative

    well, I didn't.

    --
    'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack