Slashdot Mirror
Trojan Found At Torrent Sites Insists "Downloading Is Wrong"
NoisySplatter writes "Ernesto, founder of TorrentFreak, reports that a new trojan, 'Troj/Qhost-AC,' has been distributed on The Pirate Bay. The virus was disguised as a serial key generator, and the offending torrent has since been removed, but the source has not been identified. Troj/Qhost-AC makes changes to the user's hosts file that redirects The Pirate Bay, Suprbay, and Mininova to 127.0.0.1. In addition to making three popular torrent sites inaccessible, the virus also plays a sound file that says: 'downloading is wrong.' It looks like someone has finally stepped up to the plate to challenge Madonna for the title of 'Most Obnoxious Anti-Piracy Stunt.' Of course, this could just be the software industry's attempt at outdoing the RIAA and MPAA."
This could be the piracy groups themselves throwing this out there to stir up sentiment against the RIAA, MPAA, etc.
Of course that's like adding a few cords of wood to the fires of HELL, but it is a possibility.
P.S - This is not nearly as bad as the Sony Rootkit.
A virus that instead plays "Downloading is right" and redirects the homepages of big software, music and movie companies to piratebay, mininova, etc...
Justice is the sheep getting arrested while an impartial judge declares the vote void.
It's pretty crazy to be running keygens on your system. Every time I do it, I think to myself "what are these guys getting for all their hard work?" The same thing with cracked software - you run an installer yourself how could the cracker pass up that type opportunity? I just assume most of them infect your computer with some spyware and trojans.
(\(\
(^.^) INFECTED
(")")
From everything I've read (the slashdot summary excluded) this isn't really a virus -- it's a straight trojan. That means you would have to be trying to download a serial key generator in order to get it on your system. (ie. It doesn't spread to you from other people's machines.)
I'm all against nefarious software creeping onto my system, but this is like complaining that the guy you tried to buy drugs from turned out to be a cop.
Well, for one thing, it's illegal, immoral, and unethical. Fighting crime by being a criminal... well, you see where I'm going with that.
Furthermore, do you want your company to get the reputation of a malware maker and distributor? That's not likely to increase your sales.
Beyond even that, say, for example, someone repackages the malware you release as a 'linux-iso' or somesuch. Then you would be to blame for destroying the computers of innocent people.
Y'know, based on this, if I were your boss, I'd fire you, because you're clearly lacking in ethical stability, and making threats such as you have marks you as a company liability. Hmm.
Synthmaker, a music DSP authoring utility which allows 'full version' owners to export VSTs (virtual instruments) which they can then redistribute / sell had an interesting post a couple months ago from one of the users talking about how a VST they had offered for something like $10 ended up being posted with a crack on usenet.
Stuff like that happens all the time and directly affects the little guy even more than it does the big faceless corporations.
So it's tough for me to think that any company would take the immense risk of doing something as stupid as distributing a virus, whereas a disgruntled independent developer with spare time and a personal axe to grind against piracy might not care as long as some homebrew justice gets metered out.
So really it's more like the guy you were trying to buy medical marijuana from turned out to be the naggy guy behind the Above the Influence campaign.
Far out. I'll slap the next person who tells me Unix is hard to use, if that's Microsoft's idea of user-friendliness.
Comment removed based on user account deletion
Unless your product is worth $10,000+ then you stand a solid chance of doing far more damage than you could possibly claim your product was worth. Not to mention people will rename and pass along your software to bystanders. Mind you I don't have any complaint as such, if they make the choice to avoid the law, then stepping into a claymore placed to catch thieves is part of the risk.
I'm only saying that I doubt these people have thought through all the possible consequences of their actions. The reason the big software companies don't do this is that they have more to lose than they stand to gain.
How do you kill that which has no life?
The Sony Rootkit affected people who bought shit legally. Where's the fucking relevance?
There is no way you would win this case, and nor should you. You deserve to lose everything if you think even for a second that you have rights over everybody elses data.
I could say the exact same thing about software pirating.
Actually i think this is an interesting action. As a communicative act, this trojan shows several things, e.g. that the internet stays an unstable place where everything is mostly determined by convention -- even with pirates -- AND that TPB is taking down torrents they don't like, despite being a stronghold of free speech. Of course "malicious software" is the argument here for removal of the torrent, but who defines what is malicious? In the end TPB caters to the needs of its community, by filtering "content" this community doesn't approve of.
Yes, in theory, the permission(security on the whole) system of NTFS + XP/Vista is better. It's more customizable and has a complete GUI interface. Still, it doesn't work nearly as well as is could. Many things aren't put in the right default permissions which makes a lot of stuff fail when not having admin privileges (I know I stopped using a limited user account when winamp didn't work well).
Also, a more complex problem is that Windows users don't know about all that stuff and can't be bothered to learn something they think it doesn't help. Yes, now with the rapid expansion of Ubuntu and other distros too there are quite a few computer illiterates using Linux. It will be fun to see if Linux will still manage when(if) it will become the main OS and all the malware is directed to it.
I guess we could say that the real problem would be that malware/viruses/trojans get created in the first place but then we would wind up in philosophical territory and many of you have probably stopped reading my post already.
ics
Well, for one thing, if I was your legitimate paying customer and you pulled off stuff like that I'd soon be your ex-customer.
It doesn't matter that it hurts only pirates. Your priorities are clearly messed up and that's an indicator of other things being wrong too. Better do business with people more concerned about their customers and less concerned about pirates.
Even though it was probbaly intended to be a troll, it is worthy of discussion.
As a responsible software development shop, you should know that you absolutely do NOT want any version of your software floating around that attacks a users machine.
All I need to hear is that your Application 2.1 will say, format a harddrive and delete all partitions... and I woould not touch it with a 10 foot pole.
So. If you want to completely destry your customer base - go ahead and pull such a stunt.
I am very small, utmostly microscopic.
Try to open regedit someday.
Anyway, "easy to use" is jargon to "works like Windows" nowadays. So, obviously, Windows is "easy to use", you can't contest that.
Rethinking email
I have no contract or agreement whatsoever with those 'strangers', and furthermore given the warnings that i said we'd include in our material and the fact that the 'damage' we'd cause is purely virtual, that few judges would view our response as anything but justified. IANAL, but in the country where my country is based, there is a much less pussified view of the rights of criminals, especially here.
What you are proposing is nothing more than crude vigilantism. I sincerely doubt your legal system - assuming you're not living in some backwards third-world hellhole - takes anything but an incredibly dim view of such behaviour.
There are several big reasons why you would be crucified by the legal system in any remotely civilised country for your plan:
* You have malicious intent. You are seeking revenge, not reparations or prevention.
* It is a calculated and premeditated action.
* It is disproportional. Stopping your software working is one thing. Nuking someone's entire computer (which could have all sorts of irreplaceable data from tax returns to family photos) is a different scenario entirely.
Sure, if someone who _has_ pirated this sued you, you could sue them for copyright infringement, but the punishment for premeditated and malicious damage and destruction of property (likely criminal, not civil charges) are going to be - as they should be - far, far higher, so overall you'll lose. If it ever misfired and hit any legitimate customers, the resulting lawsuits would - justifiably - almost certainly put you out of business (and if they didn't the destruction of your reputation would finish the job).
Madonna has since adopted an even nastier tactic, that of producing such lousy crap no one will want to pirate it (specifically her most recent album!).
I read some Atari games would detect they were cracked but play right up to the end. At the last minute final boss would, instead of fighting, give you a lecture about how piracy was killing the industry and then the game would exit.
Funnily enough, piracy didn't kill the '80s videogame industry, it was Atari themselves who did it.
The best possibility would to release false crack, i.e ones that let the program start but then fail in an irritating after it has been played for a long time, like hanging and corrupting saved games. Hell you could put some hard to find bugs back into the cracked version and rely on the fact that the cracking scene doesn't QA effectively.
Except that since the videogame industry *also* doesn't do QA effectively, such an action would only reflect badly on the original developers with most comments on the torrent websites going along the lines of "thanks for this crack, too bad you wasted your effort on this buggy piece of shit though, could you do a decent game next please?". Definitely not good for PR.
No problem is insoluble in all conceivable circumstances.