Slashdot Mirror
Trojan Found At Torrent Sites Insists "Downloading Is Wrong"
NoisySplatter writes "Ernesto, founder of TorrentFreak, reports that a new trojan, 'Troj/Qhost-AC,' has been distributed on The Pirate Bay. The virus was disguised as a serial key generator, and the offending torrent has since been removed, but the source has not been identified. Troj/Qhost-AC makes changes to the user's hosts file that redirects The Pirate Bay, Suprbay, and Mininova to 127.0.0.1. In addition to making three popular torrent sites inaccessible, the virus also plays a sound file that says: 'downloading is wrong.' It looks like someone has finally stepped up to the plate to challenge Madonna for the title of 'Most Obnoxious Anti-Piracy Stunt.' Of course, this could just be the software industry's attempt at outdoing the RIAA and MPAA."
There once was a man who could boast
that due to his low latency host
when blog posts went down,
he was always around
to sit down and type swiftly "FIRST POST"
127.0.0.1 turns out to be *my* private IP address. So everyone with that virus is connecting to my Internet. That would explain why my connection has been so slow lately. I sure hope they find the bastard who did this to me. I'll gladly add my own lawsuit to the pile.
This could be the piracy groups themselves throwing this out there to stir up sentiment against the RIAA, MPAA, etc.
Of course that's like adding a few cords of wood to the fires of HELL, but it is a possibility.
P.S - This is not nearly as bad as the Sony Rootkit.
-rw-r--r-- 1 root root 1061 2007-04-05 12:18 /etc/hosts
Ahhh, windows, gotta love it.
A virus that instead plays "Downloading is right" and redirects the homepages of big software, music and movie companies to piratebay, mininova, etc...
Justice is the sheep getting arrested while an impartial judge declares the vote void.
It's pretty crazy to be running keygens on your system. Every time I do it, I think to myself "what are these guys getting for all their hard work?" The same thing with cracked software - you run an installer yourself how could the cracker pass up that type opportunity? I just assume most of them infect your computer with some spyware and trojans.
(\(\
(^.^) INFECTED
(")")
Does anyone know what it was claiming to be a keygen for? That would be a likely lead as to who is responsible for the virus, assuming it was the software industry who released this.
Behold, another webcomic!
<barrywhite>
But baby....how can it be wrong...when it feels so right....
</barrywhite>
Weaselmancer
rediculous.
From everything I've read (the slashdot summary excluded) this isn't really a virus -- it's a straight trojan. That means you would have to be trying to download a serial key generator in order to get it on your system. (ie. It doesn't spread to you from other people's machines.)
I'm all against nefarious software creeping onto my system, but this is like complaining that the guy you tried to buy drugs from turned out to be a cop.
..which of course according to the recording is wrong. Oh, I'm in the middle of downloading packets of data for TV since I'm using satellite TV, which is also wrong I guess. Where did I go so wrong in life.
I'd like somebody to please explain to me why my company should not compile versions of our software for torrent that do horrible and terrible things to the downloaders' PCs after say, the third run. We have no duty of care nor contract with such downloaders and due to the nature of our software, it is 100% certain that those who download pirated versions will never become legitimate customers. Furthermore, because of the way our software is licensed and its data is accessed, we can be 100% sure that none of our legitimate users are using pirated versions. No really. I'd like you guys to tell me why not. it's something I've fantasized about. We'd even put noticed at the beginning of the software telling the user quite explicitly about the horrible things that the software would do, and we would not hold the users "hostage" to purchasing our software in any way. Of course, we could open ourselves up to retribution attacks, but, imagining for a moment if that was not an issue, i'd like to hear some opinions. As you can see by the responses here to this article, many slashdotters have abandoned even the pretense of soome pseudophilosophical justification for their piracy and are just concentrating on the technical tricks involved in being better pirates ("virtual machines, baby", etc.)
Just to spite those who uploaded that trojan, I will start downloading FreeBSD 7.1 later today.
Here it is:
http://www.mininova.org/search/?search=freebsd
Ha!
Synthmaker, a music DSP authoring utility which allows 'full version' owners to export VSTs (virtual instruments) which they can then redistribute / sell had an interesting post a couple months ago from one of the users talking about how a VST they had offered for something like $10 ended up being posted with a crack on usenet.
Stuff like that happens all the time and directly affects the little guy even more than it does the big faceless corporations.
So it's tough for me to think that any company would take the immense risk of doing something as stupid as distributing a virus, whereas a disgruntled independent developer with spare time and a personal axe to grind against piracy might not care as long as some homebrew justice gets metered out.
It replaces all your audio files with Barry Manilow songs. The initials refer to the users reaction when they realize they now have 30,000 copies of "Mandy" choking their hard drive.
So really it's more like the guy you were trying to buy medical marijuana from turned out to be the naggy guy behind the Above the Influence campaign.
Aside from a ridiculous audio message I think it's pretty funny. If you're downloading software from an unsecured and anonymous source and executing it on your computer what do you expect to happen? At least they didn't go hog wild and destroy the OS.
Ha. I like it (: But it needs a better recording.
No sig for you. YOU GET NO SIG!
As soon as happy user loads the trojan, he/she won't use torrent anymore (or at least he gets rid of it), thus how can this thing spread?
I'd like to give the Author of the Trojan a +5 "Magnificent Bastard" Moderation
Clue-Passive, because those with clue will remove it in 2 seconds...
"L33t Script-Kiddie" hax0rs will say: "The site was removed, argh I'm being tracked!!!" (and hopefully either stop, so SysAdmins don't have to de-virus their machines constantly, or learn enough so they understand a little bit more about what they're doing).
All in all, a clever combination of Technology and good understanding of Human-Computer Interaction.
Disclaimer: No, I didn't write it.
A Man's ethical behavior should be based effectually on sympathy, education, and social ties -- Albert Einstein
Comment removed based on user account deletion
Or like complaining that instead of office chair, package contained bobcat.
Just wait 'til you get a dumbass letter from the RIAA saying that the IP 127.0.0.1 has been identified as a computer uploading copyrighted material. Then the shit will really hit the fan ;)
I'm all against nefarious software creeping onto my system, but this is like complaining that the guy you tried to buy drugs from turned out to be a cop.
What, you don't get pissed when that happens to you?
Property is theft.
Yep disney is relevant to this discussion because I'm SURE that these applications being cracked are at LEAST 16 years old.
Pics or it never happened!
I hate printers.
What I want to know is WHY did the piratebay take it down?
Maybe because it was editing the hosts file and therefore blocking thepiratebay.com? Where is your freedom of information if you can't access the infromation?
Well , the trojan has been removed , and i'm sure the user uploading has also been identified and banned.
If it changes the hosts file , it's easy to identify, and remove.
We get trojan and virus uploaders all the time, and they are removed at first sight, so this is nothing new, and nothing TPB can't handle.
Slipping shoelaces ?
they care not about legality but about the users OS meaning reported Trojans that block access to ThePirateBay get deleted. also i would assume their definition of hurt is selective. takedowns will occur for torrents that damage users files. however torrents that damage revenue of greedy companies will remain.
4c:61:7a:79
Actually i think this is an interesting action. As a communicative act, this trojan shows several things, e.g. that the internet stays an unstable place where everything is mostly determined by convention -- even with pirates -- AND that TPB is taking down torrents they don't like, despite being a stronghold of free speech. Of course "malicious software" is the argument here for removal of the torrent, but who defines what is malicious? In the end TPB caters to the needs of its community, by filtering "content" this community doesn't approve of.
http://www.vnunet.com/vnunet/news/2123077/anti-blaster-worm-spreads-patches
every day http://en.wikipedia.org/wiki/Special:Random
Wow, people belirve that shit?
TPB believes in generating advertising revenue. Everything else is bullshit. You really think they are about freedom?
DRM-free indie games for the PC and Mac: Positech Games
First, it takes a lot of time to find out what it really does. And even if you manage to hack it to pieces in a dis, you are never really 100% certain. Disassembled Assembler code tends to be unclear if anything. It's easy to overlook a branch that seemingly never gets executed... until something happens. If it's done creatively, you can hide the real bomb fairly well in something that, let's say, self encrypts itself and only reveals its function right at the moment when it hits.
A piece of malware on your PC is a foot in the door. Unless you wrote it yourself, consider it harmful.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I long ago dropped the idea of discriminating between virus, worm, trojan and whatever other type of malware we tried to classify in the earlier days. Today, you have usually so many functions rolled into one that it's hard to really find a suitable classification for a certain piece of malware. And while this is maybe the most classic definition of a trojan (malware disguised as something else), maybe it's time to get rid of the idea to classify and qualify malware.
Malware is something you do not want in your PC, that is brought there against your intentions and that has negative and often harmful effects on your PCs reliability, stability or security. It's already hard enough to explain to people what malware is without confusing them with conflicting terms. They distract from the real problem more than they explain it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
OMG! They're leeching from The Elite Warez Network! YRLY!
Patches your flash player so that everything you look at on Youtube gets replaced by Mr. Astley's stellar performance.
It's not just this trojan, the whole Elite Warez Network is leeching your porn.
Now, I hope that's understandable. Like every good "businessman", TPB cares about its customer and not about anyone else. What do you think the average person going to TPB wants, a trojan that infects his system or some software for free that he'd normally have to pay for?
Don't spit on the free market theory, the system works!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You have said it yourself: "it is 100% certain that those who download pirated versions will never become legitimate customers." Ergo, the real damage (loss of profits) from those pirates incurred by you is exactly zero. On the other hand, you are going to inflict some real, very non-zero damage to these people by your hypothetical actions. Therefore these actions would be wrong even if we are to disregard all PR and legal reasons already cited by others here.
This is natural cycle of evolution of such sites. First they are small sites with quality content for friends. Then friends are inviting friends and there is more content. Then content number is enormous, so you are very known site with quality content, anyone will join, many very stupid. You have many moderators, but they eventually can't cope with all that stupidity and it's not funny for them anymore, so they quit leaving only stupid people. Thanks to slashdot's moderation system it has thriven very long, but it's so known, there are millions of stupid users now. Now slashdot community is facing loss of quality users. It will be slow and painful death.
Extreme Programming - Redundant Array of Inexpensive Developers
Somewhat relevant quote from Clientcopia:
In my previous life as a fed agent I was often asked to assist with some "undercover" sting operations all over the Northeast US. One of the most memorable was a op in northern Maine. I was to play the brother-in-law of our source whose co-worker had recently asked him if he knew of any good dealers of crack.
Long story short, they brought me in to sell him crack. We met the "Client" as planned and you should have seen this kids eyes when I pulled out this giant bag of crack we had obtained from a previous bust. He looked like he was going to start crying, like he had just come to know Jesus or something... anyway he wanted to buy it all, every last gram of it, but he had only brought $150.00 bucks with him.
I thought for a second and asked him if had his checkbook on him and he did. I asked him how much money he had in the bank, he told me and I told him he could just write me a check for the total. This kid didn't think twice about it and started writing the thing out. As he was writing he asked me all the usual questions, correct spelling of my name, confirmed the date, then stopped writing for a second, put his pen down, and I started to panic.
He looked me straight in the eye and he stated that he always wrote down "the reason" in the little space provided in the lower left hand of checks for that purpose. Before I could even speak he picked his pen back up again and started writing, then folded the check in half and handed it to me. Before I handed him the crack I wanted to see what he wrote, so I unfolded the check and read aloud; "For Illegal Drugs", the second I read that out loud we could all hear very loud laughter coming from the room next door. You see I was wired and 6 agents were in the next room, hanging on every word. They knew they had alerted this guy and without delay came charging into the room to arrest him, but what a strange sight it was to see 6 armed feds tearing into a room, guns drawn and laughing so hard they really could not even speak in complete sentences...
...for Windows.
But no...no reason to consider alternatives.
... where the programs people are pirating don't run.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
A virus that instead plays "Downloading is right" and redirects the homepages of big software, music and movie companies to piratebay, mininova, etc...
Its much easier to modify the existing virus with a disassembler.
Shame they took it down. Anyone care to put it up on google code? : )
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Can we have the name of the person who downloaded the "serial key generator" and found this trojan? What did it claim to generate a serial key for, Duke Nukem vs Predator 2?
There is no reason to run a keygen on your system, period.
There are sites out there which will run a keygen server side and carry lists of serialz.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Even though it was probbaly intended to be a troll, it is worthy of discussion.
As a responsible software development shop, you should know that you absolutely do NOT want any version of your software floating around that attacks a users machine.
All I need to hear is that your Application 2.1 will say, format a harddrive and delete all partitions... and I woould not touch it with a 10 foot pole.
So. If you want to completely destry your customer base - go ahead and pull such a stunt.
I am very small, utmostly microscopic.
Thank you. Your answer is logical and makes sense. And as for the anon coward telling me to go to /g/ because I read at -1, WOOSH! Kind of missed the point, but may have hit the nail on the head by complete accident.
The point was you didn't HAVE to cruise at +5, because the only thing you found at -1 was the occasional heated argument or sock puppet battle. And as for how you may have hit the answer by accident: I don't go to 4chan. I think it is stupid with way too many loli freaks. But since you brought up /g/ I'm guessing you're a channer. Slashdot didn't seem to have lousy trolls until 4chan got DDoSed awhile back. So in addition to the above poster's answer I'm willing to bet some of the 4chan trolls(which frankly suck. Learn how to write good trolls 4channers) have decided to sleep under the bridge here at Slashdot. Which is really a shame, since this used to be such a good site. But at + viewing there frankly isn't enough posts to bother with and at -1 it is nothing but trolls. Damned shame.
ACs don't waste your time replying, your posts are never seen by me.
Tell that to SourceForge.
If these people are caught with ties to any industry the FTC needs to come down on them, hard.
---- Booth was a patriot ----
I'm all against nefarious software creeping onto my system, but this is like complaining that the guy you tried to buy drugs from turned out to be a cop.
Not all agree with you, and some feel that mis-representation is wrong too.
---- Booth was a patriot ----
Very few 'viruses' are technically viruses as almost all need some level of human interaction.. But its the term the media uses.
---- Booth was a patriot ----
Like you I am actually surprised people are surprised by this. OMG!! a Trojan in a downloadable file from what is pretty much a hub for sharing warez. I guess there are naive people out there that think because it passed through a BitTorrent network the BT fairies and pixies have cleaned the files from all that is bad.
I'm all against nefarious software creeping onto my system, but this is like complaining that the guy you tried to buy drugs from turned out to be a cop.
That's a very appropriate analogy, considering that both drugs and keygens should be legal. What goes on between consenting adults and their computers is nobody else's business.
Give me Classic Slashdot or give me death!
What what!
Your idiot! [yes, the possessive]
You're annoying!
Madonna has since adopted an even nastier tactic, that of producing such lousy crap no one will want to pirate it (specifically her most recent album!).
Let's celebrate the nine heroes who have actually given this feedback on eBay. :^D
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Now all we need is a torrent download of a sound file that says viruses are wrong. =)
I use Windows... like a two dollar wh.. why don't I just go ahead and not finish that sentence.
Just to clarify,a keylogger is different from a keygen. The former being used to record what keys are being pressed on a user's keyboard, etc, while the keygen creates serial #'s etc for various software.
well, I didn't.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
CD keys were always written on the CD with a sharpie. It fixes that problem.
Changing to Ubuntu made life even easier. I don't see CD keys anymore.
The truth shall set you free!
edit hosts file and make a back up
Better is to use an OS where only the Admin account can edit the hosts file.
User programs should not edit the hosts file.
The truth shall set you free!
I've heard of the piratebay before but never Superbay and Mininova. Awesome! I have to tell all my friend.
---
Yes, I know.
Where is your freedom of information if you can't access the infromation?
Where is your freedom of information when you can't access malware?
So this definition excludes Trojans because you cannot say "this is a trojan". When you know it is not a trojan anymore.
...Life jackets mandatory with every .torrent file?
Kaspersky detected this yesterday:
detected: Trojan program Trojan.JS.Agent.ja
URL: http://savelocity.com/form43810aas.html
and all I did was type in Gran Torino into the search field on the Bay. Crazy.
The pirate bay removes torrents for several reasons, but not because of the content. Here are a few things they do remove:
* Child porn when the police tells them to take it down.
* Torrents distributed for commercial gain.
* Torrents with incorrect name/description (It isn't the content that matters, but the fact that name/description doesn't match up with the actual content. One of the principles of the piratebay is that you should know what you download)
If you want to distribute a trojan via a piratebay torrent, just clearly state it in the name/description.
"Troj/Qhost-AC" - Trojan that prevents you from accessing the piratebay and several other torrents sites. Hidden inside a key generator for the Game XXX. To install, simply make sure the key generator is run on a machine with appropriate permissions.
If you did it like that, I don't see why the piratebay wouldn't let it remain.
Some keygens query Windows for certain unique system identifiers (e.g. MAC address, C: Volume Serial Number) which are used to generate the key. Hence, the key generated by the keygen that ran the VM or Sandbox would only be valid for the application installed in that operating environment.
w00t
Thanks for missing my entire point. Public school graduate, I presume? :)
:) I don't want to put forth the wrong expectation, but I do think that every salvo in this war of ideas should be halted until we can at least agree that Copyright in its current form is _NOT_ what the Founders were after. If we can at least get that far (we know the *AA's and copyright holding houses like Disney won't budge), maybe we can get some sanity back into this and stop trying to stamp these things out with viruses, trojans, legislation, criminalization, and excessive litigation.
The secondary point is how copyright has gotten completely out of hand. But suffice to say, most people have enough of a bias that they miss the point entirely. Did I endorse piracy? No. Did I condone the trojan? No. But, thanks for reading anyway.
It's the Stay-Puft Marshmallow Man.
Vote Monkey! :)
It's the Stay-Puft Marshmallow Man.
You just woke up Cthulhu and his 5 servants ! Better make up now!
Bow to your new summoned overloard!
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
With that kind of stupidity this guy sure doesn't deserve drugs!
Do something illegal? Don't get caught!
How is drugs even remotely comparable to food or handicapped people?
Drugs is a choice; being handicapped and (often) having no food isn't!
Even when the choice can be difficult to get rid of, it's still a choice where you can change your life.
Try that without arms or legs.
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..