Slashdot Mirror
Trojan Found At Torrent Sites Insists "Downloading Is Wrong"
NoisySplatter writes "Ernesto, founder of TorrentFreak, reports that a new trojan, 'Troj/Qhost-AC,' has been distributed on The Pirate Bay. The virus was disguised as a serial key generator, and the offending torrent has since been removed, but the source has not been identified. Troj/Qhost-AC makes changes to the user's hosts file that redirects The Pirate Bay, Suprbay, and Mininova to 127.0.0.1. In addition to making three popular torrent sites inaccessible, the virus also plays a sound file that says: 'downloading is wrong.' It looks like someone has finally stepped up to the plate to challenge Madonna for the title of 'Most Obnoxious Anti-Piracy Stunt.' Of course, this could just be the software industry's attempt at outdoing the RIAA and MPAA."
There once was a man who could boast
that due to his low latency host
when blog posts went down,
he was always around
to sit down and type swiftly "FIRST POST"
127.0.0.1 turns out to be *my* private IP address. So everyone with that virus is connecting to my Internet. That would explain why my connection has been so slow lately. I sure hope they find the bastard who did this to me. I'll gladly add my own lawsuit to the pile.
This could be the piracy groups themselves throwing this out there to stir up sentiment against the RIAA, MPAA, etc.
Of course that's like adding a few cords of wood to the fires of HELL, but it is a possibility.
P.S - This is not nearly as bad as the Sony Rootkit.
A virus that instead plays "Downloading is right" and redirects the homepages of big software, music and movie companies to piratebay, mininova, etc...
Justice is the sheep getting arrested while an impartial judge declares the vote void.
It's pretty crazy to be running keygens on your system. Every time I do it, I think to myself "what are these guys getting for all their hard work?" The same thing with cracked software - you run an installer yourself how could the cracker pass up that type opportunity? I just assume most of them infect your computer with some spyware and trojans.
(\(\
(^.^) INFECTED
(")")
C:\Windows\System32\drivers\etc>cacls hosts
C:\Windows\System32\drivers\etc\hosts NT AUTHORITY\SYSTEM:(ID)F
BUILTIN\Administrators:(ID)F
BUILTIN\Users:(ID)R
So only SYSTEM and Admin can write. On Vista with UAC enabled I can't write to it, even though I'm an Admin.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
From everything I've read (the slashdot summary excluded) this isn't really a virus -- it's a straight trojan. That means you would have to be trying to download a serial key generator in order to get it on your system. (ie. It doesn't spread to you from other people's machines.)
I'm all against nefarious software creeping onto my system, but this is like complaining that the guy you tried to buy drugs from turned out to be a cop.
..which of course according to the recording is wrong. Oh, I'm in the middle of downloading packets of data for TV since I'm using satellite TV, which is also wrong I guess. Where did I go so wrong in life.
I'd like somebody to please explain to me why my company should not compile versions of our software for torrent that do horrible and terrible things to the downloaders' PCs after say, the third run. We have no duty of care nor contract with such downloaders and due to the nature of our software, it is 100% certain that those who download pirated versions will never become legitimate customers. Furthermore, because of the way our software is licensed and its data is accessed, we can be 100% sure that none of our legitimate users are using pirated versions. No really. I'd like you guys to tell me why not. it's something I've fantasized about. We'd even put noticed at the beginning of the software telling the user quite explicitly about the horrible things that the software would do, and we would not hold the users "hostage" to purchasing our software in any way. Of course, we could open ourselves up to retribution attacks, but, imagining for a moment if that was not an issue, i'd like to hear some opinions. As you can see by the responses here to this article, many slashdotters have abandoned even the pretense of soome pseudophilosophical justification for their piracy and are just concentrating on the technical tricks involved in being better pirates ("virtual machines, baby", etc.)
Synthmaker, a music DSP authoring utility which allows 'full version' owners to export VSTs (virtual instruments) which they can then redistribute / sell had an interesting post a couple months ago from one of the users talking about how a VST they had offered for something like $10 ended up being posted with a crack on usenet.
Stuff like that happens all the time and directly affects the little guy even more than it does the big faceless corporations.
So it's tough for me to think that any company would take the immense risk of doing something as stupid as distributing a virus, whereas a disgruntled independent developer with spare time and a personal axe to grind against piracy might not care as long as some homebrew justice gets metered out.
So really it's more like the guy you were trying to buy medical marijuana from turned out to be the naggy guy behind the Above the Influence campaign.
Far out. I'll slap the next person who tells me Unix is hard to use, if that's Microsoft's idea of user-friendliness.
Comment removed based on user account deletion
Or like complaining that instead of office chair, package contained bobcat.
Far out. I'll slap the next person who tells me Unix is hard to use, if that's Microsoft's idea of user-friendliness.
From someone who runs a PC repair business, XP makes Unix look like childs play... Man it even makes doing a Gentoo install look easy.
Give me a nice clean bash terminal any day.
sudo mount --milk --sugar
Just wait 'til you get a dumbass letter from the RIAA saying that the IP 127.0.0.1 has been identified as a computer uploading copyrighted material. Then the shit will really hit the fan ;)
I'm all against nefarious software creeping onto my system, but this is like complaining that the guy you tried to buy drugs from turned out to be a cop.
What, you don't get pissed when that happens to you?
Property is theft.
Mod parent up. If you can't get to thepiratebay.org anymore, you're gonna reinstall your OS.
<cynic>
if you can't get to thepiratebay.org, where are you gonna get your OS from?
</cynic>
I wish I was a neutron bomb, for once I could go off...
Well , the trojan has been removed , and i'm sure the user uploading has also been identified and banned.
If it changes the hosts file , it's easy to identify, and remove.
We get trojan and virus uploaders all the time, and they are removed at first sight, so this is nothing new, and nothing TPB can't handle.
Slipping shoelaces ?
Actually i think this is an interesting action. As a communicative act, this trojan shows several things, e.g. that the internet stays an unstable place where everything is mostly determined by convention -- even with pirates -- AND that TPB is taking down torrents they don't like, despite being a stronghold of free speech. Of course "malicious software" is the argument here for removal of the torrent, but who defines what is malicious? In the end TPB caters to the needs of its community, by filtering "content" this community doesn't approve of.
Well if you want to go there, most modern linux filesystems support ACLs as well, they're just not generally needed since programs only ask for root if they need it...
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
Yes, in theory, the permission(security on the whole) system of NTFS + XP/Vista is better. It's more customizable and has a complete GUI interface. Still, it doesn't work nearly as well as is could. Many things aren't put in the right default permissions which makes a lot of stuff fail when not having admin privileges (I know I stopped using a limited user account when winamp didn't work well).
Also, a more complex problem is that Windows users don't know about all that stuff and can't be bothered to learn something they think it doesn't help. Yes, now with the rapid expansion of Ubuntu and other distros too there are quite a few computer illiterates using Linux. It will be fun to see if Linux will still manage when(if) it will become the main OS and all the malware is directed to it.
I guess we could say that the real problem would be that malware/viruses/trojans get created in the first place but then we would wind up in philosophical territory and many of you have probably stopped reading my post already.
ics
Patches your flash player so that everything you look at on Youtube gets replaced by Mr. Astley's stellar performance.
You have said it yourself: "it is 100% certain that those who download pirated versions will never become legitimate customers." Ergo, the real damage (loss of profits) from those pirates incurred by you is exactly zero. On the other hand, you are going to inflict some real, very non-zero damage to these people by your hypothetical actions. Therefore these actions would be wrong even if we are to disregard all PR and legal reasons already cited by others here.
Somewhat relevant quote from Clientcopia:
In my previous life as a fed agent I was often asked to assist with some "undercover" sting operations all over the Northeast US. One of the most memorable was a op in northern Maine. I was to play the brother-in-law of our source whose co-worker had recently asked him if he knew of any good dealers of crack.
Long story short, they brought me in to sell him crack. We met the "Client" as planned and you should have seen this kids eyes when I pulled out this giant bag of crack we had obtained from a previous bust. He looked like he was going to start crying, like he had just come to know Jesus or something... anyway he wanted to buy it all, every last gram of it, but he had only brought $150.00 bucks with him.
I thought for a second and asked him if had his checkbook on him and he did. I asked him how much money he had in the bank, he told me and I told him he could just write me a check for the total. This kid didn't think twice about it and started writing the thing out. As he was writing he asked me all the usual questions, correct spelling of my name, confirmed the date, then stopped writing for a second, put his pen down, and I started to panic.
He looked me straight in the eye and he stated that he always wrote down "the reason" in the little space provided in the lower left hand of checks for that purpose. Before I could even speak he picked his pen back up again and started writing, then folded the check in half and handed it to me. Before I handed him the crack I wanted to see what he wrote, so I unfolded the check and read aloud; "For Illegal Drugs", the second I read that out loud we could all hear very loud laughter coming from the room next door. You see I was wired and 6 agents were in the next room, hanging on every word. They knew they had alerted this guy and without delay came charging into the room to arrest him, but what a strange sight it was to see 6 armed feds tearing into a room, guns drawn and laughing so hard they really could not even speak in complete sentences...
Can we have the name of the person who downloaded the "serial key generator" and found this trojan? What did it claim to generate a serial key for, Duke Nukem vs Predator 2?
Even though it was probbaly intended to be a troll, it is worthy of discussion.
As a responsible software development shop, you should know that you absolutely do NOT want any version of your software floating around that attacks a users machine.
All I need to hear is that your Application 2.1 will say, format a harddrive and delete all partitions... and I woould not touch it with a 10 foot pole.
So. If you want to completely destry your customer base - go ahead and pull such a stunt.
I am very small, utmostly microscopic.
Try to open regedit someday.
Anyway, "easy to use" is jargon to "works like Windows" nowadays. So, obviously, Windows is "easy to use", you can't contest that.
Rethinking email
Tell that to SourceForge.
If these people are caught with ties to any industry the FTC needs to come down on them, hard.
---- Booth was a patriot ----
This way we can finally drag the user kicking and screaming into the year of Linux on desktop! :)
What what!
Your idiot! [yes, the possessive]
You're annoying!
Madonna has since adopted an even nastier tactic, that of producing such lousy crap no one will want to pirate it (specifically her most recent album!).
Let's celebrate the nine heroes who have actually given this feedback on eBay. :^D
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
well, I didn't.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
And then some parts of the APIs have no docs or at least not ones that tell what a function does.