Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Found At Torrent Sites Insists "Downloading Is Wrong"

Posted by Soulskill on from the attack-of-conscience dept.

NoisySplatter writes "Ernesto, founder of TorrentFreak, reports that a new trojan, 'Troj/Qhost-AC,' has been distributed on The Pirate Bay. The virus was disguised as a serial key generator, and the offending torrent has since been removed, but the source has not been identified. Troj/Qhost-AC makes changes to the user's hosts file that redirects The Pirate Bay, Suprbay, and Mininova to 127.0.0.1. In addition to making three popular torrent sites inaccessible, the virus also plays a sound file that says: 'downloading is wrong.' It looks like someone has finally stepped up to the plate to challenge Madonna for the title of 'Most Obnoxious Anti-Piracy Stunt.' Of course, this could just be the software industry's attempt at outdoing the RIAA and MPAA."

10 of 345 comments (clear)

  1. Holy fuck by Anonymous Coward · · Score: 5, Funny

    127.0.0.1 turns out to be *my* private IP address. So everyone with that virus is connecting to my Internet. That would explain why my connection has been so slow lately. I sure hope they find the bastard who did this to me. I'll gladly add my own lawsuit to the pile.

  2. Expect the reverse by KDR_11k · · Score: 5, Insightful

    A virus that instead plays "Downloading is right" and redirects the homepages of big software, music and movie companies to piratebay, mininova, etc...

    --
    Justice is the sheep getting arrested while an impartial judge declares the vote void.
  3. Keygens by Metapsyborg · · Score: 5, Insightful

    It's pretty crazy to be running keygens on your system. Every time I do it, I think to myself "what are these guys getting for all their hard work?" The same thing with cracked software - you run an installer yourself how could the cracker pass up that type opportunity? I just assume most of them infect your computer with some spyware and trojans.

    --
    (\(\
    (^.^) INFECTED
    (")")
    1. Re:Keygens by Hal_Porter · · Score: 5, Funny

      I rely on feedback from other downloaders on TPB. If the installer or keygen do bad things, many people will scream in comments. For popular torrents that are more than a month old, that catches malware pretty well. So far, I've no visible problem on my machine with this approach.

      I checked out your machine from here and it seems ok. A bit slow though, makes me wonder what everyone else is running on there.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  4. Re:Please explain to me by MrMista_B · · Score: 5, Insightful

    Well, for one thing, it's illegal, immoral, and unethical. Fighting crime by being a criminal... well, you see where I'm going with that.

    Furthermore, do you want your company to get the reputation of a malware maker and distributor? That's not likely to increase your sales.

    Beyond even that, say, for example, someone repackages the malware you release as a 'linux-iso' or somesuch. Then you would be to blame for destroying the computers of innocent people.

    Y'know, based on this, if I were your boss, I'd fire you, because you're clearly lacking in ethical stability, and making threats such as you have marks you as a company liability. Hmm.

  5. Re:Running as admin is fun by BrokenHalo · · Score: 5, Insightful

    C:\Windows\System32\drivers\etc>cacls hosts
    C:\Windows\System32\drivers\etc\hosts NT AUTHORITY\SYSTEM:(ID)F
    BUILTIN\Administrators:(ID)F
    BUILTIN\Users:(ID)R

    Far out. I'll slap the next person who tells me Unix is hard to use, if that's Microsoft's idea of user-friendliness.

  6. Just wait 'til... by CarpetShark · · Score: 5, Funny

    Just wait 'til you get a dumbass letter from the RIAA saying that the IP 127.0.0.1 has been identified as a computer uploading copyrighted material. Then the shit will really hit the fan ;)

  7. Re:Please explain to me by Craevenwulfe · · Score: 5, Insightful

    The Sony Rootkit affected people who bought shit legally. Where's the fucking relevance?

  8. Interesting artistic action by drx · · Score: 5, Insightful

    Actually i think this is an interesting action. As a communicative act, this trojan shows several things, e.g. that the internet stays an unstable place where everything is mostly determined by convention -- even with pirates -- AND that TPB is taking down torrents they don't like, despite being a stronghold of free speech. Of course "malicious software" is the argument here for removal of the torrent, but who defines what is malicious? In the end TPB caters to the needs of its community, by filtering "content" this community doesn't approve of.

  9. Re:Another possibility by EdIII · · Score: 5, Insightful

    It's a trojan - you have no idea what else it's doing. If all it does is screw with your HOSTS file and play a stupid audio track I agree, but it could be doing all sorts of other unknown fun stuff to your machine with the root access it has.

    Actually you are factually incorrect. As you can see in the summary and article itself it is referred to as, "Troj/Qhost-AC" by Sophos. That would seem to indicate that at some level it has been reviewed by a Anti-Virus company and I believe they would have tried pretty hard to determine the full capabilities of this Trojan. One could even say it is highly likely.

    Even so, it may have been better for me to say, "This does not at first glance appear to be nearly as bad as the Sony Rootkit turned out to be".

    Let's also remember that the origins of this trojan virus are unknown at the moment while the Sony Rootkit has it's origins WELL DEFINED. Those origins being the Sony board members that have yet to receive prison terms for their actions. For those that think that is a little melodramatic, consider what kind of reception any other corporation or private citizen would have received for releasing the same type of rootkit onto the populace.

    If this does turn out to lead back to the feet of people working for the interests of Big Entertainment it will have been done for the same reasons the Sony Rootkit was put out. Their absolute and firm belief that YOU (the customer, citizen, etc.) have ZERO RIGHTS to any privacy or control over your own electronic equipment when their intellectual property is anywhere near it.

    The funny thing is that the only other people that seem to be able to act like that and get away with it are governments. So if you are not the government or Big Entertainment you go straight to Federal Pound Me In The Ass Prison when you do act like them. Isn't that just hilarious?