Targeted Worm Hits Kazaa's Network 300
sh0rtie writes: "Kaspersky Labs and the BBC are reporting that the Fasttrack network that Kazaa uses has been hit by its first targeted worm virus dubbed 'Benjamin.' Is this a clever RIAA creation or that of a mischievous virus writer? I guess we will never know, but the result is that it seems to be bringing unsuspecting users machines to a crawl with full hard drives and clogging up the Fasttrack network with massive amounts of traffic bringing more headaches for ISPs and sysadmins worldwide."
of all days.... (Score:5, Interesting)
Next Time A Warhol Worm? (Score:5, Interesting)
BBC -- RIAA responsible (Score:3, Interesting)
http://news.bbc.co.uk/hi/english/sci/tech/newsid_
I agree with the idea that the RIAA would definitely have motive when it came to a worm like this, or some random RIAA suporter. Good thing most intelligent people quit using Kazaa a long time ago, or for sure when they found out about the spyware.
Easy to catch the creators? (Score:2, Interesting)
"In addition to eating up free disk space Benjamin takes additional actions: under the name of the infected computer's owner it opens an anonymous web site from which it displays advertising banners. This way Benjamin's creator profits by the resulting increase in advertising displays."
Wouldn't it make sense then that you could track the creators of the worm to whomever is collecting the payout of these banner ads or am I misunderstanding how its working?
Using P2P (Score:3, Interesting)
If these users are then dumb enough to run an executable file they download from an unknown source, they will be infected.
Wow.
Infected? (Score:5, Interesting)
"Error:
Access error #03A:94574: Invalid pointer operation
File possibly corrupted."
message yet? If so, what did you do to clean up? Neither of the 2 articles gives a very good indication of that; I guess I'd start by deleting \windows\system32\explorer.scr and \windows\temp\Sys32, and removing these registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\C
"System-Service"="C:\\WINDOWS\\SYSTEM\\EXPLORER
[HKEY_LOCAL_MACHINE\Software\Microsoft] "syscod"="0065D7DB20008306B6A1"
Seems like that should keep it from spreading, but that won't prevent a reinfection. Oh well; at least there's a popup notice when you get infected. that's nice.
Looks like fasttrack users (kazaa, morpheus, AND grokster) are catching on... about 1/5 as many users on as usual for this time of day. And before you flame me as a pirate, I only trade Simpsons episodes which aren't available for sale yet
Re:Clever RIAA Creation (Score:4, Interesting)
Cons-piracy theory (Score:4, Interesting)
Large file-sharing networks like Kazaa have birthmarks in the shapes of bulls-eye's.
For fear of stating the obvious... (Score:5, Interesting)
Or was I the first one to read the article?
-Restil
...hyperlink?? (Score:2, Interesting)
http://online.securityfocus.com/archive/1/25462
And another try at a hyperlink [securityfocus.com].
Virus companies need the virus makers (Score:5, Interesting)
"If you refer to this article, we'll give you $5 rebate off your next virus update purchase." added Zenkin with a smile.
As much as we need the anti-virus software, the anti-virus companies need the virus makers. Without a worm or a virus that makes CNN headlines every 6 months, people will forget to buy updates, patches etc etc. The public forgets quickly, and will not buy new products from the AV companies if they don't feel a threat.
Sure, the problem is real, but part of me can't shake the feeling that somewhere there is a anti-virus company executive ordering a new plasma HDTV when he sees this news. Or maybe it's just becase X-Files ended yesterday that I'm seeing conspiracies everywhere.
Re:riaa (Score:3, Interesting)
Seems like a pretty good idea to me, actually, especially when you consider how many idiots are on Kazaa. Since the program has no built-in calls to antivirus software, they'll become infected and lose confidence. A smaller percentage of geeks with huge bandwidth, hard drives and the brains to use antivirus software will stay on, but Kazaa will leave a sour taste in Joe Sixpack's mouth and lead him back to the golden path of CD-buying.
Now suppose the advertising "paper trail" that everyone is talking about leads to some random hacker they picked as a scapegoat, and it's unlikely that anyone will suspect they're behind it all. Liability, schmiability.
Okay, time to take the tinfoil hat back off :-)
Re:riaa (Score:3, Interesting)
Cigarette companies kill millions of their own customers, Enron executives steal everyone's requirement accounts, and mostly these type of companies get off scot free. Not to mention all the investment advice companies with conflicts of interest, telling people to buy then selling after the price goes up, or vice versa.
Of course, with all the lobbyists and lawyers and paper shredders, it's not like anything would come of this.
adserver domain closed (Score:4, Interesting)
"
Domain aufgrund von massiven Beschwerden gesperrt.
Domain closed due to massive abuse.
"
Now I wonder if it was closed because someone wrote a virus, or because the virus worked so well he went over his bandwidth allocation!
Re:moral/legal high ground? (Score:3, Interesting)
How is stealing one product different from stealing any other, simply because that product comes on a CD-Rom?
It is deluded thieving slashdroids (with shitty high UIDs) like you that are ruining the Internet. Please eat a bullet [eatabullet.com].
- A.P.
Re:Infected? (Score:2, Interesting)
Haven't you ever heard of Anime fansubs?
People would copy japanese LD's, subtitle them themselves, and sell them (not for much, but still), and no one found anything wrong with this -- because the episodes/movies/oavs were not available in any english language format. The copyright owners usually never said a word. The fansubbers would respectfully, not distribute something that was available in english in north america.
Your whining is reactionary and unessecary.
That's what I get for coming back to slashdot, I guess...
Re:I said this would happen, and it did. (Score:3, Interesting)
So it requires manual intervention to propagate, and is thus more like a classic virus.
We may yet see a Brilliant Projector based worm, but this apparently isn't it.