Trojan Deletes Your Porn, Music & Warez 400
E. Vigilant writes "The new Trojan/Erazor-A has an interesting twist. In addition to deleting or disabling various security products and competing malware, it deletes any porn, warez and music in your P2P directories. While some opine that this trojan might have good intentions, remarkably few things infect the text files this trojan also deletes. No one yet knows who wrote this or why."
Altruism? I have my doubts... (Score:5, Insightful)
From TFA: Well, that's a remarkably stupid assumption.
What's more likely?
- or -
Let's analyze who benefits from each scenario:
I pick avarice over sloppily executed altruism any day. I find it intriguing that this alternate explanation apparently didn't even occur to PC World.
Re:Altruism? I have my doubts... (Score:5, Insightful)
3) Virus writers stage this to make it look like the RIAA, MPAA, ect, are "pulling a Sony" in an attempt to pull a classic "Throw a rock at the bee hive the ranger is standing next to so BooBoo can grab the pic-a-nic basket".
Add option #4 (Score:5, Interesting)
4) Write a trojan to wipe out what people apparently consider to be important so that they are more aware of virus scanners.
Hmmm... would the various anti-virus companies do something like this to advertise the need for their products on people who lose gigs and gigs of files to a trojan? Nahhh....
Re:Add option #4 (Score:2, Insightful)
Hmmm... would the various anti-virus companies do something like this to advertise the need for their products on people who lose gigs and gigs of files to a trojan?
I was thinking the same thing, however, the bug actively kills a lot of AV processes. Advertising "Our Version X was killed by that bug, but Version Y is unbreakable!" doesn't instill confidence in the user.
Re:Add option #4 (Score:2)
Re:Add option #4 (Score:5, Insightful)
Even simpler:
4) Write a trojan to wipe out what people apparently consider to be important just because the trojan writer is a prick.
Add option #5 (Score:5, Funny)
5) Trojan not only sentient, but self-sustainable and conventionally biased. Will take over the world.
Proof of Intelligent Design? You be the judge.
Re:Add option #5 (Score:4, Funny)
sorry ;) (Score:5, Funny)
Re:Add option #4 (Score:4, Insightful)
If I copy your file, you have a copy, I have a copy. Nobody has lost anything. Therefore, it can't possibly be called stealing by most people's definitions.
If I copy your file and then delete the original, then I have it and you don't, that I think we can all agree, is stealing. Likewise, if it's on physical media which only one of us can possess at a time, and I take the physical media, then it's also stealing.
If I delete something without taking a copy, then it's not stealing, it's just vandalism or destruction of your stuff.
You are mis-stating the argument you're trying to make fun of (the "it's not physical so therefore not stealing") and so your parody falls flat. The fact that data isn't physical isn't the important part, it's the fact that nobody loses their copy in a typical "pirate" transaction. That's what differentiates it from "theft" in the minds of many people.
Personally, I think that unauthorized copying is not theft, but might meet the qualifications for wrongful conversion of property, if you take a wide enough definition of 'property.' (So as not to limit it to real property and chattels, but include the value of data as well.) See this page [lectlaw.com]. Normally it applies only to physical goods. At any rate, there are existing sections of law which are more appropriately applied to the reduction-in-value that occurs when data is unlawfully copied than theft and larceny.
Re:Add option #4 (Score:3, Insightful)
Now given all the scenarios suggested the most least unlikely alternative is that the person who wrote the virus is a jerk who simply seeks to destroy the files that other people spent time downloading. This type of asshat behaviour is certainly n
Add option #5 (Score:5, Funny)
Or, maybe not...
Re:Add option #5 ... unless ... (Score:5, Funny)
Then, maybe so...
No way, that would ever happen (Score:5, Funny)
Re:Add option #5 (Score:5, Funny)
You are right (*sniff*). I'm afraid I'm only 1336 (*sniff*)...
Re:Add option #4 (Score:3, Funny)
Re:Altruism? I have my doubts... (Score:3, Interesting)
Re:Altruism? I have my doubts... (Score:3, Insightful)
But on the other hand, this is not necessarily a bad thing for the rest of us. Most of the people who would be come infected by this - and consequently lose all of their P2P data - are probably Joe User types who don't know any better. So
Virtual machines (Score:5, Interesting)
Re:Altruism? I have my doubts... (Score:5, Interesting)
3) A strike against the MPAA, RIAA and any other "law abiding" corporation (who manages to be capable of CREATING those very laws) by targeting the computers that seed the incomplete, misnamed and intentionally infected files and the files on computers that have downloaded from them by users stupid enough to download things under 1kb.
Any smart P2P user changes the default directories to customize their own bitspace so it's easier for the person using the software to find what they've downloaded, not to mention archive on another device or media those files they truly wish to retain.
Do note that I did say *smart*.
Re:Altruism? I have my doubts... (Score:3, Insightful)
In actuality it was probably just some stupid kid who, and probably rightfully so, thought the only thing of any value to anyone on their computers are either text files, or have downloaded from some p2p or similar site.
Honestly if you were looking to cause the most damage to anyones computer, it would be to strike at their heart, their downloaded music.
Re:Altruism? I have my doubts... (Score:3, Insightful)
So what exactly happened to Sony - some bad press, that I only saw on the tv news once. Has anybody stopped buying sony gear? Has their share price dropped? Are they in court? No, no, no... so nothing has actually happened to Sony over this. Sure, we may hate them here and a few over places on the net, but most people don't care enough. I hated them before because of Atrac and their crappy software.
Re:Altruism? I have my doubts... (Score:3, Informative)
Went away already.
cd recall
So they could remove the rootkit. However, their key software is still on their disks.
and class action lawsuits
Oh yeah, those are going great...
Avarice (Score:4, Insightful)
My theory is that this was made by someone who WANTS people to think that the RIAA made it, so that even more people will turn against them and take some heat off of P2P.
Re:Avarice (Score:2, Insightful)
Sony is still in hot water over a badly designed piece of supposedly legitimate software.
What hot water? They installed ROOTKITS on their music CDs, not "a badly designed piece of software." The software was well designed, it did exactly what Sony wanted it to. The rootkit was blatantly illegal, breaking several felony laws. You might want to see what happens to an American citizen who installs rootkits. [theregister.co.uk]
I don't see any Sony executives in prison fo
Re:Avarice (Score:5, Insightful)
I don't. I've seen how dumb large organizations can be.
Re:Avarice (Score:3, Informative)
I note that stupid as the article in PC World was, that the Slashdot editors went one better. PCW didn't even mention "porn" or "warez" in TFA.
The trojan deletes ANY FILES it finds in various standard locations used to share files by P2P. As for "attacking malware"; more anthropomorphic fantasy. If anyone has act
Re:Altruism? I have my doubts... (Score:5, Insightful)
The first thing I thought was that it was well intentioned - in the long run.
The general public have demonstrated time and time again that they really don't care about security. They'll put up with their computer slowing down and crashing, they'll put up with random popup ads, they'll put up with their computer being used to spam people...
Removing virus vectors doesn't solve the problem in the long run. Ultimately, only education will do that. This is a form of education, a lesson that will actually sink in.
Re:Altruism? I have my doubts... (Score:3, Insightful)
That is so true. I can't count the amount of people I've met that have weatherbug or whatever on their computer and I explain to them that it has spyware, then I remove it and the spyware. Then a day or so later, they're like, "WTF? You deleted
Re:Altruism? I have my doubts... (Score:5, Insightful)
reinstalled it. People just don't care, and I don't expect to ever understand why
People assume that anything that happens on their computer is visible in the GUI. Therefore if weatherbug doesn't pop up a requester saying "I'm spying on you now, please type something interesting", naive people will assume it's not doing that.
I suspect this misapprehension will change only through hard experience.
Re:Altruism? I have my doubts... (Score:3, Insightful)
When removing functional spyware you must attempt to provide a replacement application that can do the same function. The user in your scenario can't be bothered to go to a website to get the weather, so you might want to try finding another weather tray tool. I don't know of any off the top of my head but t
Re:Altruism? I have my doubts... (Score:3, Insightful)
Um, maybe it's just me, but I'd call disabling antivirus impairing the computer's operation. Yeah, sure, it's not installing a spam zombie client, but it is unlocking the door for someone who will...
Re:Altruism? I have my doubts... (Score:3, Informative)
Plain malice (Score:2)
I can only conclude that people at PC World ain't (Score:5, Insightful)
If it only deleted .exe .bat .com etc etc then I could understand the logic BUT deleting media files does not protect anyone.
They almost touch on the simplest explenation. Vigilante. Believe it or not but there are some individuals who feel they have a need to stop others from downloading via p2p.
They would be intrested in deleting any media files you downloaded via p2p. They would not be protecting you but making your (in their eyes illegal) activity worthless. So that explains why they delete harmless files.
It also explains why they try to disable security programs, yet another punishment. That way you are far more at risk from using P2P by being infected. The logic being that pirates do not deserve to be safe.
Vigilante seeking to punish p2p users. Not the RIAA and not some guardian angel. The RIAA would have to have some extremly bad lawyers to have allowed this and a guardian angel would only destroy files wich put you at risk and not disable security software.
Vigilantes have done stuff like this before. It falls in the same field as those "jezus loves you" posts in porn usenet groups. Or so I been told. Not that I would know anything about that offcourse.
Re:I can only conclude that people at PC World ain (Score:4, Informative)
Since the people making the media players haven't figured out how to properly code. It is definetly possible to get infected or compromized via a media file. Look at the whole Microsoft image rendering problem a few months ago. One look at a specially crafted image on a website and you're compromized.
Slashspin (Score:5, Insightful)
What they fail to mention is that people who use P2P networks often want those files that they've collected. So this virus is destroying something they want.
I mean, who installs eMule or Bit Torrent and then wishes that one day someone would come and save them from the files they've downloaded? The very idea is ludicrous.
I use Bit Torrent. If a virus were to come and delete everything I've gotten from it (trailors, WoW patches, an odd assortment of legal videos and mp3s, etc), I don't know about you, but I would be right pissed. This isn't protection and it doesn't seem to discriminate from virile files and good files so it's pure and utter destruction.
The only thing "beneficial" is seen from the eyes of the RIAA or MPAA.
You "don't think" this was written with good intentions? A virus comes onto your machine, disables security & starts to delete files in directories with a certain naming convention. What more to do you need to say, "holy hell, I've got a freaking virus!"?
Re:Slashspin (Score:5, Funny)
Excuse me Sir, we've had some complaints from the other clientele, could you hand in your
the first 'christian' virus? (Score:2, Interesting)
Re:the first 'christian' virus? (Score:5, Funny)
Re:the first 'christian' virus? (Score:2)
Finally! (Score:5, Insightful)
Finally a threat that will make the average joe start to take computer security seriously! I look forward to a safe internet for everyone (I mean as soon as a few botnet node owner's loose their porn, peole will actually clean up their boxes!)
On a more serious note, quoting the pcworld article:WTF? How could anyone think that it's to attempt to protect users when it doesn't delete executables from p2p folders? (for an interesting overview of real "white hat worms" see this vnunet article [vnunet.com] and the slashdot discussion on the blaster removal worm) [slashdot.org]
This worm is clearly to scare people away from p2p - not protect them from other p2p malware.
What's the bet that one of [riaa.com] the companies [mpaa.org] that make oodles of money [apple.com] from content [bpi.co.uk] are behind this?
Don't get your hopes up (Score:2)
Did it result in any change of the average Joe's security awareness. I mean, hey, it's not just some porn or movies you downloaded, it's your MONEY that's at stake!
And? Nada.
Re:Finally! (Score:5, Funny)
Re:Finally! (Score:4, Insightful)
That should hit Average Joe User hard enough to make them feel like they got raped by a train.
Re:Finally! (Score:2, Funny)
Considering the people I know, I think you'd be better off deleting documents from the Desktop...
Re:Finally! (Score:4, Insightful)
Mind you, smart skip-divers probably will benefit from this.
Re:Finally! (Score:3, Interesting)
Because going wrong is just something that computers do. I with you on this one. This kind of mentality is something that I try to quash anytime I'm fixing someone's computer. I always tell people that beyond taking a hammer, magnet, or cattle prod to a computer, it is remarkably difficult to truly harm it. As delicate as modern computers may seem, they are remarkably resilient. It's incredibly difficult to truly lose data (provided you're wi
Re:Finally! (Score:3, Funny)
Re:Finally! (Score:2)
Geeks unite! (Score:5, Funny)
Re:Geeks unite! (Score:2)
This is just too important to leave to a program or people who do not have to fear for their lifes.
Seems obvious to me. (Score:5, Funny)
Of course it would delete your porn! Trojan [trojancondoms.com] wants you to go out and have real sex.
Re:Seems obvious to me. (Score:5, Funny)
They're not the only ones...
It... deletes PR0N??!! (Score:5, Funny)
Re:It... deletes PR0N??!! (Score:2)
But that's enough talking about lawyers..
Not necessarily... (Score:2)
Good intentions? My computer is MINE! (Score:2)
On the other hand, if they find and try him, in what way is that different to many DRM implementations?
Re:Good intentions? My computer is MINE! (Score:2)
In theory, you could write software that ensures you comply with DRM by deleting content that does try to infringe copyrights. How is that different from the trojan?
I'm tempted to write a "DRM compliant virus". I.e. one that tells you in no uncertain terms what it's going to do, somewhere encapsulated in the usual non-human-readable format of an EULA. Pretending to do some service for you. Just like lots of "genuine" software does toda
0h n03z my pr0n h4s b33n st0l3d!!!11! (Score:3, Funny)
This thing could delete the Internet
As for the Who and the Why. I blame the RI/MP Ass's. of America.
Apple needs to jump on this quickly! (Score:5, Funny)
[old guy is coughing, wheezing,
[young guy] On a mac, you don't have to worry about losing your pr0n and warez!
[young asian chic to young guys right seductively takes leg and wraps it around young guys waist]
[cut to pic of imac]
Where's the FUD now? (Score:2)
Re:Where's the FUD now? (Score:3, Funny)
"Oooh shiny!" [click] [click]
Re:Apple needs to jump on this quickly! (Score:4, Funny)
[young asian chic opens mouth to talk, unsupported audio codec message appears, young guy just shrubs]
any porn, warez and music in your P2P directories (Score:2)
The next headline on slashdot.... (Score:5, Funny)
Re:The next headline on slashdot.... (Score:3, Funny)
The boss (Score:2, Funny)
Five min later he ask me for a full back-up of his PC
I wonder why.....
Nice to see a destructive payload for once (Score:4, Interesting)
Happy LARTing,
FatPhil
THIS IS WAR! (Score:5, Funny)
Then they came phishing for my bank account info, since I did not have a bank account, I said nothing.
Then they came for my porn...
Aiming poorly? (Score:4, Funny)
(...)
"The Erazer Trojan is a vigilante worthy of a Charles Bronson movie, taking the law into its own hands. However, it's perfectly possible for the Trojan to aim poorly and wipe out innocent files too," commented Graham Cluley of Sophos.
Aiming poorly? Yeah, if carpet bombing a country to hit a dart board is what you mean by aiming poorly...
Re:Aiming poorly? (Score:4, Funny)
Careful with such analogies. There'll be a bunch of loyal American patriots along in a minute to tell you how wrong you are, and that it's not aiming poorly, it's an enlightened foreign policy.
Re:Aiming poorly? (Score:5, Funny)
If you're not with us, you're against us, and that didn't sound "with us" enough for me. The air force will be preparing your neighborhood for a Haliburton contract in five minutes.
Ain't the first trojan to act like this (Score:3, Insightful)
That a trojan kills other trojans is hardly news. About a year ago two groups actually led a battle where one group tried to stab the other group's trojans (and vice versa) with their updates. Some trojans also use the names other trojans use to ensure those trojans can't install after they're already in. Makes detecting them correctly (i.e. as a different beast, not a new version) not really easier.
Almost every trojan today has some anti-anti-trojan functions. Killing Kaspersky, McAfee and Norton AV is more or less a standard feature of most current Trojans, so I wouldn't really call that news either.
The only outstanding feature that's hardly common is the deletion of incoming P2P objects. Which makes one wonder who
Translation please.. (Score:5, Insightful)
Ehmm... What?
Re:Translation please.. (Score:2)
Re:Translation please.. (Score:3, Funny)
That's just perl
Dear lord (Score:3, Funny)
RIAA STRIKES BACK !!! (Score:3)
Planned : RIAA prison camps full of former p2p people to be used as slave labor in music industry.
You wont be hiding
Coming to a theatre near you this summer
Official site : www.riaastrikesbackwithfear.com
Re:RIAA STRIKES BACK !!! (Score:2)
deleting pr0n!?!?!?!?!? (Score:2, Funny)
Not cool (Score:3, Funny)
These people have gone too far. If I get infected by this I'm going straight to the FBI, this is too serious to joke about.
Troj.RIAA-MPAA-BSA.... (Score:2)
"The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations."
A real beneficial Trojan would apply all the latest Windows service packs, delete all other malware, Sony and other Phony rootkits etc.
Why DO WE NEVER EVER HEAR of any Trojan that simply formats the hard disk? Intriguing, to say the least.
-
Re:Troj.RIAA-MPAA-BSA.... (Score:2)
Because without a computer, how are any of the victims ever going to get onto the net to tell the tale? Game over, man! Game over!
This just goes to prove... (Score:2)
You don't need more than about a 20Gig HD (Score:2)
Stupidity gone rampant (Score:2)
The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations.
The assumption is that because the Trojan is only deleting certain file types in specific download directories used by P2P programs -- one of the main sources of inadvertent malware infection -- it is attempting to protect those it manages to infect.
Can somebody buy these people a clue? This is ma
PC World couldn't read the Sophos article! (Score:5, Interesting)
The PC World rehash just (deliberately?) misinterprets it.
Let's have a wee comparison:
Sophos: - "The Erazer Trojan targets internet users it believes are involved in piracy, but fails to discriminate between the true criminals and those who may have MP3 music files or home movies that they have created themselves. Malware is not the way to fight internet piracy."
PC World: - "A "vigilante" Trojan, that attempts to protect infected PCs from the effects of malware caught while using peer-to-peer file-sharing networks, has been discovered."
Now how they came up with that from the Sophos article is beyond my understanding.
Re:PC World couldn't read the Sophos article! (Score:2)
http://www.sophos.com/pressoffice/news/articles/2
New Service (Score:5, Funny)
I just wanted to offer my new backup service for all who of you who fear this trojan. Just contact me so we can arrange transfers. Please do not be wary of my generosity, for helping is its own reward.
So thats why allofmp3 has shut down! (Score:2)
AllofMp3 Shutdown. [theregister.co.uk]
The IFPI has denied responsibility.
Seriously though. I wonder whats up with them?
paraphrasing... (Score:3)
In this case I think it's stupidity to create a virus that deletes the files it would be most likely to be able to propogate itself through.
Maybe some little hacker kiddie got caught wanking it by his mom and she deleted all his pr0n so he's on a "if I can't have it nobody can" rampage.
Where can I find a Linux version? (Score:3, Funny)
Damn! Obviously, Linux isn't ready for the home user.
Does anybody know what this is supposed to mean? (Score:3, Informative)
I've attempted to read that sentence about a dozen times, and I have no clue what the writer's trying to say.
Re:Thank god! (Score:5, Funny)
I thought Linux supported porn by now.
Re:Thank god! (Score:2)
Re:Thank god! (Score:5, Funny)
Most Linux users don't look at porn? Didn't that all change when KDE came along and you didn't need both hands available?
No kidding (Score:2)
On the other hand nothing beats OS-X for porn. The capability to have audio volume per program rather then a global volume level makes it very easy to set the porn volume low and the mp3 volume high to hide your activity.
When you see someone buy an Mac Mini you know what they are going to be using it for. The perverts.
Re:Uhoh (Score:5, Funny)
Re:So? (Score:3, Interesting)
How about we write a malware proof OS. That's orders of magnitudes easier that the above.