Fake media files hit file sharers with trojan

hmmmm, i wonder who is to blame?

Hmm, don't install codec, problem solved?

Pay for a product and you want have any thing to worry about.

Don't download ilegally? Who ever is dumb enough to install the codec deserves it.

Why wazzu would anyone wazzu ever open up an application wazzu or document without wazzu at least wazzu scanning it for viruses wazzu first?

Originally posted by nobrainer:

---

hmmmm, i wonder who is to blame?

---

@nobrainer

I doubt that the porn industry, software industry, and movie/music industry work together. And don't these dreaded companies that you hate actually use P2P programs as a source to secretly find out which songs to promote and get free advertising? Anyways, enough with conspiracy theories. If you dont want to get the trojan don't steal. You know the risks when you d/l files off the internet. If you can live with the consequences then do it, if you cant then dont. Plain and simple. What you invision is an oxymoron, worry-free theft.

Originally posted by grkblood:

---

@nobrainer

I doubt that the porn industry, software industry, and movie/music industry work together. And don't these dreaded companies that you hate actually use P2P programs as a source to secretly find out which songs to promote and get free advertising? Anyways, enough with conspiracy theories. If you dont want to get the trojan don't steal. You know the risks when you d/l files off the internet. If you can live with the consequences then do it, if you cant then dont. Plain and simple. What you invision is an oxymoron, worry-free theft.

---

can somebody pm me a link to one of these fakes so I can reverse engineer it and send it on it's way back to the people who made it? Most of these things are a simple wrapper with varying payloads.

Limewire is a superb resource for the malicious malware hunter like me.. Try searching for DSOexploit or win32myz@r and there it is.. hundreds and hundreds of times over ;)

If it's the mpaa/riaa they are actually breaking many many malicious software distribution laws across the world.. not that justice will ever be brought to bear on them.. They seem to be above the laws that are pushed on ordinary citizens, even those from other countries where US laws do not apply! fascists.

Kinda reminds me of when the government use to tell people that if they smoked pot, they were funding communists and YOU to will also become a communist.

Another awesome image:

Originally posted by BludRayne:

---

Hmm, don't install codec, problem solved?

---

Originally posted by goodswipe:

---

Kinda reminds me of when the government use to tell people that if they smoked pot, they were funding communists and YOU to will also become a communist.

Another awesome image:

---

Originally posted by grkblood:

---

@nobrainer

I doubt that the porn industry, software industry, and movie/music industry work together. And don't these dreaded companies that you hate actually use P2P programs as a source to secretly find out which songs to promote and get free advertising? Anyways, enough with conspiracy theories. If you dont want to get the trojan don't steal. You know the risks when you d/l files off the internet. If you can live with the consequences then do it, if you cant then dont. Plain and simple. What you invision is an oxymoron, worry-free theft.

---

Originally posted by varnull:

---

If it's the mpaa/riaa they are actually breaking many many malicious software distribution laws across the world.. not that justice will ever be brought to bear on them.. They seem to be above the laws that are pushed on ordinary citizens, even those from other countries where US laws do not apply! fascists.

---

I heard Leo Laporte saying something similar like this on the mac platform, except it was on some porn sites

Originally posted by varnull:

---

---

This is why you ALWAYS check the validity of what you're downloading. With emule, this is easy.

Originally posted by ivymike:

---

This is why you ALWAYS check the validity of what you're downloading. With emule, this is easy.

---

Originally posted by goodswipe:

---

Originally posted by varnull:

---

---

I like that...

What about this one?

---

;)

I'm true to the game mr endo.

I tell it how it is...

...so those of you who think your "virus program" is
protecting you from all the "bad" files that you are
downloading...check out this site:
http://www.virustotal.com/
At this site you can upload a file that you think is
infected or questionable, and it will verify it using
about 32 different virus programs. The results will
show on a page of which each program found.
Now different virus programs see "things" differently.
For example McAfee might say one program has a "trojan"
and another like Kaspersky doesn't see anything.
So who do you trust....???
I play the "percentage game" when trying to decide.
If 80% of the programs complain that the file you sent
was infected...I would agree that it is infected!
What about 10%? Depends on the 10% that said that the
file was infected. I usually look at the "TOP" virus
programs that I know of and "make my decision" from that
information.
So, the next time you come across a codec to install...
upload it first if you what to be sure.
Note: I only "trust" my virus program 75% of the time anyway.
...really it's not that hard to use a little common sense when
opening a file that you receive or download.
Cheers!

Goodswipe, only suggestion, pic needs to be larger (for the effect)

Originally posted by goodswipe:

---

What about this one?

---

Originally posted by link:

---

sony secuROM DRM requires Orwellian control lock to media you think you own!

the game will have rolling DRM, meaning every 10 days you will need to activate the game again over the internet.

"Mass Effect uses SecuROM and requires an online activation for the first time that you play it," French says. "After the first activation, SecuROM requires that it re-check with the server within ten days (in case the CD Key has become public/warez'd and gets banned). Just so that the 10 day thing doesn't become abrupt, SecuROM tries its first re-check with 5 days remaining in the 10 day window. If it can't contact the server before the 10 days are up, nothing bad happens and the game still runs. After 10 days a re-check is required before the game can run."

In case that didn't sink in, to play Mass Effect you will need to re-activate your copy every 10 days, until the end of time. This of course, will lead to problems, there is no doubt about that. Firstly, if you don't have internet you cannot play this game, plain and simple. That is probably not so big of a problem now that broadband prices are so cheap, but imagine moving into a new house and not having time to set up Internet for the first ten days. Say goodbye to your brand new $50 copy of Mass Effect.

The DRM gets even worse. You are only allowed to install the game on three machines before it locks up. If the activation servers go down, good luck trying to play your game at all. (Anyone remember Bioshock?) Thats not even mentioning if Bioware ever goes out of business, there will be no server to reactivate with every 10 days, effectively killing your game off.

---

Originally posted by rlessmue:

---

...so those of you who think your "virus program" is
protecting you from all the "bad" files that you are
downloading...check out this site:
http://www.virustotal.com/
At this site you can upload a file that you think is
infected or questionable, and it will verify it using
about 32 different virus programs. The results will
show on a page of which each program found.
Now different virus programs see "things" differently.
For example McAfee might say one program has a "trojan"
and another like Kaspersky doesn't see anything.
So who do you trust....???
I play the "percentage game" when trying to decide.
If 80% of the programs complain that the file you sent
was infected...I would agree that it is infected!
What about 10%? Depends on the 10% that said that the
file was infected. I usually look at the "TOP" virus
programs that I know of and "make my decision" from that
information.
So, the next time you come across a codec to install...
upload it first if you what to be sure.
Note: I only "trust" my virus program 75% of the time anyway.
...really it's not that hard to use a little common sense when
opening a file that you receive or download.
Cheers!

---

Originally posted by grkblood:

---

@nobrainer

I doubt that the porn industry, software industry, and movie/music industry work together. And don't these dreaded companies that you hate actually use P2P programs as a source to secretly find out which songs to promote and get free advertising? Anyways, enough with conspiracy theories. If you dont want to get the trojan don't steal. You know the risks when you d/l files off the internet. If you can live with the consequences then do it, if you cant then dont. Plain and simple. What you invision is an oxymoron, worry-free theft.

---

I recently got a trojan from filesharing and had to reinstall my OS. Last time i every use P2P

What's a Trojan??.. I support the spartans myself.. they rock!!

You have to run or install the damn things to get them from p2p.. always read the comments, and always only get files from uploaders you trust or others say are ok.

listen, even IF they did have something to do with it, which I serious doubt they did, I'm not condoning it at all. I'm just saying you should know the risks pirating stuff, and if you dont you're a fool for doing it. Do as you please, but there will always be risks for the masses that dont have common since. Its your own fault if you let this happen to you.

Originally posted by ivymike:

---

This is why you ALWAYS check the validity of what you're downloading. With emule, this is easy.

---

Originally posted by goodswipe:

---

Kinda reminds me of when the government use to tell people that if they smoked pot, they were funding communists and YOU to will also become a communist.

Another awesome image:

---

Using a public tracker is asking for trouble. Best thing to do is get on a private tracker and follow the rules. I have been a torrent d/l for a couple of years and NEVER have a problem. I get music in full album sets and cams/propers/r5's/screeners/r1's with no problems. Software is also easily available and untainted.
I agree that if you are getting these type of viruses/trojans, you should not be using a computer. You do not know the basics of using a computer, nor do you know basic internet security. Your security is your business. Take note.

I dont use McAfee so I am sure that I am protected against this trojan. I use Limewire all the time so I am a little concerned. Never had a trojan or virus come through any P2P network for me. McAffe and Norton are viruses. Uninstall them and use AVG Free!

Well this is not good news for p2p users they have to be weary. The new viruses are worse than ever. I just spent the other day removing a worm from my dads work pc and u should have seen the effects this worm was having and it was really bad. I did manage to get rid of it by using Kaspersky Antivirus i have to say its the best out there i have seen worth the money.

Originally posted by rayals:

---

Using a public tracker is asking for trouble. Best thing to do is get on a private tracker and follow the rules. I have been a torrent d/l for a couple of years and NEVER have a problem. I get music in full album sets and cams/propers/r5's/screeners/r1's with no problems. Software is also easily available and untainted.
I agree that if you are getting these type of viruses/trojans, you should not be using a computer. You do not know the basics of using a computer, nor do you know basic internet security. Your security is your business. Take note.

---

Any little, spotty-faced, teen bleeder who creates or distributes a virus should be shot through the head on international television.

Quote:

---

Originally posted by ivymike:

---

Emule are you kidding one of the worst ones out there since I knew about it I have never used it full of spy-ware and ad-ware.

---

I'm puzzled how you would know it is full of spyware and adware if you have never used it.

Emule is open source, free and has been the number 1 download on the sourceforge.net developers projects page for about 5 years running - twice as many downloads as bittorrent and azureus combined - no way would it be there if it was bundled with spyware and adware.

http://sourceforge.net/top/topalltime.php?type=downloads


I think you are confusing it with something else.

Fact... there is malware in the wild

Fact... It can infect your hardware

Fact... It isn't just "script kiddies" who make and distribute malware (sony rootkit fiasco)

Fact... ddos attacks and spamming via botnets is a source of large amounts of revenue for the less morally concerned

Fact... Any code that can be run or opened on your pc can be malware (vista is a great example of malware)

Fact... when you visit ANY website you are at risk of encountering malware and exploits

Fact.. javascript and flash media can be used to install exploits as easily as you downloading something (be aware of flash content on warez sites)

Fact... windows is insecure

So.. live with it and take the risks with an open mind. Run quality antivirus and use it with common sense... unix has a better solution.. Nothing downloaded can be just run, you have to change it's properties and permissions before it can install or exploit anything which may be system changing. Compared to that windows is like a free for all.. every file can do whatever the hell it wants all the time, regardless (it seems) of the owner and users permissions. With windows files can be "Administrator Always" which is where the problem comes from in the first place.

Good antivirus (free is good enough) windows firewall.. a couple of anti-spyware,/anti malware applications (avg anitspyware is excellent.. spybot is also adequate.. combined with adaware and avast home edition antivirus they are nearly invincible)
use Firefox, and install no-script plugin so that you can see what is trying to load... don't allow java to run anything you are unsure of, and certainly for general browsing block by default... Also look at where images are loading from.. be aware of cross site scripting exploits and xss trickery.

This internet isn't a place for spoonfed n00bs.. unfortunately it is full to the brim of nasties just waiting for you to arrive with internet explorer wide open and the M$ trained behaviour of "allow" "next next next"

The secret of safe p2p use and general internet use is this...
Get clued up, and use your comon sense.. If a site feels wrong.. and sometimes it is only a feeling, don't let your guard down.. and finally.. Be prepared to wipe everything and start over until you get those gut feelings about what is and isn't correct behaviour from a file, website or whatever it may be.. they come with time and experience. Keep your OS on a different partition from your data (I install windows on E: which is only 20 gigs.. that confuses lots of malware)

OR... use linux for your general browsing and day to day internet wotsits, and forget about the malware pretty much completely, and the need for pirate software or continual use of your credit card, which is an added bonus.

I won't bash anybody who has encountered malware by accident.. I actively hunt for it and save it when found.. I will have a tickle at people who stupidly trust everything.. just because somebody says it is a safe street doesn't mean you should leave your car unlocked with the keys in does it.

yeah ive just got rid of a virus(trojan vundo),and few others viruses
hit me 5 may..took ne 2 days to get rid and it still popped up next day,gone now though..

ive not had any problems for 3 years,running mcaffe and use few other cleaners,constant torrent user,and thats were i think i got it from a torrent site,coz not any limewire programs shareza etc for long time..
im sure it was a HD wallpaper pack.

but i had constant popups for few days,mcafee never saw anything
used MalwareBytes Anti-malware and the Vundofix,and a spyware program...found lots of things that were not there week before..

everything been ok for couple days now..wouldnt mind but i recently bought my annual renual from mcaffe.....what for??

limewire sux anyways..

One fine day IvyMike glorked:

IM> Emule are you kidding one of the worst ones out there since I knew about it I have never used it full of spy-ware and ad-ware.

What a lot of nonsense.

> I'm puzzled how you would know it is full of spyware and adware if you have never used it.

IvyMike is obviously clairvoyant. Dead people talk to him.

> I think you are confusing it with something else.

He is confusing it with Shareza. He is confused.

FiberOptik

Emule Shareza limewire frostwire... ahhhhh.. my malware supermarket of choice..

Used by connosuers of malware and the intentional spreaders of trojans and virus files since the beginning of the internet.. Gotta love it. If I had a share folder I would put a few bombs in it for the unwary. There is an E-war going on above and beyond national borders here.. The mpaa etc are joining and logging downloads.. they are scanning ip's for certain files.. they find them, they download them to get your ip and the evidence of what you are sharing... why not hide some really nasty malware in a file as a trap for them? I do. It isn't sensible to download anything too obvious from my share folders... especially any .exe files. I run linux..(you need to know me to know that.. so you would be on my "permitted lists" anyway.. strangers beware) so what the hell are exe files doing on my machine??? heh heh heh.. my minefield.. waiting for adobe and others.. every button is already clicked.. an e-bomb if you would.

Last real nasty I saw off limewire actually run and trash a system started downloading without even being selected.. so much for norton too.. it got infected itself and then helped replicate the virus.. it just came and ran with no interaction from the user at all.

I know the name of a really nasty virus that will need a complete format, then a 3 pass wipe with killdisk, followed by a total repartition and reinstall, a bios virus check and a ram virus check to remove completely.... should I give the file name for the limewire fans...

alladobekeys&serials2k7... there you go. Probably circulated by adobe themselves.. and believe.. it's a hottie ;)

excellent advise from varnull

you should know all about safe streets varnull after having 3 cars stolen , did u leave the keys in them ????(sorry had to get last word in )

i dont see why these ppl need to make virus and malware apparently they have no lives

I actually got hit with this one from BearShare twice. Luckily Avast deleted it on the spot both times.

Originally posted by CF01:

---

i dont see why these ppl need to make virus and malware apparently they have no lives

---

Easy solution use newsgroups or reliable torrent sources.If you get rid of one geek that thinks its funny to mess up others computers there will always be another one ready to replace them.I like the idea of severe punishment for virus creators,but maybe that is a little too far.I think if a trojan is on somebodies computer gathering valuable information isn't that the same as stealing somebodies wallet or robbing a bank.We all know its probably some low life who wants to get a giggle out of screwing people over.

@varnull you make some very good points on Windows,but not everything is made for Unix.Sure you can probably get some things to run on Unix,but the majority of companies that make software buy into MS operating systems.I don't like to support Windows,but if this is the only OS that can run all my programs then I have no choice but to use it.

>McAfee stated that of the 500,000 cases it's seen, only 10% of those have gone as far as installing the malicious package.

Which covers the percent of incredibly stupid computer owners in the US of A. Anyone who DLs a file from any P2P source without checking it probably voted for Bush the second time. Only morons voted for him the first go 'round.

> McAfee states that this fake file outbreak is the worst that its seen in three years

Of course. Back in the day those of us with a mild paranoid sensibility figured it was Peter Norton's crew writing viral junk. Great way to sell product.


FibrOprik

Originally posted by Fibroptik:

---

>McAfee stated that of the 500,000 cases it's seen, only 10% of those have gone as far as installing the malicious package.

Which covers the percent of incredibly stupid computer owners in the US of A. Anyone who DLs a file from any P2P source without checking it probably voted for Bush the second time. Only morons voted for him the first go 'round.

> McAfee states that this fake file outbreak is the worst that its seen in three years

Of course. Back in the day those of us with a mild paranoid sensibility figured it was Peter Norton's crew writing viral junk. Great way to sell product.


FibrOprik

---

L-Burna took the bait: here fishy fishy

L-B> Why is Bush brought into the picture are we talking about politics or did you just want to start some political discussion like a moron.

Yes and like a fish you took the bait. You must be one of those morons who voted for Bush. I understand you. Maybe we can chat. I have a brother who's an idiot so I'm fluent in dumb-ass.

FibrOptik

Fibroptik if you think bringing in politics to prove a point is smart then yeah I disagree with you and like I said your a moron.Politics and religion do not belong in discussions that do not involve politics or religion.Your trying to start a flame war which I do not condone.If your trying to instigate something this is not the right place for you go somewhere else.

Nobody wants to hear politics or religion when the subject has nothing to do with it.

Quote:

---

I have a brother who's an idiot so I'm fluent in dumb-ass.

---

I'm not even running any agenda here.. a computer is only as secure as the software it runs and the attitude of the operator.

I come from a time when having a computer in the house made you unusual. You knew how it worked, and how the software worked after a fashion at least.

While not everything may be made for a particular platform that really isn't the point.. there are applications for non windows platforms that make most M$ closed code apps look like toys for the very reason they are open source and have been modified to do what the end users want instead of what a business wants to sell you, and keep selling you when the next closed OS arrives and all they have to do is change a couple of flags somewhere in it to force you to buy the same stuff again. (dx10 on xp.. open source would have exposed this vista lockin lie)

Like McD's just because everybody uses it and it is everywhere doesn't mean it is good, just that it is well known and marketed at you (vista trial versions bloatware anybody?)

The point I'm trying to make is this.. I don't hate M$ and I don't hate Bill.. they did a pretty amazing thing for computers in the home with windows95 just at the right time. Trouble is they made it too easy.. they took the thinking out of owning a machine that was soon to be connected everywhere across the world.

The difference is as simple as that. Non windows users tend to be a little more clued up about their hardware and software. We get our software legally from trusted sources (because it is open source we don't need to steal it from dubious places). We run our browsers in a safe environment and with sensible user practices. We know pretty much what should be where and what does and doesn't need access to the wider internet. I think I said before about the windows trained behaviour.. "allow"--"next-next-next-finish-reboot".. Foolproof? Yeah, it will install a good program as easily as it will install some virus or malware.
The M$ motto should be "let us do your thinking". The main suggestion I see about vista almost everywhere is to disable it's security features, because they get in the way all the time. That says to me that the OS is flawed at the core. If it needs intrusive security systems which are so intrusive they need to be killed then they haven't thought it through, or they are trying to sell a feature that nobody wants/understands.

What do the open source operating systems actually do? Pretty much anything they want you to with the added bonus.. they are all different. I'm not scared by a bsd or a solaris machine or even, god forbid, a vista machine.. why?.. because it's only a machine running some code. It's supposed to only do what I tell it to do. That's why I don't agree with the M$ mindset of taking control from the user and hiding it away.

I see kids coming out of school with IT qualifications... what they really have is some training in a few closed source windows platform applications.. that has nothing to do with IT and I see them every day fighting with industrial and business hardware which runs something completely alien to them and without the pretty GUI tools they are used to. Luckily the collapsing economy means that schools are having to rethink their IT strategies and are moving to open source systems which don't need new hardware to run up to date relevant applications. They may not be M$ word.. but OO writer and abiword are word processors which are both business standard and quality.. what does it matter.. The user has no trouble using M$ word after learning on a few open source alternatives... different mindset.. look at the menus.. have an experiment.. don't accept it will all be done for you ;)

Nobody wants to try my malware then? It's supposedly a patch to allow M$ publisher to save in sla/slt/slb open source publishing formats. XD

Well yeah I'm going to be honest I don't use just one OS,but its true if the OS is secure antivirus programs wouldn't be needed.As you mentioned most apps now can perform without the users request.There are no permissions in Windows depending on which OS we are talking about,although Vista tries to encorporate permissions by asking users to allow anything to run everytime the app is trying to open it bogs the system down.Its true Linux and Unix systems are not for the faint hearted or overwhelm some normal users.They are more secure as you mentioned,and they may not be as flashy as Windows but can perform better in my opinion.The majority of large corporations normally buy into Windows,and its true if we did a poll I bet there are more organizations using Windows than any other OS.If we are talking about normal users its a preference of choice like you mentioned,but I do see Windows being the mainstream for business.It doesn't always work for some,but there are a bunch of businesses that use it as most prebuilt computers come with Windows installed on it.There are some exceptions but the majority as mentioned are brought into Windows from the start.Its like going to an interview for the first time the first impression plays a big role.

I think it depends very much what industry it is. Most heavy manufacturing runs hardcore unix.. because it's what was about 20 years ago when they tooled up last. Same seems to go for banks and other large and wide networked business.. travel agents and national distributors I see running mostly solaris for some odd reason.. probably like heavy industry it was what was available when they built their systems in the 70's and 80's.
Publishers and the newspapers seem to run a bit of a hotch potch.. lot of BSD type unix there, some of it seems totally in house.

It's the small offices where windows seems to be the norm.. 5 or 6 computers all individually networked and seemingly under no overall control.

My view is probably skewed because of the nature of my business, but I think the corporate windows use is just shy of 50%.. mainly because they are the only people who are counting every single machine it seems to be higher. How many business users runing linux/unix or other open source have ever bothered registering it? In my experience it's just installed and left to get on with it until the IT manager retires and they get some snotty nosed 20 year old who has never seen anything but windows.. faced with a bill in the tens of thousands to make the IT "expert" happy with his xp or vista that's when my phone starts ringing ;) I love my job... honest.

If you use torrent sites. Just read the comments before downloading a file. They will tell you if it fake, virus, or trojan ect ect ect.

Not always... You find files with loads of comments and heaps of seeds.. they can be infected too, The comments and seeds are the botherding group XD ... as can a legit file which somebody has tampered with since downloading ;)

How is it done? http://www.757labs.com/projects/mp3nema/