Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Targeted Worm Hits Kazaa's Network

timothy posted more than 12 years ago | from the worms-churn-the-earth dept.

Security 300

sh0rtie writes: "Kaspersky Labs and the BBC are reporting that the Fasttrack network that Kazaa uses has been hit by its first targeted worm virus dubbed 'Benjamin.' Is this a clever RIAA creation or that of a mischievous virus writer? I guess we will never know, but the result is that it seems to be bringing unsuspecting users machines to a crawl with full hard drives and clogging up the Fasttrack network with massive amounts of traffic bringing more headaches for ISPs and sysadmins worldwide."

Sorry! There are no comments related to the filter you selected.

any surprise? (0, Insightful)

eyegor (148503) | more than 12 years ago | (#3553430)

Yet another reason not to use them. geez....

Re:any surprise? (1)

DrugCheese (266151) | more than 12 years ago | (#3553503)

Really, who wants to use such an advertisement ridden program anyway. Now it's infested with something more lethal. woohoo

Re:any surprise? (1)

loply (571615) | more than 12 years ago | (#3553561)

Yeah, who would want to use such a program?

Well, from what I can gather... two million, two hundred & twenty six thousand, five hundred and thirty six regular citizens of Earth, who want to access over a million gigabytes of pirate software, mp3s and porn. Duhh. Wake up.

Re:any surprise? (1)

DrugCheese (266151) | more than 12 years ago | (#3553667)

two million, two hundred & twenty six thousand, five hundred and thirty seven complete morons

kinda low from my recent headcount of sheeple out there

Re:any surprise? (0)

Anonymous Coward | more than 12 years ago | (#3553548)

I wonder if anything like this had ever hit Napster in the past? I don't remember such a thing. I think this is all due to the crappy code the fasttrack people created -- a lot of it spyware and other crap that is supposed to give them too-much control over your system.

_
WINDOWS USERS CLICK HERE! [paware.com]

"Clever RIAA creation"??? (3, Funny)

Wakko Warner (324) | more than 12 years ago | (#3553433)

Look at the kind of music these fellows put out. Now tell me anything they create is "clever".

- A.P.

Unrelated followup (-1)

egg troll (515396) | more than 12 years ago | (#3553488)

So aside from that Mrs. Lincoln, how was the play?

Funniest geed joke evar!! (0)

Thud457 (234763) | more than 12 years ago | (#3553748)

Why can't nerds tell Halloween from Easter?

Because 31(hex) == 29(oct)!

Re:"Clever RIAA creation"??? (1)

peterwayner (266189) | more than 12 years ago | (#3553613)

There are plenty of songs that infect my brain like a virus and I can't get rid of them. They may sound stupid if you think of them, but maybe they prey on the unconscious. In fact, that's probably why they give their music to radio stations.

Gee, I hate worms (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3553436)

Mrs. Hoover, can I have another worm? I ate mine.

late post due to shitty open source software (-1)

Sexual Asspussy (453406) | more than 12 years ago | (#3553451)

i was in the FP zone... until mozilla decided it was naptime.

oh well, fuck you all.

of all days.... (5, Interesting)

jeffy124 (453342) | more than 12 years ago | (#3553453)

the day the secret Kazaa/Brilliant network came to life [com.com] is the day that this worm gets let loose.

Re:of all days.... (1)

randomErr (172078) | more than 12 years ago | (#3553590)

It's not a virus, its an undocumented feature.

Re:of all days.... (0)

Anonymous Coward | more than 12 years ago | (#3553707)

let's see. the guy didnt call the secret network a virus (it also happens to be documented in the user agreement). he didnt call the worm a virus (worm != virus by definition). what is he calling a virus?

clever RIAA creation? (0, Offtopic)

crovira (10242) | more than 12 years ago | (#3553456)

Bwahahahahahahaha.

Those Luddites? I'm surprised they don't use a pen make by plucking a feather from a goose's ass.

Oh that's rich. Thanks for laugh...

Re:clever RIAA creation? (0)

Anonymous Coward | more than 12 years ago | (#3553500)

You're right - they are Luddites! From the article:
In addition to eating up free disk space Benjamin takes additional actions: under the name of the infected computer's owner it opens an anonymous web site from which it displays advertising banners. This way Benjamin's creator profits by the resulting increase in advertising displays.

You'd think they would have learned how to use pop-ups before now...

[deep sigh] (1)

coronaride (222264) | more than 12 years ago | (#3553457)

seeing as how everyone and their grandmother's dog-sitter read the post about Kazaa's involuntary spyware and then promptly deleted Kazaa from their system, I really don't see how this story should effect anyone..right? hmmm..on second thought..is it the kazaa NETWORK?

Re:[deep sigh] (0)

Anonymous Coward | more than 12 years ago | (#3553755)

I still use Kazaa-Lite which is supposedly stripped of all the spyware (and according to Ad-Aware it is except for the dummy cydoor library). Why? Because I can't find shit on Gnutella compared to Kazaa! When I finally do find something, every link I try doesn't work. It's totally lame. Man do I miss Napster... the days of searching for something and finding 60 different hits on it in seconds. *sigh*. EVERYONE was on Napster. FUCK THE MPAA/RIAA!!!

Fuck the RIAA (-1, Offtopic)

HanzoSan (251665) | more than 12 years ago | (#3553462)

This is why i dont use windows

Re:Fuck the RIAA (0)

Cheesy Fool (530943) | more than 12 years ago | (#3553516)

But yet you still buy windows games.

Warez Connection (2, Insightful)

_bobs.pizza_ (452394) | more than 12 years ago | (#3553465)

how big of a surprise is this? The whole idea behind kazaa is that you can get music that you don't own. This reminds me a lot of the warez sites out there. How many of us trust them?

You get what you pay for.

Re:Warez Connection (0)

Anonymous Coward | more than 12 years ago | (#3553641)

You get what you pay for.

Yep, that's why I don't use Linux.

Re:Warez Connection (0)

Anonymous Coward | more than 12 years ago | (#3553744)

Now that, sir, is comedy gold.

Stupid Virus Writer? (5, Insightful)

Saeculorum (547931) | more than 12 years ago | (#3553466)

From the article...

In addition to eating up free disk space Benjamin takes additional actions: under the name of the infected computer's owner it opens an anonymous web site from which it displays advertising banners. This way Benjamin's creator profits by the resulting increase in advertising displays.

I might be wrong, but I'd think it'd be quite easy to find where the money from the advertising banners is going to. Quite simple to find the virus writer.

Of course, the recipient of the advertising revenue may not be the virus writer, but it's a good place to start.

Stupid people amuse me.

Overhyped? (0, Troll)

CmdrTaco (editor) (564483) | more than 12 years ago | (#3553468)

...under the name of the infected computer's owner it opens an anonymous web site from which it displays advertising banners. This way Benjamin's creator profits by the resulting increase in advertising displays.

Wow! I think this is the first time I've seen a worm creator actually try to turn a profit. It doesn't really seem to be all that malicious, it also seems that this would be an easy way to catch the person repsonsible. Just find out where the checks are going and arrest him!

Re:Overhyped? (0, Offtopic)

pjkacmar (556653) | more than 12 years ago | (#3553538)

Just wait until Taco finds out that the anonymous web site is actually the Slashdot advertisement program.

I fail to see the "worm" here... (3, Funny)

Bollie (152363) | more than 12 years ago | (#3553475)

but the result is that it seems to be bringing unsuspecting users machines to a crawl with full hard drives and clogging up the Fasttrack network with massive amounts of traffic

What? Doesn't that happen every time a new cammed version of Spider-Man or AOTC's is released?

worm on Kazaa network (-1, Offtopic)

56ker (566853) | more than 12 years ago | (#3553486)

The entertainment industry will be pleased!

Hide the spice! (3, Funny)

Limburgher (523006) | more than 12 years ago | (#3553489)

The worm is coming! It can smell the spice on your hard drive! Delete it, or it'll smash through it and destroy you!

Re:Hide the spice! (0)

Anonymous Coward | more than 12 years ago | (#3553609)

It can smell the spice on your hard drive!


There's someone sharing *shudder* Spice Girls videos on KaZaA? Hmmm. Let's see. Windows. Spyware. Total lack of common sense or musical taste. Okay, I can see the pattern.

Re:Hide the spice! (1)

Kphrak (230261) | more than 12 years ago | (#3553668)

+1 DUNE!

Mod the parent up...this is a clever Dune reference. You know, the novel...or the movie, for those who didn't see the novel.

No kudos to the people who were stupid and thought the dude was talking about the Spice girls.

Re:Hide the spice! (0)

Anonymous Coward | more than 12 years ago | (#3553738)

I didn't see the novel, but I read the movie. Does that count?

yeah, it was the RIAA (-1, Flamebait)

mosch (204) | more than 12 years ago | (#3553491)

am i the only person on slashdot whose reaction to this a bigass grin?

Congratulations on your free copy of photoshop (which is alright because you wouldn't have bought it), Windows XP (which is alright, because Microsoft is evil), the new Dave Matthews Band CD (which is alright, because the RIAA is evil), and that DivX of episode 2 (which is alright, because the MPAA is evil).

I hope you all enjoy your free gift, and I hope nobody here is so fucking broken as to consider the possibility that the RIAA made this virus seriously.

Re:yeah, it was the RIAA (0, Troll)

rhazes (562498) | more than 12 years ago | (#3553679)

bout time i saw shpongle on slashdot....even if it was just a sig.

Re:yeah, it was the RIAA (0)

Anonymous Coward | more than 12 years ago | (#3553689)

My Linux box seems to be unaffected. Bahahahaha! Off to download some more shitznit.

Re:yeah, it was the RIAA (2)

tempest303 (259600) | more than 12 years ago | (#3553703)

Yeah, I'm grinnin' ear to ear as well. While I don't think it was RIAA that created this, I found this part f*cking brilliant:

Congratulations on your free copy of photoshop (which is alright because you wouldn't have bought it), Windows XP (which is alright, because Microsoft is evil), the new Dave Matthews Band CD (which is alright, because the RIAA is evil), and that DivX of episode 2 (which is alright, because the MPAA is evil).

Couldn't have said it better. *applause*

Re:yeah, it was the RIAA (1)

tempest303 (259600) | more than 12 years ago | (#3553729)

grr. my Lameness Engine must be kicking in - i re-re-reread your post, and you obviously don't think that RIAA made the worm either.

happypollylogies all around.

Re:yeah, it was the RIAA (2, Insightful)

grung0r (538079) | more than 12 years ago | (#3553752)

I know the RIAA didn't write it, it was proabably some self-rightous bastard alot like yourself. How can you possibly defend a company that acts the way RIAA members do? Do you think they care about you? You think all these "thives" go away that their gonna lower prices, or create good content? HA! They are using file sharing as an exuse to pass legislation that gives them a future stranglehold on content creation. "oh, you want to distrubute a song you wrote and performed? Not without the RIAA watermark seal of approval!" Stop defending companys whose soul goal is to make your computer into a nutered VCR, incapable of doing anything without the xxAA's express writen consent.

Death Nell (0)

Nanite (220404) | more than 12 years ago | (#3553499)

Goodbye Kazaa. If the spyware scheme didn't kill you, infecting all of users with viruses isn't going to help. I don't think you could PAY someone to use Kazaa after all of this crap.

Nanite

The Brilliant Worm is (0, Troll)

Haiku 4 U (580059) | more than 12 years ago | (#3553501)

what you get. Why use Kaaza??
It's a pile of shit!

Next Time A Warhol Worm? (5, Interesting)

cybrpnk2 (579066) | more than 12 years ago | (#3553513)

Some very scary research has been aimed at discovering just how fast a worm could infect the entire Internet. This is the so-called Warhol worm [berkeley.edu] , so named because instead of getting 15 minutes of fame, it would only take 15 minutes to infect the entire internet. If some nut combines a Warhol worm with a Kazza worm, we are in deep trouble.

Oh, by the way, STEPHEN JAY GOULD DIED (0, Offtopic)

Artifice_Eternity (306661) | more than 12 years ago | (#3553518)

This is not a troll, and it's not offtopic, if Slashdot is truly about "News for Nerds, Stuff that Matters":

The greatest evolutionary theorist since Charles Darwin died of cancer at his Manhattan home today... here's the New York Times obituary [nytimes.com] .

I submitted this story and it was rejected. Apparently Nintendo price cuts and the latest Star Wars box office figures are big news today, but not this.

I suggest that when Slashdot editors reject stories, they put their names on them, so we the submitters can start to figure out who ignores this kind of hugely important news in favor of trivia. Anonymous users are labeled as "cowards"... seems to me the same applies to anonymous editors.

Of course I fully expect this story WILL appear on the front page later tonight, or tomorrow, or better yet, in two or three days, after another 50 people have submitted it, and Taco or Timothy or somebody finally recogizes its significance.

Re:Oh, by the way, STEPHEN JAY GOULD DIED (1)

rkent (73434) | more than 12 years ago | (#3553585)

I submitted this story and it was rejected. Apparently Nintendo price cuts and the latest Star Wars box office figures are big news today, but not this.

Boo hoo for you, did you consider that maybe 13 other people submitted it before you, it's maybe 200 submissions down on the queue, and it might get posted later? Sorry your story got rejected and you don't get any karma, but please. Enough with the ragging on people because they talk about other stuff besides your pet topic.

I don't give a sh*t about karma. This is BIG NEWS. (1, Offtopic)

Artifice_Eternity (306661) | more than 12 years ago | (#3553647)

Sorry your story got rejected and you don't get any karma, but please. Enough with the ragging on people because they talk about other stuff besides your pet topic.

This is not the first time I (or people I know) have submitted matters of major general interest that have been ignored. I'm not a biologist or paleontologist, so it's not my "pet topic," but I'm smart enough to recognize that Gould was a genius and a major figure in the history of science.

Apparently you, like the nameless /. editor who rejected the story, are not.

STFU troll (0)

Anonymous Coward | more than 12 years ago | (#3553691)

no one gives a shit, that's why there is the submit news feature of slashdot, if you want to write an article about it without it being rejected go to kuro5hin.org. until then, get the fuck away you damn dirty troll

Re:Oh, by the way, STEPHEN JAY GOULD DIED (2)

nomadic (141991) | more than 12 years ago | (#3553713)

Boo hoo for you, did you consider that maybe 13 other people submitted it before you, it's maybe 200 submissions down on the queue, and it might get posted later? Sorry your story got rejected and you don't get any karma, but please. Enough with the ragging on people because they talk about other stuff besides your pet topic.

I doubt the original poster cares about karma; he's complaining about the fact that the editors just have no apparent ability to pick stories anymore. Gould was a brilliant scientist whose passing should be major news. Instead we get an endless succession of stories about file sharing and wireless networks. Interspersed, ironically, with self-congratulatory stories about how brilliant, well-rounded, and scientifically literate geeks in general are.

Re:Oh, by the way, STEPHEN JAY GOULD DIED (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3553601)

$10 says it's written by taco when it is put out.

Re:Oh, by the way, STEPHEN JAY GOULD DIED (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3553639)

Dude, don't send in links that require registration.

Re:Oh, by the way, STEPHEN JAY GOULD DIED (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3553657)

You're completely right. That's a much more interesting and important story than the usual nonevents that make the front page. Have to post anonymously since I modded the parent up.

Re:Oh, by the way, STEPHEN JAY GOULD DIED (1)

tgibbs (83782) | more than 12 years ago | (#3553663)

A great loss, not merely for his contributions to evolutionary theory (and whether you agree with him or not, he has undeniably raised crucial issues that have stimulated progress in the field), but for his contributions to scientific history, and showing that serious scientific writing does not need to be dull or stilted.

I agree, this deserves its own topic. But this thread is sort of about evolution, isn't it?

JESUS MADE THE UNIVERSE (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3553673)



Evolution is of the Devil.

Jesus made the Heaven in 6 days, and made it feel good to have sex. That's why we do it!

Evolution is just more Yankee bullshit. Ever since reconstruction, the Yankees have been destroying the truth.

Praise God.

ps Jesus got deathstar !

Oh, by the way, MY HARD ON DIED (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3553693)




Last, last night, after ramming my tight asian girlfriend, her butt blew and I totally lost it.

How is it activated? (4, Insightful)

Shagg (99693) | more than 12 years ago | (#3553521)

The way I understand the article, it replicates itself in someone's share directory and waits for other Kaaza users to download it. How is it executed on the remote user's computer then? Do they have to specifically run the virus program, or is there a security hole in the Kaaza client somewhere that automatically executes the virus?

I'm assuming users that download this file must specifically execute it. If this is true, then IMHO any person who downloads an unknown .exe from a P2P network and runs it without at least scanning it, deservers what they get.

Re:How is it activated? (1)

eddy (18759) | more than 12 years ago | (#3553606)

I don't see how it can deserve the designation worm if it takes user intervention to spread, both a) to download it and then b) to execute it, which is the impression I got from the Kaspersky bulletin.

Wouldn't simply trojan be a better fit?

Indeed, the bulletin calls it a "worm". Let's continue doing that so as to not confuse matters even more than they already are regarding the designation of all these malware.

Re:How is it activated? (0, Troll)

rkent (73434) | more than 12 years ago | (#3553630)

I'm assuming users that download this file must specifically execute it. If this is true, then IMHO any person who downloads an unknown .exe from a P2P network and runs it without at least scanning it, deservers what they get.

Oh come on, cut some slack. You know as well as everyone that non-exe files are associated with an app based on extension, and double clicking (for example) an mp3 file opens it in WinAmp. So if this thing gets downloaded and aliased as "Simpsons Theme.mp3", you should be able to forgive people for double-clicking on it.

Re:How is it activated? (1)

Time_Ngler (564671) | more than 12 years ago | (#3553749)

If it's aliased from exe to mp3, I don't think it would run. It would try to open it as an mp3 file then.

Re:How is it activated? (1)

kilroy_hau (187226) | more than 12 years ago | (#3553677)

Agreed until the last phrase. If you use a P2P network to copy an exe you cannot know what are you gonna get.

But scanning a NEW worm is next to useless if you don't have the latest antivirus, which is updated after this worm has been released and infected several machines.

Re:How is it activated? (3, Funny)

bonzoesc (155812) | more than 12 years ago | (#3553756)

The Kazzzasaazaz installer connects to the FastTrack network to download the actual filesharing program (the functionality in the installer + search + spyware and ads and robot monkeys that confuse your clock cycles for bananas and eat them while throwing monkey poop all over your hard drive). Since the client itself also has built in functionality to display stuff, it would be entirely possible to exploit a buffer overflow bug or something like that that slipped through the probably non-existend QC or some such.

But Kaszzzasdfddsafaszzza is for frat boys, sorostitutes, and pre-teen girls. Real men use FTP or DC++ [sourceforge.net] .

Clever RIAA Creation (2, Insightful)

BlueFall (141123) | more than 12 years ago | (#3553523)

Is this a clever RIAA creation?

What an incredibly irresponsible statement. Don't go pointing fingers until you have some evidence.

Re:Clever RIAA Creation (4, Interesting)

Aexia (517457) | more than 12 years ago | (#3553620)

Yes, quite irresponsible. After all, when has the RIAA ever done anything malicious [slashdot.org] to innocent computer users' systems?

BBC -- RIAA responsible (3, Interesting)

hether (101201) | more than 12 years ago | (#3553524)

The BBC reported this earlier today:
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1 998000/1998686.stm [bbc.co.uk]

I agree with the idea that the RIAA would definitely have motive when it came to a worm like this, or some random RIAA suporter. Good thing most intelligent people quit using Kazaa a long time ago, or for sure when they found out about the spyware.

Re:BBC // RIAA responsible (0)

Anonymous Coward | more than 12 years ago | (#3553551)

I should have been more clear. I didn't mean to indicate the BBC thought the RIAA was responsible. Just that my post was about both.

Re:BBC -- RIAA responsible (2)

jacoplane (78110) | more than 12 years ago | (#3553600)

I don't see the RIAA mentioned at all in that article. Perhaps your link is incorrect?

Yeah... (0)

Anonymous Coward | more than 12 years ago | (#3553664)

Intelligent people switched to Kazaa Lite [lunarpages.com] .

The money trail.... (3, Insightful)

Mhrmnhrm (263196) | more than 12 years ago | (#3553526)

Doesn't necessarily point to the culprit. Just because the webserver is hitting/serving up whatever the ad of the hour is, doesn't mean the person getting the checks is the virus writer. How difficult would it be for instance, for a blackhat to write a virus, have it hit/serve a bazillion ads, but send the money to a certain John Ashcroft, who just happens to live in DC, with a job at the DOJ? Especially given the talents of a true blackhat, this wouldn't be difficult at all. Unfortunately, that's what these posts of "Follow the money trail" are doing... it's entirely possible the writer borked up bigtime, but more likely that someone's being made a stooge, and that the money is just a red herring.

Easy to catch the creators? (2, Interesting)

tekBuddha (546826) | more than 12 years ago | (#3553528)

From the article:

"In addition to eating up free disk space Benjamin takes additional actions: under the name of the infected computer's owner it opens an anonymous web site from which it displays advertising banners. This way Benjamin's creator profits by the resulting increase in advertising displays."

Wouldn't it make sense then that you could track the creators of the worm to whomever is collecting the payout of these banner ads or am I misunderstanding how its working?

And this surprises anyone... Why? (2)

wowbagger (69688) | more than 12 years ago | (#3553531)

Perhaps I am paranoid, perhaps I am an old fart, but I cannot see trusting any file I got from any of the P2P systems for precisely this reason.

Re:And this surprises anyone... Why? (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3553649)

Shut up you paranoid old fart.

Re:And this surprises anyone... Why? (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3553665)

Perhaps I am paranoid, perhaps I am an old fart, but I cannot see trusting any executable file I got from a remote host for precisely this reason.
I corrected your post for you.

Using P2P (3, Interesting)

tswinzig (210999) | more than 12 years ago | (#3553534)

Big whoop. P2P becomes the latest transport mechanism for viruses. It's not exploiting a hole in Kazaa, it's just sharing a folder with virus-infected executables labeled with intriguing names that are likely to be downloaded by Kazaa users.

If these users are then dumb enough to run an executable file they download from an unknown source, they will be infected.

Wow.

Irony. (-1, Offtopic)

vidnet (580068) | more than 12 years ago | (#3553549)

Isn't it ironic that these people, who are parasites on the belly of the commercial bear, now have a worm of their own? If I were christian, I'd say this is the solution like aids to the homosexuals.

Re:Irony. (1)

grrlygeeky (460034) | more than 12 years ago | (#3553736)

Yeah, because AIDS is a purely homosexual phenomenon. It doesn't spread like wildfire through unsafe heterosexual relations in Africa. It certainly doesn't affect heterosexual drug users, people who have had blood transfusions, ordinary everyday heterosexuals whose mate had an unwise affair. I'm sure a loving god smites innocent people to "cure" the world of men who love other men, while doing nothing to wife batterers, rapists, child molesters, and other creeps. This worm may be a well deserved plague on thieves, but don't compare it to a misbegotten theory that blames a real tragedy, AIDS, on its own innocent victims.

Requires user intervention (1)

ZiGGyKAoS (86253) | more than 12 years ago | (#3553555)

awww this requiers that the user download and run it in order for it to infect the computer.

One of these days there is going to be a serious flash worm on that fasttrack network. All one would have to do is find a buffer overflow in the server portion of it. Each computer knows about several others as a function of the program so finding exploitable hosts should be as trivial as doing a netstat -a.

Infected? (5, Interesting)

rkent (73434) | more than 12 years ago | (#3553556)

Okay, so... who's infected? any slashdotters get the

"Error:
Access error #03A:94574: Invalid pointer operation
File possibly corrupted."

message yet? If so, what did you do to clean up? Neither of the 2 articles gives a very good indication of that; I guess I'd start by deleting \windows\system32\explorer.scr and \windows\temp\Sys32, and removing these registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cu rr entVersion\Run]
"System-Service"="C:\\WINDOWS\\SYSTEM\\EXPLORER. SC R"

[HKEY_LOCAL_MACHINE\Software\Microsoft] "syscod"="0065D7DB20008306B6A1"

Seems like that should keep it from spreading, but that won't prevent a reinfection. Oh well; at least there's a popup notice when you get infected. that's nice.

Looks like fasttrack users (kazaa, morpheus, AND grokster) are catching on... about 1/5 as many users on as usual for this time of day. And before you flame me as a pirate, I only trade Simpsons episodes which aren't available for sale yet :)

Re:Infected? (0)

Anonymous Coward | more than 12 years ago | (#3553632)

Excuse me, but how does the fact that you "only trade episodes that aren't available for sale yet" make you not a pirate? Is it only piracy if you rip copyrighted material that has made its way to DVD?

"No, officer, see, I wasn't speeding. This is the 2003 model of this car, so it's not speeding until January first."

Re:Infected? (1)

rkent (73434) | more than 12 years ago | (#3553675)

Is it only piracy if you rip copyrighted material that has made its way to DVD?

Well... sort of. As far as I'm concerned. I used to tape the reruns off TV, is that piracy, too? All I'm doing is filling holes in my collection. I already bought the season 1 DVDs, and will most likely get season 2 as soon as it comes out.

If you think that a 40 or 50M mpeg is anything like a replacement for DVD-quality audio and video (and therefore an excuse to not buy the DVD), you must not have watched one.

Re:Infected? (0)

Anonymous Coward | more than 12 years ago | (#3553732)

I'm not saying these crappy-bitrate-from-crappy-signal is nearly the same as DVD quality, but all the same it's breaking the law. If you recorded it yourself for your own use, sure, no problem. But just because you could have and didn't doesn't give you the right to 'round out your collection' from other people's collections, or to help other people with the same.

Re:Infected? (0)

Anonymous Coward | more than 12 years ago | (#3553651)

And before you flame me as a pirate, I only trade Simpsons episodes which aren't available for sale yet :)

How does the Simpons make it exempt? You're still breaking the law - just because its not for sale doesn't mean you have the right to download it and play it.

whats the difference (1)

lazelank (454849) | more than 12 years ago | (#3553557)

so this worm jumps onto your computer and puts ad software on it so you will have to wade through a million adds to read /. is this any different from kazaa already? o wait, you agreed to let kazaa do that when you clicked i agree after the eula.

meh

These poor script kiddies (4, Insightful)

Henry V .009 (518000) | more than 12 years ago | (#3553562)

Whenever I think of what could be achieved by a virus using a P2P system, I am all the more astounded by the limited imaginations of these puny 13-year-old hackers.

How about using a million computers working in parallel to break an weak encryption and read some third world govenment's military email?

What about creating a secondary virus that uses known windows vulnerabilities and has a mathematically reasonable replication scheme to install itself on hundreds of millions more computers, and then use that to bring down the entire internet on a given day?

What about turning these people's P2P servers into a humungous free proxy network, defeating internet censorship attempts of evil totalitarian regimes (like China)?

Re:These poor script kiddies (0)

Anonymous Coward | more than 12 years ago | (#3553684)

Because the possiblity is that you might get caught.. there is always that possibility, so you do something annoying; just to piss people off and stay anonymous. If you do get caught the charges won't be lowering the GDP of some third world country but just vandalism and some community service.

Re:These poor script kiddies (1)

Arakonfap (454732) | more than 12 years ago | (#3553694)

I agree completely!

It's always the same dumb worm/virus. Replication is the only real goal - no distributed computing, no political vendeta, not even maliciousness (which I'm thankful for, even though I needn't worry of infection).

This one has the popup ad thing, but my guess is the money is going to a randomly selected target.

This reminds me a lot of that viri/worm on the gnutella network a year+ back.

Malware (0)

Anonymous Coward | more than 12 years ago | (#3553566)

Sic Semper Malware

Bad Business (2)

Tazzy531 (456079) | more than 12 years ago | (#3553568)

Ever since the whole deal with Kazaa and spyware and using your computer for distibuted computing, I've uninstalled and left them for good. Come on...think about it. If a company does not have the "consumer's" best interests in mind, it will not be able to succeed. What are they going to do when there is a major security issue that opens up your private data to the world? "Ooops..who cares..not my fault..they aren't paying us"

Kazaa has turned into bad news waiting to happen.

Kazaa Lite? (1)

flatt (513465) | more than 12 years ago | (#3553573)

Anyone know how this thing is spread and if Kazaa Lite can get it even with the Brilliant Digital stuff disabled?

Advertising? (3, Informative)

jfengel (409917) | more than 12 years ago | (#3553579)

According to the article, the worm sets up a web site for doing advertising, presumably porn. I'd think that that the sites being advertised would be a good place to start figuring out who's responsible.

It's an amusing idea to use a worm to carry a proft-generating payload, but it sounds like it'll leave a really big paper trail. The more advertisers you get, the bigger the trail.

riaa (4, Funny)

mosch (204) | more than 12 years ago | (#3553582)

Is this a clever RIAA creation...
I mean you no disrespect, but you're a fucking retard.

"hey guys, I've got a great idea. let's make a virus that will expose ourselves to billions of dollars of liability, but will only shut down some minor piracy for a day or two, until anti-virus software makers have protection for it".

Re:riaa (0)

Anonymous Coward | more than 12 years ago | (#3553735)

"hey guys, I've got a great idea. let's make a virus that will expose ourselves to billions of dollars of liability, but will only shut down some minor piracy for a day or two, until anti-virus software makers have protection for it".
Since they have demonstrated that they own the most of the legislative and enough of the judicial branches of the Federal government, why do you think would this sound like a bad idea to them?

Cant beat them in court, stamp them out (1)

nurb432 (527695) | more than 12 years ago | (#3553614)

Seems pretty clear to me.. Its either the RIAA fighting back the only way they can, or a sympathizer..

Either way same result, people with nothing better to do, then mess with others.

And no i dont want to get into legality discussions.. its just a statment that people should mind their own damned business.

Cons-piracy theory (4, Interesting)

Kirby-meister (574952) | more than 12 years ago | (#3553626)

A lot of people will probably put this on the RIAA/other copyright crusaders, but I see P2P networks as a huge market for propogating virii and sending people trojans.

Large file-sharing networks like Kazaa have birthmarks in the shapes of bulls-eye's.

For fear of stating the obvious... (5, Interesting)

Restil (31903) | more than 12 years ago | (#3553631)

But if banner ads which will profit the creator of the virus are posted on every single infected computer... how hard would it be really to follow the money to find the author of the worm?

Or was I the first one to read the article? :)

-Restil

Am I crazy or what? I love spam! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3553642)



Why I love spam [com.com]

by Barry Dennis [mailto] info@Netweb.com [mailto]

Am I crazy or what? I love spam! My spam is important to me. In this new age of the Internet, I need the information and opportunities that e-mail marketing provides. So what's the big deal about spam? I think a few well-meaning but uninformed politicians and advocacy groups have decided what's good for us.

In the ancient, pre-Internet days, I used to get all kinds of mail in my U.S. Postal Service mailbox. The mail had stamps on it; later on it had imprinted postmarks of one kind or another. I was in the direct-marketing and mail-order business, so I used my name and address as a quality-control measure, just to see how long the mail would take to actually arrive at my house. As you can imagine, my name found its way to many different lists of one type or another, and I got lots of mail. Depending on the perspective of the recipient, it was called "junk mail" or "file 13 candidates," or "recyclable materials." Individual pieces included catalogs of every type and description, magazine and book club offers, resort vacation packages and credit cards. Can you believe it? Offering me, an entrepreneur, a credit card? Had they lost their minds?

And I loved it.

I loved reading the offers; I learned things and I even bought some things. They say the easiest sale is to a salesperson, and maybe that's true. But I was a tough customer. I only bought what I needed, or in some cases what I wanted, because they convinced me with good copy, attractive product art and presentation, and with offers backed by a guarantee. They convinced me I had made a great decision. They were (and still are) reaching out to satisfy my needs as their research indicated. Now, in addition to my mail at home and at the office, I get e-mails. Lots of e-mails. And for the most part, I love them. They tell me about things I'm interested in, such as services and products that might satisfy some of my needs. They provide information referrals, ideas and food for thought. And e-mails are smart. They don't require a postcard or envelope with postage to get more information--you just click "reply." Or in many cases, click on the "hot link" direct to the e-mailer's Web site.

Look, here's the deal. Spam is the "junk mail" of a few years ago. There is still "junk" mail, although I prefer to think of it as marketing mail--searching for new customers and reinvigorating established clients. My spam is important to me. In this new age of the Internet, I need the information and opportunities that e-mail marketing provides. The Internet is a new marketing channel, an information research assistant, and a replacement for some of those mail-order catalogs I used to request. And man, the response time!

The courts and the Federal Trade Commission long ago thrashed out the framework for people taking their name off mailing lists by using the Direct Marketing Association-maintained "opt out" list. Mailers run their list through the DMA and matches are culled for each person from that list. People don't get what they don't want. But did you know that many of the people on the DMA file have requested catalogs or information by direct mail within a few months of their "opt out?" Why? Because we have grown used to getting information this way. If we need to, we can do the same thing using the DMA, or the Internet Advertising Bureau, or another industry trade group.

So, what's the big deal about spam? I think a few well-meaning but uninformed politicians and advocacy groups have decided what's good for us, and in their zeal, they are trying to establish a new and unwarranted benchmark for the marketing channel we call the Internet, and for one of its components: e-mail.
We really have to fight this intrusion. E-mail is no less commercial speech than other forms of communication; e-mail is a new and--in some cases--a better way of quickly identifying, qualifying and servicing customers. Large catalog marketers are pleased with the growing percentage of Internet-driven business, and they use e-mail to offer specials and other information potentially valuable to their customers, at less expense than mail-only contact programs.

Not everybody has an e-mail address or access to the Internet: Approximately 70 million U.S. households have computers, out of 120 million total, but not all of the 70 million have access to the internet or e-mail. Most businesses do have Internet and e-mail. There are some e-mails I get that I don't want or appreciate: pornography, two credit card offers every day (give me a break!), and some others. But you know what I do?

Hit delete. I hit delete, and I'm free. As for the rest of my spam: Keep it coming!

about the writer
Barry Dennis [mailto] is president of Netweb [mailto] , an Internet and offline marketing and public relations agency.

virus? (5, Funny)

bilbobuggins (535860) | more than 12 years ago | (#3553650)

it seems to be bringing unsuspecting users machines to a crawl with full hard drives and clogging up the Fasttrack network with massive amounts of traffic

i had this virus once, only i named it 'roommate'.

Hmm (1)

skinfitz (564041) | more than 12 years ago | (#3553652)

I remember the topic of Kazaa infection being brought up on Bugtraq Bugtraq months ago.

...hyperlink?? (2, Interesting)

skinfitz (564041) | more than 12 years ago | (#3553687)

...I dont know what happened to the hyperlink there - here is the link in text form:

http://online.securityfocus.com/archive/1/254627 /2 002-05-17/2002-05-23/1

And another try at a hyperlink [securityfocus.com] .

Yep, Hit me. Here's what I did. (5, Informative)

sailor420 (515914) | more than 12 years ago | (#3553669)

Hit me the other day. Just noticed it last night, and I (think) I have it under control.

First, look out for small downloads, specifically anything with names such as "installer" or "downloader." I dont know how I got mine, but my brother's machine got hit after he tried to d/l the newest version of Britannica. Serves him right. When I went to see what he downloaded, I saw that it was a file around 700k.

Yes, it does spread over Kazaa lite.

Once it is installed, it proceeds to fill up your machine with approximately 700k files, usually in windows or winnt/temp/sys32. Thats where all mine were (Im running W2K).

However, dont go crazy yet. I downloaded the newest virus update for NAV (dated 5/17) and ran it. It picked all the downloads right up. Since they were all junk files that it had downloaded, I had it delete them all.

So far, so good. Havent had any recurrence since then (although this was last night, so I dont consider it enough time to truly test). Hopefully it really is this easy to clean up, but Im sure I will quickly find out.

Hope this helps.

free software innovation (0, Flamebait)

tps12 (105590) | more than 12 years ago | (#3553676)

bringing unsuspecting users machines to a crawl with full hard drives and clogging up the Fasttrack network with massive amounts of traffic

Sounds like Kazaa has finally caught up with Gnutella. Proof once again of OSS's superiority.

Virus companies need the virus makers (5, Interesting)

bigmouth_strikes (224629) | more than 12 years ago | (#3553690)

"This event once again demonstrates the necessity to filter all incoming files for viruses, regardless of how well protected this or any other network is. Before use all data should be run through a mandatory check for virus code using the latest virus database update," commented Denis Zenkin, Kaspersky Labs Head of Corporate Communications.
Gee, I'm so grateful for Kaspersky Labs that they provide this valuable information. They only forgot to add

"If you refer to this article, we'll give you $5 rebate off your next virus update purchase." added Zenkin with a smile.

As much as we need the anti-virus software, the anti-virus companies need the virus makers. Without a worm or a virus that makes CNN headlines every 6 months, people will forget to buy updates, patches etc etc. The public forgets quickly, and will not buy new products from the AV companies if they don't feel a threat.

Sure, the problem is real, but part of me can't shake the feeling that somewhere there is a anti-virus company executive ordering a new plasma HDTV when he sees this news. Or maybe it's just becase X-Files ended yesterday that I'm seeing conspiracies everywhere.

AudioGalaxy (1)

psycht (233176) | more than 12 years ago | (#3553742)

i guess it would be under a similar assumption that this worm could target other sharing software like AudioGalaxy, imesh, limewire, etc..

any word on the truth of this?

Hard to tell the worm from the software (5, Insightful)

BCoates (512464) | more than 12 years ago | (#3553754)

Hmm, uses your drive space and bandwidth, pops up ads, modifies your system configuration without your permission...

Looks to me like the only difference between this trojan and the programs it comes in is that one has a EULA.

Time for virus writers to wise up and disclaim liability with an incomprehensible clickthrough like all the other writers of malicious code...

--
Benjamin Coates
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?