Earthstation 5 Claimed to be Malware 548
Rob from RPI writes "You may remember the announcement about a company, or program, or both called Earthstation 5 who recently 'Declared War' on the MPAA. Well guess what? Turns out that it's got code in it that allows anyone to delete any file on your computer. I suggest that you un-install as soon as possible!"
Geocites eh? (Score:5, Informative)
Because the link is on geocities it's sure to be
Don't trust code from sources you don't know. I only provide these for the inevitable geocities
Not surprising (Score:3, Funny)
Just goes to show you can't trust anyone but the RIAA for f'air and balanced info-warfare:)
Stupid stupid people. (Score:2, Interesting)
Re:Stupid stupid people. (Score:2)
It's much better to know your enemies. I wonder if we could call this network terrorism? Someone call ASScroft!
Re:Stupid stupid people. (Score:2, Funny)
Re:Stupid stupid people. (Score:2, Insightful)
In a computer's case, it's knowing as much about the program you're about to install as you can and monitoring your computer to see what's going on with it. That way, malware stands a smaller chance of screwing with your system.
This is absolutely shocking. (Score:5, Funny)
Earthstation 5 is a GODSEND (Score:5, Funny)
Just what the MPAA wants... (Score:2, Funny)
Re:Just what the MPAA wants... (Score:3, Interesting)
I don't have to uninstall... (Score:3, Funny)
Well yeah.. (Score:5, Insightful)
Re:Well yeah.. (Score:2)
they can delete any file i care
Earth Station 5 - legalese (Score:5, Funny)
Re:Earth Station 5 - legalese (Score:3, Funny)
Tinfoil alarm! (Score:4, Insightful)
...or a brilliant MPAA/RIAA tactic (Score:2, Funny)
2. Once everyone has it, delete all pirated files
3. Profit!
I half wish they'd actually do that - maybe it would incite a full boycott. Though I am happy with the understanding that their sales are declining already.
Re:Tinfoil alarm! (Score:5, Insightful)
I just get annoyed when I hear a computer attack referred to as an effective terrorist strategy. I certainly could survive if my computer didn't turn on today; no terror here, just kind of disappointment. Perhaps something like this could be called a "bummer. oh well" attack.
Re:Tinfoil alarm! (Score:3, Insightful)
Nobody really cares if you can
Re:Tinfoil alarm! (Score:2, Insightful)
Bummer!! (Score:3, Interesting)
While I'm aware than ES5 doesn't concern government or big business, it could have devistating effects IF it did. Think instead of a business instant messenger. That would be just peachy, so you're running the missle control p
Re:Tinfoil alarm! (Score:3, Insightful)
Because you just know that a well organized technologically sophisticated terrorist cell would target the average user's access to pr0n. Hit us where it hurts, right? Infidel western devils just gotta have that pr0n.
Perhaps it hasn't occurred to you, but computers run: air traffic control, banking, train switching, power production and distribution, water treatment purification and distribution, and pretty much all communication technology at this point.
Having your computer not turn on might be an "aw b
Oh God not again... (Score:5, Funny)
Can someone please please PLEASE write a filter that excludes threads that mention the words "Israel" or "Palestine" more than once each?
Here, guys, stop arguing. I'll make all of your arguments for you:
Pro-Palestinian guy: Israel is guilty of $ATROCITY1, $ATROCITY2, and $ATROCITY3
Pro-Israel guy: Surely you're not comparing things like $ATROCITY2 to $ATROCITY4, $ATROCITY5, and $ATROCITY6, which were committed by Palestinians
Pro-Palestinian guy: Oh come on! $ATROCITY6 wasn't nearly as bad as $ATROCITY3! Besides, they only did it because of $ATROCITY3! If Israel had never committed $ATROCITY3 then the Palestinians wouldn't have had to have committed $ATROCITY6!
Pro-Israel guy: but the Israels only committed $ATROCITY3 as a defensive measure because the Palestinians committed $ATROCITY7!
Anyways, I've now said EVERY SINGLE THING every partisan in this argument has ever said and will ever say, so you can all just STFU.
Re:Oh God not again... (Score:3, Insightful)
Because of what the implecations of the actions 5000 years ago that let to the current state of injustice, future attrocities 9 and 11 will be committed in anticipation of attrocity 8. And the other side will preemptivly perform attrocity 13 to prevent numbers 9 and 10, but in doing so will actually guarantee that numbers 9 and 10 occur.
Seriously: these people would do well
Re:Tinfoil alarm! (Score:4, Informative)
Please check your history before you post. The Palestinians did not come into existence until 16 years after the British handed over 1/3 of what the UN resolution required to form present-day Israel.
That's either amazing ignorance you've got there, or just the most blatant bit of lying I've seen on Slashdot for days. The "protectorate" of Palestine existed between the two world wars, and was effectively a colony of the British Empire. Jewish immigration increased dramatically during this period, a result of increased interest in Zionism, itself largely a result of anti-Jewish activity in Europe.
Palestine may not have been an independent nation state, but the Palestinian people had existed as a distinct race since biblical times when the Semitic tribes split along religious grounds. Remember that Jews and Palestinians are both Semitic races.
Israel was created following the even bigger influx of Jewsih refugees after the Second World War. Many of these refugees brought bitter memories of the concenration camps with them, and a willingness to use force to gain a nation state. The British were unable to control the situation, having been effectively bankrupted by the war, and eventually pulled out after increased bombings of their official buildings, etc. The result was bloodshed, as the Jewish militias ehnically cleansed large parts of Palestine. Pretty ironic considering the background to the Jewish desire for a nation state.
Chris
Re:Tinfoil alarm! (Score:3, Informative)
ROFLMAO,
The Palestinian "race" started as a mixture of ancestral Jews who converted to Christanity, Hellenistic Greeks who converted to Christanity, and smaller ammounts of assorted semites who converted to Christanity during the later stages of the Roman Emp
Good thing it wasn't email (Score:5, Interesting)
Re:Good thing it wasn't email (Score:2)
It's always a pleasure to meet new friends. 'Cause
Re:Good thing it wasn't email (Score:5, Funny)
you must be new here.
Not surprising (Score:5, Funny)
Re:Not surprising (Score:3, Funny)
Queer Eye for the Straight GUI
they'll be more than glad... (Score:5, Interesting)
Methods known (Score:4, Interesting)
Seriously, it was good theory, but they didn't have anything earthshattering that couldn't be replicated.
I'll be watching for anything more that is discovered about motives. This seems to be the most curious and intriguing part of the story.
Battlestations... (Score:4, Insightful)
Re:Battlestations... (Score:2)
It doesnt delete my pron.avi's.
Unconfirmed, as of yet. (Score:5, Informative)
As of this writing, I haven't seen a single follow-up post.
Is it true? I don't know, Is it a hoax? I don't know that either. It has more than a few caveats about using the exploit, that's for sure.
What I do know is that that Geocities site with the exploit code will disappear bandwidth constrained faster than snot. :)
Re:Unconfirmed, as of yet. (Score:2, Interesting)
Re:Unconfirmed, as of yet. (Score:3, Informative)
A complicated world (Score:4, Funny)
Arggggghhhhh
Binary world-view is breaking down as we speak...
Who benefits (Score:2)
Earthstation 5 sounds like... (Score:5, Funny)
Indulging in paranoid speculation - tinfoil alert (Score:5, Insightful)
Let's say ES5 is an MPAA/RIAA front to discredit file sharing and harm filesharers.
Now, apparently, ES5 is in Palestine.
What better way to do "double damage" than to not only have a way to attack filesharers, but also to connect it to a location people associate with terrorism?
OK, tinfoil hat off now.
Re:Indulging in paranoid speculation - tinfoil ale (Score:2)
If you use a computer (Score:5, Insightful)
Re:If you use a computer (Score:2)
> that most people realize this
What people are you speaking of? The 50% of America that lives its life offline?
Re:If you use a computer (Score:2)
Screws me over WRT most open source software.
And that wipes out closed source software.
Re:If you use a computer (Score:2)
Dateline "Jenin, West Bank?" (Score:4, Funny)
Re:Dateline "Jenin, West Bank?" (Score:5, Funny)
So, the standard Tech Support staff?
Also look out for these P2P programs... (Score:3, Funny)
Babylon 5
The Dagobah System
now I know why my computer has been complaining (Score:2, Funny)
Not a buffer overflow? (Score:5, Insightful)
If it is malicious it seems odd that they would make it possible for ANYONE to delete someone elses files through crafted search strings, thus significantly increasing the chance of their nefarious plans being uncovered.
If it were me, and I was secretly working for the RIAA, I'd just code in a simple client/server protocol that the RIAA could use to delete people's files, entirely seperate from the normal operation of the program itself. This would be much harder to identify as malicious code.
Sorry, but this just looks to me like a bad "failure to chroot()" bug and not the big conspiracy theory its purported to be...
Re:Not a buffer overflow? (Score:2, Insightful)
I dont think that its simply something like a missing chroot() bug, i cant think of any good reason why you would have "delete file" command implemented in a P2P client... Fellow slashdotters, anyone got an idea why one would implement this?
Re:Not a buffer overflow? (Score:3, Interesting)
This could have been added as an "internal" feature and forgotten about it. It could have been added by one un-professional programmer, unbeknownst to the rest of the group. It could be in there on purpose, and the team is naive enough to believe it'll never get abused. It could be in there on purpose because they want it there and they don't care about the ramifications. And finally, it could be there because they have plans to use it some day
Re:Not a buffer overflow? (Score:5, Insightful)
Even in assembler its not too hard to see when an operation is a bug resulting from jumping to a bit
of code when some unexpected events coincide and jumping to the same bit of code when a SPECIFIC packet arrives.
Re:Not a buffer overflow? (Score:3, Informative)
I'm curious - how can it be determined without the benefit of source code for ES5 that the exploit isn't just a horrendous oversight instead of a malicious pre-meditated function of the software?
Well, I'm curious - what more proof do you want?
The FD post made it clear that a particular function of the ES5 software ("0Ch, sub-function 07h") caused the behaviour. That's a completely separate function that seems to have the sole purpose of deleting files remotely. The likelyhood of such code ever getting
Re:Not a buffer overflow? (Score:2)
Yeah, that's a good idea you have there. Obviously these guys are amateurs. No security expert ever notices when a program opens a second connection completely unrelated to the operation of the program. If they had done that they wo
Re:Not a buffer overflow? (Score:3, Informative)
A buffer overflow involves, guess it, overflowing a buffer. Putting a different byte in the command field of a packet -- without any changes in length -- is absolutely not a buffer overflow.
Jumping to a delete routine based on what's in that byte is not a "deliberate mistake".
As nice as it would be to do a bit of wishful thinking -- as a professional coder, I can state this behaviour was clearly intentionally added.
IT'S A TRAP! (Score:5, Interesting)
The first place I heard about E5 was on Slashdot, in a sig - I thought about trying it out, but something didn't seem quite right.
Too much flash and cash on the website, and sweeping claims that hadn't made it elsewhere turned me off.
I'm thinking it's the same 'spidey sense' that goes off when I get an email with an evil attachment.
Verify the presence of malware (Score:5, Funny)
Do people think before they download? (Score:2)
Anagram conspiracy theory (Score:5, Funny)
They're behind the whole thing, I'm telling you.
Re:Anagram conspiracy theory (Score:5, Funny)
I also found "SEVENTH TIT OF RIAA"
We all know the RIAA is a bitch, but this just proves it...
Heres the trojan code (Score:5, Informative)
Whois (Score:2, Funny)
Earthstationv Ltd., A Palestinian Corporation
Jenin refugee camp #23
Jenin (PS)
Rfugee camp? Palestine? Unless they lied on the registration I doubt this is RIAA.
Re:Whois (Score:2)
Re:Whois (Score:2)
What's the big deal? (Score:3, Funny)
where's the money? (Score:2)
Re:where's the money? (Score:2)
from http://www.earthstation5.com/homeweb.html [earthstation5.com]
It could happen with any closed source software.. (Score:3, Informative)
A bit tired of this argument... (Score:3, Insightful)
After all, there's probably a GPS tracking system, data recorders that records the times when you're over the speed limit, and other potentially privacy-compromising system hidden in any car you buy.
Do you trust the drinking water coming through your pipes? What, you filter it first? OK, have y
Re:A bit tired of this argument... (Score:4, Insightful)
Finally, something I know about... (Score:3, Informative)
The security exploit is being tested by members of the p2p community and has been shown to be a viable exploit (forum link: http://www.p2pforums.com/viewtopic.php?p=20323#20
The operators of ESV have been slow to directly answer questions regarding this exploit:(http://forums2.es5.com/index.php?act=ST&
Failsafe hypothesis [and a another foil hat :)] (Score:2, Funny)
Scenario 1:
Maybe this is not malicious. Possibly a way to protect people in the event that something bad happens, like all this hyped anonymity and encryption turns out to be trivial to crack. ES5 may have already developed a worm that spreads and exploits this function to delete all shared files on the network, which may be in the users' best interests.
Scenario 2 (aka Conspiracy theory 1):
Orrin Hatch is making good on his promise to destroy the PCs [slashdot.org] of filesharers around the world, while placing th
Let's be logical about it (Score:2)
If you really feel that IP ownership is bogus then this malware isn't really a problem because at worst it only destroys your Intellectual Property and not anything of real value. So, anybody who takes this off their computer doesn't really believe that IP doesn't have actual value and thus admits that IP theft really is theft.
Re:Let's be logical about it (Score:4, Insightful)
Stealing a book from a library == theft.
Photocopying the same book ==copyright infringement != theft.
Burning the book == damage.
See how simple logic is when you're not trolling
Obligatory Simpsons Quote (Score:2)
Please report to the broom closet to collect your prize!
Sounds just like that. All the movies you want, but once you've signed in, and proven you're simply stealing, they delete all your files, THEN sue you. It's a clever plan, too bad they got caught.
punish them... (Score:3, Funny)
$ wget -O
I was suspicious (Score:3, Insightful)
"The question then is 'why did they do it?' I'm sure they won't tell us, but here's a theory: They could be working for the RIAA, MPAA, or a similar organization. Once they have enough users on their ES5 network, they would start deleting all copyrighted files they own which their users are sharing. The users wouldn't know what hit them."
Can anyone come up with a plausible scenario where a P2P company would release software that destroys a computer, if it is not connected somehow to these groups?
Called it. (Score:4, Insightful)
-72
Could the MPAA / RIAA be behind this? (Score:3, Interesting)
Re:Could the MPAA / RIAA be behind this? (Score:3, Interesting)
That would place them in such an actionable position that I would probably have to beat back lawyers from my door with a broomstick.
I am not a lawyer, but I would venture to guess that an act such as the RIAA using an application to delete files from my computer to violate several laws, at least in my state:
unauthorized electronic trespass into a computer system
criminal destruction of private electronic d
ES5 is too shitty for this plan to succeed (Score:3, Funny)
It was such junk that I uninstalled it without even managing to find a single thing, illegal, legal, whatever.
If the application was designed to get a community and then hurt them, it is a real failure.
What I suspect is that the people behind ES5 really are a bunch of half-mad Russian programmers paid by oil-quaffing Saudis, who actually believe that their application rocks. And they planned to get 15m users, then approach the highest bidder, advertisers or *AA, selling the captured market. The "encryption" stuff is just to make it impossible to reverse-engineer ES5 clients, and the backdoor is just there to up the ante for selling their shit to the *AA.
A poor plan, horribly implemented.
Use only Open Source! (Score:3, Informative)
1. Use open source applications only.
2. Share files that you have the legal right to share.
3. If you do share some illegal file, see 1.
There are 1,000's of songs out there that can be legally shared, and there are tens of thousands of files/applications out there that can be legally shared. Share those and dump the RIAA/MPAA all together. There is a good Open Source P2P app out there called giFT. It can connect to OpenFT, Gnutella and Kazza (FastTrack). giFT [sourceforge.net]
the internet state in palestine (Score:3, Interesting)
im an israeli.
and to tell you the truth, i was a bit afraid to post any comments last time since i didnt want to get into the heat of the argument.
i just wanted to reveal some details regarding the state of the internet in palestine in an objective manner since i belive the cassual slashdotter might have percieved it wrongfully.
palestine is currently in a semi anarchistic state. which means that most of its people do not have an internet connection at their disposal.
a few years back israel started to provide palestinians with internet services.
we thought that it would do good to open their minds to other world perspectives and international media. we still have no clue regarding the outcome
afaik isps are very limited in palestine and most internet infrastructure is used for academic and government purposes. all internet traffic from palestine passed through israel, im uncertain whether this is true to this day, you can easilly check it.
so yes its our fault such things happen and so im terribly sorry that it is being put into bad use.
i would highly doubt that internet is available at jenin. jenin is a refugee camp in which people are forced to live in sub conditions which means,
its probably one of the last places to have internet in palestine. therefore, i would presume the whois is fake.
if a palestinian indeed wrote that software he would either be:
a. a student in one of the universities.
b. an arab israeli (the 20% of israeli population that live within us in peace which the media never mentions a thing about).
also, ras kabir is a fake name. it means
"big head" which means, the man in charge or someone who likes to take care of business.
and just to ensure you we were not the ones to write it
the israeli p2p app is a hacked version of kazaa lite
(which is a hacked version of kazaa located at
http://www.kazaa.co.il)
although only a low percentage of israeli p2p users actually use it. and it doesnt encourage piracy like es5.
thats pretty much it, im sorry if i hurt anyone
if you have any questions feel free to ask,
just take into mind that im not into starting any flame wars in the proccess.
RIAA/MPAA "honeypot" (Score:5, Informative)
On topic (Score:3, Insightful)
I posted what was one of the few on topic posts, and asked if anyone had actually used this program and if it was any good.
Some kind slashdotter responded that it was very buggy and already installed many viruses on his PC and on that note I gave it a wide berth.
Meanwhile everyone else in the discussion was totally engrossed in the Isreali - Palestinian flamewar and seemingly forgot what the origonal story was about.
The moral of this all is:
Well, stay on topic and you might learn something, but then again, fuck it, a good flamewar is always fun too!
Re:BAH! THIS IS JUST FUD (Score:3, Insightful)
On the other side of that, $16-20 is unreasonable. $10 would be fair, I think. Considering the hours spent in the studio recording, AFM scale per musician per song being $50 (and that's for low grade musicians), the cost of a decent engineer, cost of using a decent studio (that's not cheap), mastering costs... Then you've got to either spend $$ on an
Re:BAH! THIS IS JUST FUD (Score:2)
I'd maybe even go a little lower, perhaps to $8.00. I doubt that any cost in the cycle is more than that for producing a cassette tape.
What really gets my goat is that the price of a new release CD has never dropped. I remember in 1985 or so when the format was just getting traction the prices would be high. All the equipment was new and had to be paid for, people weren't sure it would be accepted, etc. So it cost about
Re:BAH! THIS IS JUST FUD (Score:3, Informative)
For expected gold-platinum cd's, $8
Re:Nice try, MPAA! (Score:2)
This came from the gaza strip.
It could easily be a true spyware. I am guessing that not only did they have code to delete, but I would be willing to bet that they had code to grab files other than what was in the exchange directory.
Amazing how useful closed source can be in the wrong hands.
This is more likely a terrorist outfit than MPAA.
Re:Nice try, MPAA! (Score:2)
Sure, it *says* it came from the Gaza Strip. Did you actually *verify* that? Or did you read the page, look at the WHOIS, and quit there, without doing a traceroute or anything like that?
And even if it really DID come from there, it isn't like Palestine is so removed from civilization that there's no way to get laundered money there from southern California....
Re:Nice try, MPAA! (Score:2)
As to the owners real background, that remains a mystery. Assuming that it was MPAA or RIAA is a mistake. I would think that they would do it here in the USA or europe before going to the west bank/strip, so I highly doubt it.
Re:Nice try, MPAA! (Score:3, Funny)
Re:Now tell the bastards what you think! (Score:5, Interesting)
earthstation5.com Back-order this name
Domain EARTHSTATION5.COM
Date Registered: 2/26/2002
Date Modified: 6/13/2002
Expiry Date: 2005-2-26
DNS1: ns1.earthstationv.com
DNS2: ns2.earthstationv.com
Registrant
Earthstationv Ltd, A Palestinian Corporation
Jenin refugee camp #23
Jenin (PS)
NONE
Administrative Contact
EarthstationV Ltd., A Palestinian Corporation
Mr Domain Administrator
Jenin refugee camp #23
Jenin (PS)
NONE
067351065
67351065
ras@earthstationv.com
Technical Contact
EarthstationV Ltd., A Palestinian Corporation
Mr Domain Administrator
Jenin refugee camp #23
Jenin (PS)
NONE
067351065
67351065
ras@earthstationv.com
Registrar: NameScout.com
Re:Now tell the bastards what you think! (Score:3, Informative)
Man! All this time I've been putting my real name and address on like a sucker. Which is a pisser, b/c it really bothers me that people can look me up if they find something offensive on my website.
Re:Now tell the bastards what you think! (Score:5, Informative)
The *maintainer* of Earthstation V's domain record is fom Israel. I do not know what this signifies.
To see this, go here [ripe.net] and click on the mnt-by ("maintained by") link.
Re:malware? (Score:2)
It would have been closed source, but a "secured" program. Would you have downloaded this program? Quite possibly. Would you have chrooted it to make it secure? probably not?
WOuld you have cared that it came from an enemies (al qaeda) stronghold and noticed that this is more likely to be a spying tool and not mpaa/riaa tool? not likely.
Re:Blimey! (Score:2)
Boot into safe mode, attrib the files with -a -s -r and delete at will.
You might also look at using System Restore, assuming you're using XP.