Fake media file snares PC users

[bramhall]

"The fake file poses as a music track, short video or movie. Those running the fake file get bombarded with pop-up ads and risk compromising the safety of their PC.

The fake file or trojan has been widely distributed on the eDonkey and Limewire file-sharing networks.

The file has many names and is written in different languages to trick people into downloading it. The titles make the file appear to be music tracks, pornography and full versions of popular movies"

Full story from the BBC

[Bamb0]

Just one reason why those networks are no good...

[bramhall]

By the same token email, WWW, letter/parcel post, fire &c are no good either, because they all can be used for malicious purposes.

[DrStrabismus]

By the sound of it, it's simply an unplayable file, and you get told to install a codec/player to play it. That trick's been around for many years. It used to be much worse, connecting dialup modems to premium-rate lines.

[theog]

Quote:

Originally Posted by bramhall

By the same token email, WWW, letter/parcel post, fire &c are no good either, because they all can be used for malicious purposes.

Not the same... those file sharing programs open your computer to all types of vulnerabilities.

When I was heavy into computer repair, 8 to 9 times out of 10 when a computer came in infected with multiple trojans/malware/viruses, etc, etc... it had a file sharing program on it. Coincidence?

In addition, those same programs also share parts of your computer that you never intended on sharing... people can search your computer and pull up files, like your tax documents, from folders you never wanted to share. These programs open a super highway straight into your computer for hackers/crackers, etc....

I'd say only an idiot would use one of these programs on their main computer... at least put it in a virtual pc so your main computer is not hacked/cracked/data stolen.

Outside of copyright infringement I don't see a reason to use these programs anyway. And when I worked in computer repair, I NEVER EVER seen a computer with one of these programs that DID NOT have illegal files on it (even when files were questionable, people would openly brag about their "free" files and wipe out all doubt). Coincidence? Just the draw of my luck?

[DrStrabismus]

I think that's a bit of an exaggeration. From what I've heard, all the cases of people sharing private files have been due to the user explicitly selecting their personal folders, or entire drives, for sharing.

I don't know much about the older proprietary clients, which I wouldn't touch with a bargepole, but I don't think something like eMule is particularly insecure. The real problem is people that are willing to run or install unknown software willy-nilly. The example above is a case in point, nothing bad happens in downloading the file, or attempting to view it, it's installing the codec/player that causes the problems.

I suspect that if you were to look at modern infected machines you would find that 90% had been used on social-networking sites; it doesn't imply a causal relationship.

[theog]

Quote:

Originally Posted by DrStrabismus

I think that's a bit of an exaggeration. From what I've heard, all the cases of people sharing private files have been due to the user explicitly selecting their personal folders, or entire drives, for sharing. .

Not an exaggeration... If you want to take the chance, that is up to you. These programs are not secure. Search your feelings. You know it to be true.

Quote:

I don't know much about the older proprietary clients, which I wouldn't touch with a bargepole, but I don't think something like eMule is particularly insecure. The real problem is people that are willing to run or install unknown software willy-nilly. The example above is a case in point, nothing bad happens in downloading the file, or attempting to view it, it's installing the codec/player that causes the problems.

Agree... that is the problem.. unfortunately, when people are looking for a program they don't want pay for, then they install programs and hacks that automatically place spyware/malware, etc, on their computer. Or even a file they think contains music or anything else... As I mentioned in another thread, kids are the targets....

Quote:

I suspect that if you were to look at modern infected machines you would find that 90% had been used on social-networking sites; it doesn't imply a causal relationship.

Modern infected machines? What does that mean? Nevermind...

I have looked at many different types of machines... ... I think years of working on computers and noticing a pattern would count for something. I Find Your Lack of Faith Disturbing.

I remember an ex competitor of mine told me once he would install bearshare, and other fileshare programs back on the computers at the owners request. He said that was a guarantee they would be back.

People in the industry look at this as a joke....

Let me give you guys/gals your thread back before someone gets upset I'm attacking their use of a fileshare programs.... just be careful people... if you must download copyrighted material using these programs, then at least use a spare computer or use in a virtual pc.

Good luck to you all. May the force be with you.

[Merovingian]

Quote:

Originally Posted by theog

Good luck to you all. May the force be with you.

the force is strong with this one.....

[DrStrabismus]

Quote:

Originally Posted by theog

Not an exaggeration... If you want to take the chance, that is up to you. These programs are not secure. Search your feelings. You know it to be true.

I would suggest you search the vulnerability databases instead. Both mldonkey and emule have a better security history than Opera. If you believe they share files they shouldn't, you should quote the appropriate security advisory and stop spreading FUD.

Quote:

Agree... that is the problem.. unfortunately, when people are looking for a program they don't want pay for, then they install programs and hacks that automatically place spyware/malware, etc, on their computer.

In other words it's the reckless use of executables that's the risk, not file-sharing itself

Quote:

I have looked at many different types of machines... ... I think years of working on computers and noticing a pattern would count for something. I Find Your Lack of Faith Disturbing.

If you'd worked in a bank you might have noticed the pattern that most bank robbers have guns. Would you have inferred from this that most people with guns are likely to become bank robbers?

[xmailer]

Yep. And since almost all those whose computers have become infected have keyboards, mice, and monitors connected to their systems, it also logically follows that using any of these devices is a serious security risk.

What it probably actually shows is that some of those who "obsessively" seek out "free stuff" online may also have some tendency to be overly-trusting of everything they download, not necessarily that the fileshare programs/systems are a security hazard in and of themselves.

I had a girlfriend who probably spent 90% or more of her computer time downloading music files with some such file sharing program and running antivirus and antispyware programs to rid her system of all the malware which kept popping up. On the other hand, her son spent most of his computer time visiting porno and gaming sites on the same computer. Although I may never be sure, I strongly suspect that the latter was the greater source of her malware problems.

[theog]

Quote:

Originally Posted by DrStrabismus

I would suggest you search the vulnerability databases instead. Both mldonkey and emule have a better security history than Opera. If you believe they share files they shouldn't, you should quote the appropriate security advisory and stop spreading FUD.

In other words it's the reckless use of executables that's the risk, not file-sharing itself


If you'd worked in a bank you might have noticed the pattern that most bank robbers have guns. Would you have inferred from this that most people with guns are likely to become bank robbers?

I really feel very sorry for anyone who would listen to you. PC repair people love comments like yours thought.

Like I said, I'm done with the debate ...

If you are reading this and use one of these programs to download your illegal music/copyrighted programs... bottom line is you are best to install these types of programs into a virtual pc or on a computer you only use for testing/downloading.

Of course, you could use one of these programs for 100 years and nothing ever bad happen... but it only takes one time for someone to used one of these programs to steal your identity, steal your data, or destroy your computer (data). No FUD, it is a real threat.


For fun:

I would suspect if I worked in the gun industry fixing guns, and almost everyone in my neighborhood who owned a gun brought it in for me to fix and I found out that 9 out of 10 of the guns that came in had been used in a bank robbery, I'd suspect something was aloof. Even more so if there were lines outside of banks with people waiting to rob them. I guess you would think that was normal...

I guess people also believe their "secured" wireless connections are safe as well.

[theog]

Quote:

Originally Posted by bramhall

"The fake file poses as a music track, short video or movie. Those running the fake file get bombarded with pop-up ads and risk compromising the safety of their PC.

The fake file or trojan has been widely distributed on the eDonkey and Limewire file-sharing networks.

The file has many names and is written in different languages to trick people into downloading it. The titles make the file appear to be music tracks, pornography and full versions of popular movies"

Full story from the BBC

I guess the one thing people want to know is how to share files and download files with minimal risk... instead of reading bickering:

King of penguins listed a good program:

Virtual box: http://www.sun.com/software/products/virtualbox/get.jsp

OS: http://www.ubuntu.com/getubuntu

I had some trouble with linux in virtual box... although, it was minimal issues. At the end, my only issue was the installing the program to allow the virtual pc to maximize the screen. No biggie. OS is still usable for file sharing and I'd guess the issue could be fixed since I did not spend any time researching this particular issue.

Many of the file sharing programs install to linux.

You could also use Linux in a dual boot... I'd not recommend that, I'd rather contain the threat in a virtual pc.

In a virtual pc, there is very little chance of a malicious download jumping over to your windows box. Impossible? No. Highly improbable? Yes. Well, I guess you could move a malicious file over.

If you had the money, I would recommend the virtual pc, with a windows os installed... of course this is not free... you will have to pay for another windows license.

The other suggestion is to install one of these programs on a spare pc... it does not have to be a "good" pc, just one that works well... with anti-virus software and the file share program.

Last suggestion is not to use these programs at all. Not only due to security issues, but also potential legal issues... I'd guess everyone knows about those... Not an issue until you are sent a letter. But I guess that is more fud.

[xmailer]

Quote:

Originally Posted by theog

Last suggestion is not to use these programs at all. Not only due to security issues, but also potential legal issues... I'd guess everyone knows about those... Not an issue until you are sent a letter. But I guess that is more fud.

Fortunately, the greedy corporate interests don't always prevail in their campaign against these "dangerous criminals". But this may be bordering on legal and/or political discussion.

But I supposed if one really wants to be as safe as possible, it might be best to sever one's connection to the Internet altogether, and perhaps one's phone line as well...and, of course, never leave the house unless absolutely necessary....

Seriously, I'm not bickering over your "practical" suggestions, just ribbing you a bit about what might seem your subtle(?) moral undertones. (That is, assuming you wouldn't violate the forum rules by actually offering legal advice here )

[theog]

Quote:

Originally Posted by xmailer

Fortunately, the greedy corporate interests don't always prevail in their campaign against these "dangerous criminals". But this may be bordering on legal and/or political discussion.

But I supposed if one really wants to be as safe as possible, it might be best to sever one's connection to the Internet altogether, and perhaps one's phone line as well...and, of course, never leave the house unless absolutely necessary....

Seriously, I'm not bickering over your "practical" suggestions, just ribbing you a bit about what might seem your subtle(?) moral undertones. (That is, assuming you wouldn't violate the forum rules by actually offering legal advice here )

And your contribution as to the best way to load these programs is to disconnect from the internet?

You could do that, although, I don't think it would be practical.

The best option would be to do what I suggested above your post... I provided several relevant suggestions that were on topic...

The issues in my mind are:

Do you use these programs?

If you do, how do you keep your data safe so you are not the victim of identity theft, data loss, etc?

How do you keep your computer safe against hackers/crackers, the programs themselves?

I don't think you can have a discussion about these programs without stumbling into the legal side, with all the cases being thrown about. You can post one link, but be reasonable. If you are downloading and sharing illegal files (music/programs), then you should be sued. But that is not the issue...

The issue is how do you keep your data safe (not shared) so you are not sued? Again, I provided some suggestions... outside of disconnecting from the internet.

After spending years in legal, I know the difference between providing legal advice and not providing legal advice, thank you.

[xmailer]

Quote:

Originally Posted by theog

I don't think you can have a discussion about these programs without stumbling into the legal side, with all the cases being thrown about. You can post one link, but be reasonable. If you are downloading and sharing illegal files (music/programs), then you should be sued.

First, it's not necessarily a given that those using file sharing programs are downloading/sharing "illegal" files (although I think it might be more accurate to suggest that they may be illegally distributing files, not that the files themselves are necessarily "illegal" per se, although that's admittedly hair-splitting), but that may be a decision for the courts to make, perhaps on a case by case basis, in some cases.

Secondly, if one is illegally "distributing" files, whether or not they "should be" sued is as much a moral question as it is a legal one, and obviously people's morals differ. Presumably those doing so don't consider themselves to be acting "immorally."

Quote:

But that is not the issue..

Exactly. That is, at least I assumed that the primary issue under discussion here was the question of "'security", or "safety", when sharing files, and it seems to me that the "legality" or "illegality" of the files shared is entirely irrelevant to that issue. That is, the "safety" of sharing files isn't necessarily in any way related to either the "legality" of the files themselves or the legality of the method in which they are shared.

Quote:

The issue is how do you keep your data safe (not shared) so you are not sued?

That may be your issue, but I wasn't under the impression that that was the primary issue under discussion in this thread in general. Again, I thought that the primary issue under discussion here was computer security or "safety", rather than legality.

Quote:

Again, I provided some suggestions... outside of disconnecting from the internet.

Yes, you did. And I wasn't "challenging" those suggestions, but merely suggesting how one might be even "safer" still.

Quote:

After spending years in legal, I know the difference between providing legal advice and not providing legal advice, thank you.

And I know the difference between strictly legal observations and moral observations related to legal issues.