When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Earthstation 5 Claimed to be Malware

It turns out that the "popular" file sharing tool isn't all that meets the eye!

ES5 info

--------

EarthStation 5 (aka ES5, aka ESV) (https://www.earthstation5.com and https://forums2.es5.com/) is a P2P application first released about 6-12 months ago. The people behind ES5 claim that ES5 is the most secure P2P software in the world. They also claim that they are security experts, and that they have more than 15 million simultaneous users on-line 24/7. In comparison Kazaa, the most popular P2P application, only has about 4 million simultaneous users on-line at any given time of day.

Malicious code

--------------

There exists malicious code in ES5.exe's "Search Service" packet handler. By sending packet 0Ch, sub-function 07h to the "Search Service"'s IP : Port, a remote attacker could delete any file the user is sharing. If the remote attacker uses "filenames" with a relative path in them (eg. "..\..\..\WINDOWS\NOTEPAD.EXE"), the remote attacker could also delete files in eg. the windows and windows\system32 folders, or any other folder on the same partition as any of the shared folders. Since most users using Windows are in the Administrators group, a remote attacker could also delete the C:\BOOT.INI file which is a required boot file used by ntldr.

IMPORTANT: This is not a bug! They intentionally added this code to ES5.

View: Earth Station 5 Homepage

View: ES5 Declares War on MPAA, RIAA

View: Revelation on Full Disclosure Mailing List

News source: Slashdot.org

Report a problem with article
Next Article

"Matrix" Finale Set for "Zero Hour"

Previous Article

nnCron LITE 1.15

Join the conversation!

Login or Sign Up to read and post a comment.

-1 Comments - Add comment