A trojan named Troj/Qhost-AC, has been spotted on torrent sites labeled as a keygen for popular software. But in a strange surprise, the trojan would modify the users host file, rather than generating a key, changing popular torrent web sites like, The Pirate Bay, Suprbay (The Pirate Bay forum) and Mininova, the two most popular torrent sites on the internet to 127.0.0.1, making it impossible to visit these sites.The Trojan caused pop-ups on users screens and played a sound file saying "downloading is wrong". The Trojan didn't install any other spyware or malware onto the victims PC, other than blocking the three web sites, something that many users thought was strange.
The torrent has since been removed from the web sites, but leaves many users asking who is behind this? Many users question it is another attack brought against by the RIAA or MPAA to prevent piracy among music, movies, and software. Not to mention, the leaked MediaDefender email from September 2007 that wanted to launch attacks against sites like The Pirate Bay, and bring about fake files and DoS attacks.
Luckily, the change to the host file brought about by the Trojan is easy to fix, simply by manually editing the host file to remove the added entries will fix the problem.
The thing they did is illegal. Injecting a Trojan in a server is illegal by law, isn't it? How do they dare speak about illegality of torrent sites (though most reside in countries which doing that activity is legal)?
That's what I thought when I first read this. If it is indeed the RIAA or MPAA, then unless it is cleared by Microsoft, I guess this would be considered damage of property and invasion of privacy. Unfortunately, it would be impossible to prove unless we somehow got the original IP of the seeder. Of course, then there would probably be a proxy, and that lowers the chances of finding them even moe...
Who would hit a torrent site? The usual hackers use these kind of sites for their needs, I doubt they would hack TPB or any other.
It's clearly someone who hates or has a grudge against them. Which leads mostly to RIAA or MPAA. I'd bet anything it was them, they watch around these sites everyday and track IPs of people on several torrents... but these kind of job must have fed them up so they try to make people not use the site anymore because of a Trojan.
Really, who else would write a Trojan such as this? Unless... it's meant to make people mad at the RIAA & MPAA. Oh God, this could be a false flag attack! AAAAAAAAAAAHHHHHHH!
I'm pretty sure one of the the MPAA members holds the copyrights to "Who's the Boss" already, so they could probably watch it any time they want.
Well when the RIAA try to sue you for $150,000 for every song you download, they are pretty much villians. They tried to sue allofmp3.com for $1.65 trillion!!! And not surprisingly, RIAA lost.
What? Are you serial? This can't be true, songs cost < 1$ a piece.
"Emotional" damages can be any made up number in their eyes.
We never talk about heroes or villains because neither RIAA or MPAA does. They always talk about the law. And according to law, torrent sites are LEGAL, but the cocky RIAA and MPAA say they're not.
In this case, torrent sites can be considered heroes.
RIAA/MPAA needs to things like this more on a bigger scale to win the battle against theft
Like rape is a way to protect virginity?
Yeah, but they didn't hide the trojan all that legal stuff, they hid it in a keygen. Let's be serious here: almost everyone who downloads a keygen is downloading it for the purpose of pirating software.
You can see the pics here: http://www.elnortero.cl/admin/render/noticia/18164
the SGAE (again RIAA or MPAA on spain) is being investigated for fiscal fraud, and espionage to key ppl who stands agains SGAE.
and now, this trojan. Hypocrisy at is best..
Last edited by nhozemphtekh on 05 Jan 2009 - 23:25
But on the other side if this is the MPAA or RIAA then it is pretty pathetic..
Don't know who outside of the two would achually target a download site.. unless its some religious thing saying stealing is wrong.
Garnett
You are right about the keygen bit though. That's like going and stealing someones stash of drugs. What are they going to do, tell on you. It may be war, but you would never be able to get anything on them without telling on yourself also.
PROTIP: Don't trust EXEs, use VMware or Sandboxie.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.