The irony is that by adding these 82 pirate sites to the hosts file and having this action publicized, the malware writers are inadvertently promoting a list of 82 sites where users can download pirated software.
I would take that as a list of 82 sites to avoid when looking for pirated software.
It's mainly a list of pirate bay sites and proxies. Why would their inclusion in this blocklist be a reason to avoid them?
That list of URLs is the torrent tracker equivalent of blog spam. It contains none of the big private trackers that are trivial to join or the big public ones like rutracker or rarbg
There's an entire wikipedia article listing them! [1]
[1] https://en.wikipedia.org/wiki/Comparison_of_BitTorrent_sites
>Padding it out with racist slurs told me all I needed to know about its creator.
Clearly that is the intent. These companies have no shame. Remember Sony's response to their rootkit being discovered? https://en.m.wikipedia.org/wiki/Sony_BMG_copy_protection_roo...
Iām not seeing the connection between Sony and racial slurs. In fact, especially without knowing what racial slur this is, it tells me very little about the creators intent.
They are saying the slurs could be intended to throw you off of the corporate scent and should be discarded as any evidence one way or the other who commissioned the creation.
It seems like most people are saying that all evidence found and all evidence not found should be interpreted to prove Sony or the MPAA or whoever is responsible. Evidence they didn't is fake and proof they did. Absence of evidence is proof of a coverup.
The point is Sony continued to deny the existence of the rootkit for years, despite overwhelming evidence. If this malware was commissioned by the MPAA or something, I think they would have no issue with telling whatever morally dubious firm they hired to make it look like it came from stereotypical hacker types. They know that security blogs love to make conclusions on the origins of malware based on strings that could be trivially obscured.
> These companies have no shame.
Do you think this was backed by companies? It seems reasonable to suspect it, but itās a issue radioactive now so wonāt be easy to find out.
If it was backed by companies, it would probably be funded by a 'trade group' funded by the companies, to have three layers of indirection to protect themselves.
The fraud on the FCC's public comment process is an object lesson. The fraud itself (fake FCC comments under false and stolen identities) was committed by social media consultants with names like "Fluent"*, "Opt-Intelligence", and "React2Media". They were in turn hired by the trade group "Broadband for America", with contractual language that keeps BfA at arms length from the crimes. BfA in turn is a separate entity from the large ISP's that fund and direct it -- the biggest ones being Comcast, Charter, and AT&T. Two levels of indirection.
*(Unrelated to the CFD software, obviously)
This was the stuff the New York AG investigation unraveled:
https://ag.ny.gov/press-release/2021/attorney-general-james-...
https://arstechnica.com/tech-policy/2021/05/biggest-isps-pai...
(From Ars: "With broadband companies having used third-party vendors to conduct the campaign, the AG said it found no evidence that ISPs themselves "had direct knowledge" of the fraudulent behavior.")
>Do you think this was backed by companies?
Frankly I'd be shocked if it wasn't.
There are all kinds of crazy people out there. There could easily be somebody with a burning desire to fight IP piracy.
I think it was commissioned by a company and written by a teen or twentysomething jerk. Raising hackles by throwing N-words around is a favorite pastime of young assholes. Don't think that because 4chan cracked down on that sort of thing that it doesn't still go on in certain communities.
4chan might've cracked down on the racism, like, a decade ago, in the moot era. Have you been there lately? /pol/ took over and basically homogenized every board.
>told me all I needed to know about its creator
On the contrary, it makes one curious. Is it an attempt to ensnare the victim into heightened surveillance and suspicion (and hence higher likelihood of coming to harm) from governments, based on the assumption that their own malware uses these keywords to scan for targets? Or perhaps it creates some other kind of liability for the victim.
Perhaps an attempt at connecting anti piracy with racism?
It seems very strange.
Isn't that reaching for four dimensional chess? Does anyone actually play four dimensional chess?
lmfao. Imagine being good enough to code malware that does this and wasting your efforts on something like this.
Look, if you have skills like these, you're special. Don't fucking waste it on building malware for corporate asshats.
It doesn't sound like particulary clever malware to me. It sends a filename to some logging service, then opens the windows hosts file and adds some lines to it. And it's only run because the downloader thinks it's some pirated software or keygen.
Not to say there aren't some folks wasting time on more clever malware.
This is definitely no Stuxnet or even remotely close. In fact, it's not even a very new strategy, themes of this have been done several times to varying degrees of sophistication.
That's what I mean. The bar is pretty low, and yet someone chose to go even lower.
These skills are not that special. As far as I understand it, there are no exploits being used and editing the hosts file is not particularly hard. I expect that the executable is voluntary run by the user, since the user expects to run a real application/installer anyways.
>These skills are not that special.
If you can do this, you can learn more advanced stuff. Society has bigger problems than getting some free software, and it's not just a lesser problem - it's scraping the bottom of the barrel of justice.
If someone needed to write this to pay bills, I get it, but they should immediately take this and use it to get a better job.
I'm going to agree with the others here, this doesn't sound very complicated at all. This is week 1/2 of many programming courses: basic network request, write to a file and fill your app with a bunch of text. For many languages, this is often their intro tutorial. I wouldn't use this as an example that the person can do more advanced stuff.
But I do agree with your sentiment, people doing things like this should apply their talents to better causes.
I think GOBBLES pioneered this technique in like 1992 A.D. with their āHydraā. Iirc it was claimed to exploit (jinglebellz.c) .mp3 players on behalf of the RIAA and to spread through file sharing networks. https://www.theregister.com/2003/01/14/is_the_riaa_hacking_y...
Better that they sell their souls to corporates the usual way.
Violating people's computers directly isn't better in any way shape of form.
I think pirating is like cheating in relationships. The society should discourage it, but to criminalize it is much worse than just to let it happen. Yes, the solution is possibly not stable or consistent, yet adhering to either side of consistent moral principles is arguably worse.
Many people do both, sometimes in a weird, selective way. I know I do, I pirate a lot, yet if I really care about something (or it's harder to obtain, which is kind of equalizing authors' profits), I will buy it.
I pirate things that have oppressive DRM that makes people who purchase the software have to jump through unnecessary hoops. I've had 3,000 dollar software not work when I needed it because some license server was down somewhere.
Because of movie piracy, Hollywood is currently a deserted wasteland. And because of video game piracy, nobody makes any of those any more. Also I heard Google is not giving Microsoft any money for their operating systems.
Wait, only the last one is true. It's almost as if intellectual schmoperty violations is not a real problem.
Thatās an interesting analogy. Legally, copyright infringement is treated much the same as trespassing on property. And in societies that viewed wives as property they did make it a criminal offence.
Are people still pirating software? Apart from kids trying out software, people from countries where the product is not officially available or is exhorbitantly priced as compared to their purchasing power, I doubt there is a reason to pirate. Most tools have alternatives available or an easy on the pocket subscription plan (Adobe is an exception, subscription plans should not come with a lock-in, no matter how you justify it).
Adobe products are really the only software I advocate pirating. Thereās a lot of great software out there and we should pay for it, but some companies have just turned to greed and screwing over customers.
Pirating Adobe tools = training people in their usage. Their job will then pay for Adobe, as they already know it. If you want to hurt Adobe, advocate not pirating them and point users to alternatives
Most people aren't interested in enacting karmic justice when they pirate Adobe software for personal reasons they just want to have access to the best in class software while avoiding the relatively high cost for something that isn't generating their paycheck at the time.
Yup. Never pirate. Use alternatives.
There are cheaper alternatives, such as Affinity Designer, Sketch, etc, depending on your use case. As others have mentioned, even if you pirate adobe, by using their products you reinforce the influence adobe has.
Now as far as I know, there aren't any -good- film editing alternatives that are free. I have tried a fair few open source alternatives and they are pitiful compared to adobe premiere. So while I can't recommend pirating, if you're a film student... I can understand it. It's how the industry is, sadly.
> there aren't any -good- film editing alternatives that are free
I've only used it for fairly basic work, but DaVinci Resolve[1] seems pretty good. Not open source, but the free version is licenced for commercial use and AFAICT it seems to have a fairly complete feature set. I suspect it would be sufficient for many use cases.
[1] https://www.blackmagicdesign.com/uk/products/davinciresolve/...
Just the other day, I was talking about the difficulty of monetizing an app I wanted to build with my partner. We agreed that the app had an extremely small target audience - university types for whom the app would provide hundreds of dollars of value a year (paid out of their grants, not their salary). The problem is that absolutely no one pays >= $100 for a phone app.
Adobe was in the same situation years ago. It provided products generating thousands of dollars in value a year for professionals and the corporate world. Photoshop CS6 cost $700, the version of it for "students" $250. This put it well out of the budget range of most ordinary people. Photoshop was built for a relatively small target audience. You might argue that piracy was the normal, expected solution to this. The "real" customers were supposed to pay for it. Either way, this generated a lot of ill will toward Adobe and turned pirating Photoshop into a bit of a meme.
That changed when Adobe realized you could nickle and dime people out of the same amount of money in the long run. The photography subscription (Photoshop + Lightroom) costs $720 over six years. Given that Adobe offered upgrade promotions (e.g. CS5 to CS6) for about half off, it's roughly the same price as it was before. This approach makes it much more palatable to the average consumer (for the same reason that people are willing to buy sofas on payment plans). The only people this pisses off are a handful of hardcore users who expect to "own" all the software they use, but probably not the corporate world which is used to paying subscriptions. It almost certainly makes them far more money through making the software available to those who can't (or won't) pay the one-time price.
> The photography subscription (Photoshop + Lightroom) costs $720 over six years. Given that Adobe offered upgrade promotions (e.g. CS5 to CS6) for about half off, it's roughly the same price as it was before.
Very interesting analysis. I was inclined to doubt it so I checked and you are absolutely right: Adobe does indeed have a Photoshop + Lightroom bundle [0] that costs ~$10/month or $119.88/yr, such that it comes to $720 over a six-year period.
[0] https://www.adobe.com/products/photoshop-lightroom/pricing-i...
You think nickel and diming people causes less ill will from ordinary people than a high price that nobody expects you to pay?
> The only people this pisses off are a handful of hardcore users who expect to "own" all the software they use
Also the people that want to be able to access their files forever. Not only when people chose to stop paying, Adobe won't even let people pay for some of the old versions of their subscription software. Hope it imports into the new version correctly!
I'm looking at Presonus Sphere, and at $15/month it doesn't seem like nickel-and-diming to me. What it seems like is a chance to make sure some pretty expensive software works for me, and to stay current with everything, for as long as I feel like using it.
> or is exhorbitantly priced as compared to their purchasing power, I doubt there is a reason to pirate.
I don't think it's an overstatement to say that hundreds of millions of people can't afford an 80 EUR/USD game.
Then don't buy it.
Right now, I can't afford to buy a classic '60s gibson guitar. That doesn't give me the license to go out and steal one, -because I want one-.
If modern AAA games are too much at $80, then don't buy them. There are significantly cheaper alternatives on PC, as well as the possibility of waiting for deals or buying used. High prices don't justify pirating.
A better analogy would be making yourself an exact duplicate of a Gibson guitar, at home with a 3D printer. I'm not sure that should be illegal, at least if you take the trademark off it.
If you steal a '60s gibson guitar because you can't afford it the world is out 1 gibson's guitar worth of value. If you pirate a piece of software you couldn't afford the world is out nothing and you're up whatever value it can create for you.
Pirating software you can afford is a different equation (still not as bad as the theft of a physical item) but not what is being discussed.
It the people truly can't afford the games (and wouldn't buy them at all if they didn't have the option to pirate), is there really any harm from their piracy?
Steam has it mostly figured out, though. Look at SteamDB at international prices and you'll discover that prices in Brazil or Russia are often a fraction of the US/EU price. Turns out selling the game for dirt cheap makes more money than not selling it.
Just to clarify, I am not advocating piracy. Never pirate. It is a shitty thing to do. Use alternatives or save up and buy the tool that will help your career.
I pirate everything. Honestly, the only things I don't pirate are like 1-2 games a year that me and some friends end up playing together. For software I generally just run whatever FOSS thing I can find, and in the case of movies and music I have never spent a cent on them in my life. I've been pirating since I started using a computer.
The same rich people trying to sell predatory subscriptions and vendor lock-in are the same ones trying to raise my rent and food bill every year, so I have no incentive to give them money for pointless entertainment on top of that.
It's not as if you're obligated to buy their products, therefore need to find a less expensive workaround. If you don't like the people producing them and think they're overpriced, play dwarf fortress or watch TV. There are some obviously valid reasons for pirating, but I don't understand this sense of entitlement.
TV aint free. Worst yet if the Funimation and others fully got their way with the claims they do I would not be able to watch the shows I did in Japan here in Europe. Not because funimation is showing them here and I dont want to pay for them but cause they own the US rights and will take down any online source with no european broadcaster sending them out.
Funny how you try to justify it. I also pirate, but I know I'm a thieving cheap bastard...
Many people have pirated; includes myself when I was a teenager in developing country. I don't pirate now as its worth neither risk nor time but I can't claim some weird moral high ground - it's a complex issue with nuances and circumstances.
But I still find it intriguing when I see rambling half baked internally self-contradictory attempts at moral justification - do you believe what you said there? Do you even know what you said there? Cause I'm having a hard time following - Food has inflation therefore I'll pirate movies even though they're pointless, and this is just and right?
It takes minimal amount of empathy and observation to notice hard work talented creative people put into "pointless entertainment", so just like I don't buy the notion that every pirate is evil sociopathic villain, so I don't buy notion that watching entertainment for free is inherent right and creators don't deserve any compensation ever. If anything, this type of incoherence and self righteousness feeds exactly the stereotype mpaa / riaa try to portray...
I agree, but would it be agreeable and right if one was to have a free but lower quality version (smaller screen, shortened game, program with fewer options) allowing eyeballs and consumers to best gauge a products quality and thereby validate paying for integral or physical product (licenced/dvd/etc) rather than have a moralistic black and white view (generally held) of pirating bad , paying good (I certainly don't mean you in this case and am just trying to point to a middle way..
You realize that actual people work on those things that you pirate, right? That those people also need to get paid so they can have food on the table? It's one thing to not buy any media at all, but it's contradictory to enjoy media produced by people and then not want to pay them. Their work isn't less valuable because it's related to media production instead of engineering or whatever.
The problem with this argument is that most large studios treat their workforce like trash. Any surplus profit they make is going to the executives and shareholders. The developers will be used up and discarded regardless.
It's also funny that you're upset about the guy pirating software (lifetime economic impact in 10s of thousands of dollars) but not the games publishers themselves who regularly dodge taxes - in some cases paying effectively negative tax rates[1] (lifetime impacts in the 10ss of millions of dollars if not more).
[1] https://www.fanbyte.com/news/americans-paid-activision-blizz...
"If I don't have to pay for it then their work was objectively unproductive. It's an inherent failure of market economics"
I feel I'm reading Deepak Chopra - individual words are fine and you'd swear sentence should make sense... But it doesn't, no matter how many times you read it.
Not paying for something makes it unproductive? And you don't feel there are easy trivial immediate counter-examples for your axiom with big-boy words?
> You realize that actual people work on those things that you pirate, right?
I don't care.
> Their work isn't less valuable because it's related to media production instead of engineering or whatever.
If I don't have to pay for it then their work was objectively unproductive. It's an inherent failure of market economics.
The main take away I get from this is ..a list of torrent sites.
All of them are honeypots nowadays though
These reports are so misleading. This is junk malware uploaded on VirusTotal, not something seen in the wild.
My friend did catch it (or a similar virus), so it can be seen in the wild indeed
No it's not me, I don't even play games that much
Is there a prediction market going for whether the MPAA is eventually found to be behind this?
"When viewed through a hex editor, the executables also contain a racial epithet thatās repeated more than 1,000 times followed by a large, randomly sized block of alphabetical characters."
Seems like it wouldn't be a good look for them if so.
Has the MPAA ever been particularly prone to acting ethically? Throwing in some slurs to throw people off their trail seems very much like something they would do.
The MPAA itself has been accused of copyright infringement on multiple occasions. In 2007, the creator of a blogging platform called Forest Blog accused the MPAA of violating the license for the platform, which required that users link back to the Forest Blog website. The MPAA had used the platform for its own blog, but without linking back to the Forest Blog website. The MPAA subsequently took the blog offline, and explained that the software had been used on a test basis and the blog had never been publicized.[121][122]
Also in 2007, the MPAA released a software toolkit for universities to help identify cases of file sharing on campus. The software used parts of the Ubuntu Linux distribution, released under the General Public License, which stipulates that the source code of any projects using the distribution be made available to third parties. The source code for the MPAA's toolkit, however, was not made available. When the MPAA was made aware of the violation, the software toolkit was removed from their website.[123]
In 2006, the MPAA admitted having made illegal copies of This Film Is Not Yet Rated (a documentary exploring the MPAA itself and the history of its rating system)[124] ā an act which Ars Technica explicitly described as hypocrisy[125] and which Roger Ebert called "rich irony".[126]
Could also be a rival torrent site? I havenāt seen the full altered hosts file, but from the screenshots it would appear only TPB/proxies are listed. I can see a lot of people finding that they canāt access TPB and thinking, oh, Iāll use (e.g:) 1337x instead.
They are more interested in movies, I think.
Get a daily email with the the top stories from Hacker News. No spam, unsubscribe at any time.