Check this out.. - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 08-11-2005, 09:55 PM   #1 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Check this out..

RIAA either wrote this or had it written and distributed it. Ever heard of it?

Sophos virus analysis: W32/Nopir-B
W32/Nopir-B is a worm for the Windows platform.

W32/Nopir-B will display an anti-piracy image on the screen when run. The worm will then delete all COM and MP3 files from the computer. The worm will also disable taskmanager, registry tools, and access to the control panel. W32/Nopir-B will also check for debuggers and may attempt to disable any such software that it finds.

Experts at SophosLabs™, Sophos's global network of virus and spam analysis centres, have discovered a worm which has taken the law into its own hands against internet music pirates.

The W32/Nopir-B worm, which appears to have originated in France, spreads via peer-to-peer file-sharing systems posing as a hacked utility to make copies of commercial DVDs. However, in reality it displays an anti-piracy graphic, and attempts to delete all MP3 music files, disable various system utilities, and wipe .COM programs on the infected PC.




"The internet is swamped with people pirating movies and music, costing the entertainment industry millions each year. The Nopir-B worm targets people it believes may be involved in piracy, but fails to discriminate between the true criminals and those who may have MP3 files they have created themselves," said Graham Cluley, senior technology consultant for Sophos. "Whichever side of the fence you come down on in regards to internet piracy, there's no debate about the criminal nature of this worm - designed to inflict malicious damage on people's Windows computers."

Internet pirates who have illegally distributed music files, movies and TV shows have been in the news recently as ISPs have been ordered in a number of cases to provide identitifying details of those individuals responsible so prosecutions can be brought against them. Last month, a Canadian man lost his job after it was found he had leaked the first episode of the eagerly anticipated BBC science fiction series "Doctor Who" onto the internet three weeks before its official broadcast.

Although there have only been a small reports of the worm, Sophos recommends computer users ensure their anti-virus software is up-to-date, and that companies protect themselves with a consolidated solution which can defend them from the threats of both spam and viruses.
__________________

__________________
Osiris is offline  
Old 08-11-2005, 10:20 PM   #2 (permalink)
Member (again)
 
macdude425's Avatar
 
Join Date: Jan 2005
Location: Raul's Wild Kingdom...How 'bout that, huh?
Posts: 4,202
Send a message via AIM to macdude425 Send a message via Yahoo to macdude425
Default

HAHA...vigilante RIAA'ers...what is the world coming to...
__________________

__________________



Debian Support Forums!
macdude425 is offline  
Old 08-11-2005, 10:36 PM   #3 (permalink)
Wizard Techie
 
Join Date: Jun 2005
Posts: 3,339
Default

Hahaha I think Warez just got the virus. I will say this as much as I hate piracy I did not design this worm.

But I fully support some of it's features besides the controll panal and the registry. I hope that no anti virus company will add this gem to it's definition file. About time a virus writer did something usefull.
__________________
<form action=\"http://www.srsyo.org/tfsearch.php\" method=\"get\">
<input type=\"text\" name=\"search\"> <input type=\"submit\" name=\"submit\" value=\"Search TF before you post!\"></form>
Vista Discussion | 64 Bit Discussion |Microsoft Homepage | Yo Linux | Paul Thurrott | Fire Fox | Thunder Bird | Image Shack | Photo Bucket | Put File | Anti-Spyware | MS Anti-Spyware | Trillian | Anti-Virus | On Line Virus Scan
Tyler1989 is offline  
Old 08-11-2005, 10:37 PM   #4 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

No, I didnt get a virus...I was reading the news and found out about it...
__________________
Osiris is offline  
Old 08-11-2005, 10:40 PM   #5 (permalink)
Wizard Techie
 
Join Date: Jun 2005
Posts: 3,339
Default

A moral virus

Is there a download link
Is it legal to "distribute"
__________________
<form action=\"http://www.srsyo.org/tfsearch.php\" method=\"get\">
<input type=\"text\" name=\"search\"> <input type=\"submit\" name=\"submit\" value=\"Search TF before you post!\"></form>
Vista Discussion | 64 Bit Discussion |Microsoft Homepage | Yo Linux | Paul Thurrott | Fire Fox | Thunder Bird | Image Shack | Photo Bucket | Put File | Anti-Spyware | MS Anti-Spyware | Trillian | Anti-Virus | On Line Virus Scan
Tyler1989 is offline  
Old 08-11-2005, 10:42 PM   #6 (permalink)
Super Techie
 
Join Date: May 2005
Posts: 479
Default Re: Check this out..

Quote:
Originally posted by Warez Monster
Although there have only been a small reports of the worm, Sophos recommends computer users ensure their anti-virus software is up-to-date, and that companies protect themselves with a consolidated solution which can defend them from the threats of both spam and viruses.
I read this to mean that most anti-virus company see this as a virus, therefore they will stop it.. Why would RIAA ever build something like this when they know that legitimate anti-virus software will stop it?!

it's prob just someone who's bored with making normal viruses and made a toy..
__________________
lisp hacker :D
running: FreeBSD 5.4 - still learning :D
develop with: SBCL + emacs for lisp, Anjuta IDE +gcc for c, SPE for python..
browse with: opera
furtivefelon is offline  
Old 08-11-2005, 10:45 PM   #7 (permalink)
Wizard Techie
 
Join Date: Jun 2005
Posts: 3,339
Default

LMAO I love this toy.
__________________
<form action=\"http://www.srsyo.org/tfsearch.php\" method=\"get\">
<input type=\"text\" name=\"search\"> <input type=\"submit\" name=\"submit\" value=\"Search TF before you post!\"></form>
Vista Discussion | 64 Bit Discussion |Microsoft Homepage | Yo Linux | Paul Thurrott | Fire Fox | Thunder Bird | Image Shack | Photo Bucket | Put File | Anti-Spyware | MS Anti-Spyware | Trillian | Anti-Virus | On Line Virus Scan
Tyler1989 is offline  
Old 08-11-2005, 10:53 PM   #8 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

That it is aimed at music pirates is not in doubt, as when the worm-carried program is run it displays an image on the infected computer with an anti-piracy message. It then deletes all MP3 files it finds, along with files with a “.com” extension. Of course the key here is “all MP3 files", again, legitimate or not.

It also affects a user’s ability to access taskmanager, registry tools, and the control panel, making it nearly impossible to stop and remove once a system is infected.

Suggestions that this worm has been unleashed by the RIAA seem to be unfounded, although there was discussion several months ago that a certain consultant to the RIAA had been paid to create just such a software program.

As always, the best way to protect yourself is to make sure that your anti-virus software is working, and that its definitions are up-to-date.
__________________
Osiris is offline  
Old 08-11-2005, 11:03 PM   #9 (permalink)
Wizard Techie
 
Join Date: Jun 2005
Posts: 3,339
Default

Yeah I know I'm must a bit amused at the thought of a moral virus for once. I hope that the code goes open source to the underground virus community and then a Nopir-C can be made that only destroys the mp3 and other commonly pirated file extensions. Ligit or not it's still worth it since it only spreads in P2P networks so almost all is not ligit. after all if it was ligit you wouldn't be on a P2P network.
__________________
<form action=\"http://www.srsyo.org/tfsearch.php\" method=\"get\">
<input type=\"text\" name=\"search\"> <input type=\"submit\" name=\"submit\" value=\"Search TF before you post!\"></form>
Vista Discussion | 64 Bit Discussion |Microsoft Homepage | Yo Linux | Paul Thurrott | Fire Fox | Thunder Bird | Image Shack | Photo Bucket | Put File | Anti-Spyware | MS Anti-Spyware | Trillian | Anti-Virus | On Line Virus Scan
Tyler1989 is offline  
Old 08-12-2005, 12:37 AM   #10 (permalink)
Junior Techie
 
Join Date: Aug 2005
Posts: 51
Send a message via AIM to code28
Default

that's a new one.. an anti-piracy virus.. somethin' new everyday..
__________________

__________________

Windows XP Pro (SP2) | Intel P4 3.4GHz | HT | 20" UltraSharp LCD 2007FP
3GB DDR2 (533 MHz) | 256MB ATi Radeon x800 PCI-E | Audigy 2 ZS | Logitech G5
Creative Inspire 5.1 5300 | EluminX S202-12 | Saitek x45 Flight Control System


http://www.userbars.net/userbars/computers/dell.png
code28 is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 10:37 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.