A Revolution is the Solution
Nice job paperghost. Great find.
Gimme the hammer and I'll drive the nail in for you 
Thanks for the mention, pg.
And holy crap that is one ugly infection. Are you telling me that out of all those 175MBs not even 1 BIT of it has anything to do with Family Guy?? How can an install for trojans get anywhere near that size?!
Payback may not be had, but I'm sure everyone would like to know more about these nasties and hunt'em down.
That's our Ghost! Relentless and tenacious...always gets the baddie! 
I did one of these setups under a limited account. It was attempting to install Aurora, then failed altogether, and presented me with the extraction wizard.
Little correction, boss. I think Metrix Marketing aren't the ones at fault here. I believe we're looking for the ones who are actually called Marketing Metrix Group. Go ahead and google that exact phrase and see what comes up. Or here:
http://www.marketingmetrixgroup.com/
Nice find! They do look a lot more like the most likely culprits. Those other guys just didn't look right..
lol PG, you never fail to impress.... and boy have you!.
Certainly changed my mind about opening a BT distribution channel.
Cheers
I'm pretty sure our friends at MMG are also spreading this junk through other P2P channels such as eDonkey, but it's easier to find them via BitTorrent since most BT sites also have forums where people quickly post warnings about them.
Oh, and by the way, has MMG licensed this content from the copyright holder? Seems unlikely.
Hi Dave - I agree, its highly unlikely much (if any) has been licenced.
> Oh, and by the way, has MMG licensed this content from the copyright holder?
Ding! Ding!
Now who'd like the honour of telling Fox about these guys?
Incidentally pg, where does the executable come from if the downloaded file is a .rar? Is it a rar containing another self-extracting archive? (ugh)
[Sidenote]
Good to see your still around Andrew
[/Sidenote]
I wouldn't mind giving them a quiet tinkle
I also wonder how on earth DR (or anyone else for that matter) would ensure that these guys were actually providing links to their licence agreements. from the sounds of it, there may be a few of thse installs out there that don't ive anything out. Andrew, you guessed right - all the goodies come spilling out after you open the wrapping paper
PG,
Great find and great research.
You never cease to amaze what you come up with.
Keep up the good work..
Tank863
Why the hell would you be running an INSTALLER after you download a VIDEO file? Doesn't that seem little suspicious?
"Oh, here's my Family Guy download, there it is, FamilyGuy.exe.bin.vbs.com. I'll just run this, click accept a few times, and all is well"
I agree with wtf - a lack of common sense will get this type stuff on a user's computer whether they only get online for email or they're attempting to emulate Blockbuster.
Haha their website got H4x0r3D
http://www.marketingmetrixgroup.com/
Heh, I tried to go to that dude's IRC channel to give him due props but it didn't exist.
I'm still waiting to hear how he got an install screen from running a video file.
Sounds like he's one of those guys who has extensions for known file types turned off and after he un'rar'd the file he ran the file titled 'family_guy.exe' when all he could see was 'family_guy'
"I also wonder how on earth DR (or anyone else for that matter) would ensure that these guys were actually providing links to their licence agreements."
I wonder how on a Earth anyone who operates a security site could miss the fact that video files aren't supposed to end in ".exe".
What I want to know is...what are the copyright infringement ramifications if an adware company is distributing a copyrighted file (movie, tv show, whatever) after attaching their spyware?
BIG TIP (since no one has mentioned this)...
Can someone please remind the community that programs like winrar and maybe others can harmlessly unzip these files without the installation? The family guy rip is probably there, you just need to unzip it. Can someone also notify Nullsoft to see if they have a way of dealing with this issue since its their NSIS open source installer that the adware wankers are using to spread malware?
Whee,
Steve
oops (it was mentioned in the article... I'm dumb)
Steve
Gee, maybe the guy who runs the security site was only opening the file *to study the spyware*?
That's a radical concept!
"I wonder how on a Earth anyone who operates a security site could miss the fact that video files aren't supposed to end in ".exe".
Er, hello? I'm running you through the install process. How on earth can you write about a spyware install unless you put it through its paces? Thats how this stuff gets on systems in the first place. And before you see the videofile, the package is unzipped initially as an .EXE. The licence agreement tries to make you think you need to agree to the bundle in the .exe, when in fact if you leave it for a while...
"Can someone please remind the community that programs like winrar and maybe others can harmlessly unzip these files without the installation? The family guy rip is probably there, you just need to unzip it."
...I already mentioned that the family guy file is there, and you can run it safely by declining the licence agreement a few times. Quote:
"In addition, nowhere does it mention that you don't have to agree to the above adware in order to run the desired media file. Cancelling the above agreement will bring it up a few more times, until eventually a WinRAR self-extractor will appear, allowing you to watch your film / program / whatever."
Don't worry, Paperghost, the non-idiots here who read your whole article understand what you said.
Daaaaaa, reading full article are good understanding for me!
"...thats how this stuff gets on systems in the first place. And before you see the videofile, the package is unzipped initially as an .EXE."
Then what makes this news, exactly? .EXE files can contain spyware?
How is this at all related to bittorrent? This has been going on forever on every platform available.
" and you can run it safely by declining the licence agreement a few times"
How do you know it didn't already install spyware, or a trojan, the second you opened it?
I think "it's safe if you don't click Accept!" is bad, bad advice.
Sorry, I really don't mean to flame, it's just I spent all this time reading multiple articles about it trying to figure out what this new threat is, and either:
1) I'm completely missing the point
or
2) This is blindingly obvious and never should have been posted
So you downloaded a video file got an .exe and decided to run it to check it out.
Well duh.
First mistake was looking at the .exe and not saying oops I thought I was downloading a video.
Additionally this has nothing to do with bittorrent.
This has been happing on ftp, http, p2p and any file transimision protocol ever used.
1) the family guy install has been tested innumerable times on a locked down test box that monitors everything from registry changes to new files dropped both before and after any action takes place on the system. The only way you get something on board from the family guy install i possess is if you click "yes" to the licence agreement.
2) This is news because we (security researchers, those in the antispyware industry) now have an idea as to why so many people have Aurora on their system but never an infective URL in their history logs to show for it. The main source has apparently been P2P, BT and other places.
3) This relates to Bittorrent because this is where these MMG files are currently doing the rounds in the most obvious manner. Theyre also floating round in Edonkey land too.
4) Every write up and examination of a piece of adware begins with "we found this, and this is what happens when you're foolish enough to click this".
If a bunch of people who might have succumbed and hit "yes" will now hit "no", then job done. Its a few less people asking for help on already swamped security forums.
You're sending the wrong message.
You're saying "be careful with those unknown executables, they could cause minor annoyances", and getting worked up about it. That makes people think that's the worst that can happen.
Why worry about some marketing software when you just opened the door to complete ownage.
Looks like someone doesn't like Marketing Metrix messing with their torrents. The site has been defaced.
Don't drink and drive, you might spill your beer.
"You're sending the wrong message.
You're saying "be careful with those unknown executables, they could cause minor annoyances", and getting worked up about it. That makes people think that's the worst that can happen."
I find this rather odd - you're saying to not actually mention any types of install floating around that can potentially kill someone's machine if they're not careful? If that's true, then there's no point having any sites that break security information. I don't see how a wall of silence helps anyone, least of all the poor soul who has the misfortune to have something like that on their PC.
"Why worry about some marketing software when you just opened the door to complete ownage."
Again, I don't follow. What ownage? Who's getting owned? I happily broke a story about hacked Apache boxes infecting Windows PCs with an IFRAME infection technique, a java app that worked across all browsers and a gigantic botnet helping redirect people to a raft of 180 Solutions installs. All those stories helped make some major shakeups in areas that needed them, and if this does anything like the same, then so be it. I don't see the problem. Security through obscurity doesn't work. Full disclosure is your friend
My point is an exe could format your hard drive, send porn to your grandma, spam the FBI, and number of awful evil things. A little spyware is like gnats on a hot day.
I agree, however Slotch, Bullseye Network, 180 Search Assistant, Powerscan, SideFind, Search Miracle,YourSiteBar, Ceres / Aurora is NOT a "little spyware". Thats a big enough payload to cripple a PC, especially when you consider that Aurora on its OWN can suddenly ramp up its usage to 100%.
Everything else on top is a "bonus".
Anyway, this is a site that mainly focusses on adware installs and the companies behind them. So its fair to say that that's what you're going to find here. Its like saying you went to a site about horses and complained that they had too many horses on show
You're right on that. I thought this was a general security site until a read your posts. So I see how it's relevant here, I should be pissed at whoever posted it on slashdot.
maybe if you didnt download illegal copies of movies you wouldnt have this problem
Ahhh...Slashdot. Been on there before. NOW it makes sense. I wondered where all the comments were coming from all of a sudden
Another comment on the file type. Archives on p2p are BAAAAAAAAAAAAAAAD. Infact, I always check the torrent details to make sure I'm not downloading a .rar or a bunch of .rars. I really don't see the point of compressing stuff for BT release. Ok, maybe you should run your 4 dvd linux distro through the compression and make things easier, but it's really not needed.
Vermifax, you have some kind of double-post mega lag going on there.
I think many of your critics are missing the point, PG. The simplest and most general way to warn users is to say "Never run an untrusted .exe. If you download a cartoon and it's a .exe, delete it and go find one that's a .avi or .mpg." But PG is writing for security pros-- and for them, every new variation on the theme of delivering a hostile .exe is news.
winmx has spyware?
I think wtf has the same problem with this as I do. Paperghost's examination of the installer and reporting about it seems ok (except perhaps there should have been a short explanation about the double RAR container structure and how it would seem alarming for typical users in the first place).
However, the beef BT filetraders have is with eWeek and similar media which tend to report this as "Spyware Floods In Through BitTorrent" (the actual eWeek headline) and "P2P is bad mmmkey, in addition to evil copyright infringement costing billions to poor international megaconglomerates, you are also in a high risk of getting a serious spyware infection".
When the actual news should be "First reports of a minor spyware outbreak in BT, fast admin actions have removed most of the offending torrents, only users not following standard safety precautions were in any risk to begin with".
That way, should there ever be a REAL, serious outbreak of malware through BT or P2P, using a BOE or something which leaves the user with no protection from normal safety practices, we will actually LISTEN and not think it's another "cry wolf" story or paid advertising for the content industries willing to haul dirt on filetrading.
Well, problem is, once a story gets picked up and news sources run with it, there's not a great deal you can do abou it. Sad truth is, all news reporters will have an agenda or angle they want to put onto something, and no amount of "hey, what're you doing!!" will change very much after the event. Believe me, I've had this problem before with previous stories that were picked up. It leaves the original news source (myself in this case) in a kind of no mans land, so i either write nothing and let it go, or write something knowing that people will put their own spin on it, and hope that the readers will actually go to the original piece and see it for what it is accordingly.
The good news with the Internet proliferation of news media is that you can do that, to go and check the original source and what it's all about.
However, I used to work in news media and being a specialized publication we tended to follow the Code of Journalistic Ethics which at the time required that all interviewees we given a chance to review the article before publication and submit corrections.
We also had the oblication to actually look at multiple angles and try to establish a dialog with the "experts" representing dissenting views around each issue.
However, it seems that for P2P the mainstream media NEVER asks any P2P users for their opinion, except when the people interviewed were forwarded to the journos from content industry lawyers after securing a "settlement", so that the victims of extortion were able to fulfil the contract by showing repentance and denouncing P2P in public.
Personally, had I been interviewed about this I would have volunteered an assesment about the impact of this on filesharing without even being asked, because it's obvious from previous trend that every news about filesharing end up being tinted with scaremongering. I would want no part in that.
OTOH I understand that as a media reading skill it's necessary to filter all reports from "security researchers", "anti-virus experts", etc. through a soft blend where their assesments about the potential impact is viewed with caution. Nobody wants to report to the media that "I found this new exloit/vulnerability/unsafe practise etc., but it's really NOT a big deal in final analysis". Every person who has done a great deal of work tends to overvalue his/her effort by presenting the largest probable impact of it first and downplaying possible scenarios where the work was mostly in vain. With security research it means that that the worst case scenario gets to be promoted ("this is hardcore", not so much because you need an expert to evade it, but you need an expert to get rid of it afterwards).
Personally I would like to see clear and concise vulnerability reports which try to objectively measure the impact of each identified problem and also present any mitigating factors. We get these for general security vulnerability research, but not so often for adware/spyware research, at least so it seems...
Well, the piece I wrote (in fact, all the pieces) simply focus on Direct Revenue, their Aurora program and how they're running it through bittorrent networks - that's pretty much it. Any angles regarding "the seedy world of P2P" would have been tagged on by others afterwards.
To be fair, the article above only briefly mentions BT, if only to pinpoint the source of the installs, then moves right back to the content of the package and Direct Revenue. If certain aspects of P2P have a bad rep (whether falsely or not), it shouldn't mean every article that discusses something where P2P is mentioned has to become some kind of exclusive exploration of said P2P network / software / philosophy / history / whatever, with the original point of the piece tagged on as an afterthought. Imagine the above article with all of that in - very quickly the original point has been hijacked and I'm no longer talking about DR, Aurora and a new distribution method for it. I'm wringing my hands and begging people not to wail on Bittorrent, whilst forgetting to actually talk about Aurora.
Unfortunately, people will wail on almost all forms of P2P regardless of what you say. That won't stop me from covering installs like the one mentioned if a new type of installer is discovered floating round in some other type of system, nor do I wish to become involved in "BT IS TEH SUCK! NO IT ISN'T! DIE NAPSTER!" and all the rest of it. We all know the potted history of P2P and how "the man" doesn't really like it, but there's no way I'm devoting inches to an already covered subject when there's stuff like the above that needs more column space.
I also don't want the focus of the piece to be anything other than Direct Revenue's install of Aurora in a new place - I'd rather not it gets hijacked in a kind of battle between those for and against P2P. That battle can be fought in plenty of other places.
Paperghost, I was not asking you to write in detail about P2P or BT. I'm talking about the eWeek article which makes spyware on BT a big issue claiming that "According to Chris Boyd, a renowned security researcher who runs the VitalSecurity.org nonprofit resource center, the warm and fuzzy world of BitTorrent has been invaded by a massive software distribution campaign linked to New York-based adware purveyor Direct Revenue LLC." Obviously there is no "invasion" or "massive software distribution campaign". There were a handful of torrents which are already removed from high quality sites, remaining in places which don't keep such a close track on what garbage they post. If this is actually what you said to eWeek, then shame on you.
If they exaggerated what you said, then shame on them.
BT was mentioned 15 times in the eWeek article and they also link there to they report a claim that basically Kazaa is the worst spyware threat of all and that "What we're saying is, it presents a security risk because you're opening your machine and file structures to another 3.5 million peers," etc. very P2P hostile scaremongering.
I do understand (to some extent) your reluctance to discuss the relative dangers between different spyware entry vectors (real exploits and purely social engineering) in your own analysis, forgoing discussion of mitigating factors such as highly suspicious wrong types of containers etc. I guess the explanation that you are reporting things for experts and not clueless users is acceptable (even though there is no mention of this in your main page or a link for users to somewhere where safe downloading practises are explained in detail).
But it's not IMHO acceptable that you allow eWeek for example to make a big deal about BT being involved in this, citing you as their authority, without making sure they mention even in passing that BT is not to blame and actually BT is much safer in this regard than normal web surfing. You are obviously addressing a different audience through eWeek than in your own site (if your defense is that you are writing for experts who know about social engineering).
I said that this was the first dedicated marketing campaign pushing aurora and other programs by major adware companies, as opposed to the handful of random malware / viruses usually found in BT land. I also said a *number* of sites (not the whole of BT / P2P land) were currently swamped with these things and i was helping out some admins where necessary, and that the problem would likely not become "widespread" as the installer was now in the public consiousness and all marketing campaigns have a limited shelf-life anyway.
Again - the main focus of the piece was Direct Revenues installer, and Aurora. Eweek approached me, not the other way around so I can't be accused of writing an article with the intention of putting some kind of "negative spin" on file-sharing or anything similar...it wasn't like it was written with an intention other than to expose what MMG have been pushing lately.
As for the site being aimed at "experts" - I wouldn't agree. I get thousands of visitors every day and have never had anyone accuse me of being "elite" or anything like that - and if anyone wants basic help and advice, the Forum is open 24/7
"currently swamped with these things"?
Really? The admins said to you something to this effect? The way this whole "news" was spread in the P2P community through the usual web sites and forums was as a minor curiosity piece about how the eWeek article casts BT as a horrible source of malware typical of P2P, when everybody knows that malware in BT is almost unheard of, especially when compared to other P2P. If it REALLY was a problem large enough to "swamp" even single BT sites, not to mention one of the major ones, we would have heard about it directly from the users of said sites. For example in Slyck it came as news to several BT users that this is happening at all, not to mention in any extent "large scale" enough to "swamp" entire sites.
"Eweek approached me, not the other way around so I can't be accused of writing an article with the intention of putting some kind of "negative spin" on file-sharing or anything similar"
Did eWeek offer you to proof read their article? Did you ask that? Is it your practise to let news organizations interview you without checking and approving what they are actually going to publish as your statements?
I don't think you can reasonably distance yourself from being quoted as their expert. If you allow them to put negative spin on your statements then you just allow it. The other option is to rescind your agreement to the interview. It's not an interview if they can cherry pick your statements and distort them in ways that you didn't explicitly agree to.
"As for the site being aimed at "experts" - I wouldn't agree."
Ok, sorry, I read that from a comment from someone else. Then how do you address the concerns I raised about not discussing the impact of these social engineering attacks, compared to more serious threats?
Why don't you write a short explanation for the clueless what file extensions are in Windows, how nobody should run executables when they expected media files, how SFX packages can be unpacked without running the embedded installer? Why don't you explain that the threats posed by code exploits and similar automatic schemes are serious, while just unexpected exhortations to install some stuff at the user's explicit discretion are not as bad?
Actually at the moment, really crude, basic attempts to get people to install things they shouldn't is where its at in the adware and malware world. not so long ago there was an issue regarding firefox, rogue xpi's and renegade java applets. i did everything you said i should be doing in that case and - people completely missed the point. so you try something different and - people still completely miss the point.
either way, a large percentage of people will not actually get what the main thrust of your writing is about. This site is what it is, and its articles are there for those that need it. If it gets picked up by the popular press, its up to them to get their head around what its here for. On top of everything else, i don't have time to hand-walk someone through what i do here, or what the ethos / philosophy of the site / reason for its existence is.
its a site about malware, adware and spyware. i write about the latest kinds of installs that take place in all mediums, across all operating systems, across multiple browsers. if its not meant for public consumption on a mass scale, then it should be left to its niche market. its clear that every time an article on this site gets picked up, people then attempt to use it for its own agenda.
compared to the eweek article, some are totally nuts. i just saw the register say how the media files were unlicenced....who confirmed THAT? not me, and MMG havent stated anything one way or the other. So did they get told this? wheres the proof? or, shock horror, was it just assumed?
I saw another piece that mentioned Direct Revenue once, then turned into a four page essay on Kazaa! Where on earth does Kazaa come into any of the pieces written on Aurora?
There's far more "negativity" floating round in those pieces then the Eweek one.
Actually, going back and looking at it, i really don't see the big deal. lets see...the title...Spyware floods in through bittorrent. well, vaguely over the top perhaps but if you base your entire view of an article on the title rather than the content, theres something going wrong somewhere. Titles mean nothing. Nada.
"According to Chris Boyd, a renowned security researcher who runs the VitalSecurity.org nonprofit resource center, the warm and fuzzy world of BitTorrent has been invaded by a massive software distribution campaign linked to New York-based adware purveyor Direct Revenue LLC."
Now, he's not directly quoting me, he's just giving a broad overview of what to expect from the article. What do I actually say that IS quoted?..
"This is the marketing campaign to end all marketing campaigns,"
..and as we've seen from the reaction from MMG, DR and all the others, this clearly was a big, fat hairy deal for them. Nothing bad so far.
"This is the first time I've seen a definite money-making campaign with affiliates, distributors and some pretty heavy-duty adware names,"
Nothing bad there either.
Ran out of space....continued..
"Boyd said BitTorrent was currently "overwhelmed" with multimedia files rigged with adware bundles, adding that the file sizes vary from 3MB to 175MB."
Now, i assume this is the problem. i was clear in saying that specific forums / sites were overrun with this stuff, and i was helping them out. misquoted? mistake? i dont know, but in the grand scheme of things, i dont see that it really matters much. the article as a whole barey touched on BT. it mainly had me saying what Aurora was all about, then had the guy from DR disagreeing with everything i said. i asked lots of people what their impression of that article was after reading it, some of them heavy BT users who would rather (quite literally) die than give up using it. i couldnt get that excited about a piece of software, but anyway...the one thing they all came away with was how the DR guy wailed on me, not that specific sentence. Half of them missed it completely, because they were trying to understand what Aurora was in the first place, who direct revenue was and why i had an "issue" with them.
my impression of the piece was that DR came off smelling somewhat of roses more than anything else, but i got to respond in kind.
And look - we're completely off the topic at hand, which is direct revenue, aurora and MMG. unfortunately most of the news pieces i've seen so far have done the same thing. again - im not interested in everyones "angle" on P2P. i dont care. and yet people are still trying to use these installs as some kind of mass battleground over file sharing!
Also, think about this - the guys bundled in the MMG installer are some of the richest "adware" companies out there. they make millions and millions of dollars in profit. These MMG installers were specifically designed for Bittorrent (for whatever crazy reasons, they could as easily put them somewhere else).
These kinds of multi-bundle campaigns can cost huge amounts of money to put out, especially when one company is responsible for getting the content out there. So after all that (on top of the "licencing costs" for the rediculous amounts of media files involved), do you think these guys combined efforts are going to settle for a handful of places to come across these files after spending so much money on the campaign?
their BIG mistake was targetting a cluster of sites / forums with all the installers (or the majority of them at any rate), rather than hurling them across the seven seas.
after all, nobody said these guys actually knew what they were doing in BT land. Their distribution model clearly leaves a LOT to be desired.
People have apparently flame-mailed the article writer claiming he's in with RIAA and other things, which is just plain silly. Perhaps those people should channel their "constructive criticism" back to the source of the installs, rather than people simply writing about it.
"There's far more "negativity" floating round in those pieces then the Eweek one."
Did they interview you like eWeek? I think you are being evasive here and pointing elsewhere instead of answering the questions.
"Now, he's not directly quoting me, he's just giving a broad overview of what to expect from the article."
Which IMO is seriously overblown. In addition to you talking about "several sites being swamped" which in itself seems excessive to me (personally seeing just 4 torrents removed from one site due to this whole debacle), they have turned it into "invasion". So why didn't you object to that characterization, which was even further from accurate than perhaps your own?
"misquoted? mistake?"
You don't know? So that kind of implies that you didn't review the article at all like I suspected...
"the article as a whole barey touched on BT"
Oh come on. First it's "only about the title", then it's "barely touched BT"? Didn't I tell you that BT was mentioned fifteen (15) times in two pages? I think it was just as much about BT than Direct Revenue and Marketing Metrix.
"do you think these guys combined efforts are going to settle for a handful of places to come across these files after spending so much money on the campaign?"
Probably not. However, I'm quite confident that they will not venture with BT for long, because BT is clearly the most robust system currently deployed against all kinds of hostile content, be that viruses, trojans, spyware, DRM or fake content pushed by the content industry to poison the file pool.
Because torrents are checked, ranked, commented and moderated by sites which compete in the quality of releases, bad content is removed from indexing very fast. Whereas in other P2P networks fake and trojaned content can continue floating around almost endlessly baiting unsuspecting n00bs, in some sites BT releases get trashed just for having too poorly typed .NFOs! Whether the adware companies will voluntarily drop this BT pollution effort or not, it's almost irrelevant. They will not prevail. Content industry is willing to spend tens of millions to contract companies like Viralg to try to poison P2P networks, but they have not even tried to touch BT because it would be even more futile than doing the same on FastTrack or eD2K.
they might *mention* the *word* Bittorrent 15 times, but thats hardly the same as *talking* about it. Mainly the word is just used over and over again, but when it is, its when they're actually talking about something else in relation to bittorrent like DR...a major discussion of BT isn't launched into, its just used as a word to pin the discussion of direct revenue on.
In other words - he mentioned it 15 times. But thats only to give the meat of the story context! He didnt mention BT then branch off to explore the history of BT, or why BT is "teh suck", or why RIAA should go kick the asses of all those "naughty file sharers." He went right back to direct revenue.
"Did they interview you like eWeek? I think you are being evasive here and pointing elsewhere instead of answering the questions."
Plenty of those sites interviewed me like Eweek. However the final results that rolled in were (in some cases) simply slanted to the writers own ends, in some cases not even mentioning BT at all. Now from what you're saying, that might sound like the perfect "interview" because BT wasn't mentioned, but direct revenue and aurora weren't either - they just turned into rant about Kazaa, Edonkey etc. The article you accuse of being so biased against BT and file sharing in particular seems to me to actually be the most unbiased - he sticks to the main point of the story, only mentions BT *in relation to*...a point such as DR and doesn't bash file sharing in any way. And yet he gets emails accusing him of being in league with RIAA. I can only hope some of the other sites got the same. In fact, i can only hope DR got some of the same. Seems like everyone forgot about them.
And like i said - i live on the other side of the planet to the people that write these articles. if im asleep and theyre ready to go live, i hardly expect a phonecall at 3 in the morning to confirm every detail is correct. They should maybe use their own proofreaders, not expect me to check the entire piece for them. i already saw one site that directly quotes me saying something that i never said. that has already been syndicated. you think i have the time or means to now chase down something like 30+ sites (and likely countless more after that, many of which i wont even know about) and implore them all to correct what theyve put? not only is that unrealistic timewise, its impossible. Sad, but true. And yet what they put was *totally* incorrect and biased. Am i mad? Yes. Do i know from past experience that there is most likely sweet FA I can do about it? unfortunately yes.
If you can see a single trace of "anti filesharing" sentiment on my site, please do me a favour and point it out. If you can see one trace of bias against BT, please show me. If you can see any hidden agenda in any of the pieces involving DR, throw me in the right direction.
In short, if you an see anything other than a bunch of pieces examining DR, grind me into the ground, but please, expend some of that energy into exploring why DR are so out of favour and give them as hard a time as you are apparently intent on giving me.
For info, i referred to direct revenue 9 times, yet this ramble was *not* about them.
But thats pretty much everything i can say on the subject of "the world of P2P" - I've already expended enough time writing about something that is *completely irrelevant* to the subject at hand. However...
Out of the 30,000 people that have visited this site over the past 3 days, you're the only one that seems to have such a major bee in your bonnet about not very much in particular. It does make me wonder if *you* have some hidden agenda. regardless, i answered all your questions and gave you all the answers. in fact, in fairness i probably spent far more time than i should have done discussing something that *you* see as a major issue where almost no one else thats come into contact with this story has even mentioned. I think i'd know about it if 30,000 people suddenly started sending me tirades of abuse. It just makes me laugh that none of the people so worked up about this probably put any of that energy into wondering why so many people dislike direct revenue, or indeed got in touch with them to disagree with their newest method of distribution.
We (in the antispyware world) have already had confirmation that this was indeed a massive attempted influx of files - its really not my fault if you didnt happen to know of any of the places where this was going on. I didn't until some people got in touch with me. And now the MMG campaign seems to have been pulled rather hastily. Problem solved, and you "reclaimed" portions of your networks.
As far as I'm concerned, job done and onto the next one.
So does this mean that the music and movie studios will shift the heat from the users of "their" files to the spammers bundling their adware with the "pirated" content? Call me crazy but I think the right person could frame these spyware distributors and land them with a nice lawsuit from hollywood! FK YEA!
IF...the files haven't been licenced. There are two trains of thought on this. Either they were all licenced, but the media owners didn't know they were getting their good distributed with these bundles. I can't imagine Fox would be pleased that end users were associating Family Guy with the package above. The alternative is that only some (or worst case scenario, none) were licenced and then its all going to go up in flames, big time. The problem is that MMG have not issued a single statement on this, and you'd think they'd be happy to clear something like that up. Added to that the fact that none of the bundled companies have come out publicly with info that THEY have licenced the content and its all rather confusing at the moment.
I personally think the stuff *has* been licenced - if it hasn't, its a MAJOR error of judgement and I'd be very surprised. Although as we've already seen, so much of the MMG installer has left a fair bit to be desired...
I was just browsing around and stumbled on this...
paperghost... you say you get rid of spy/ad ware... i have spysweeper and ad-aware... but no matter what i cant get rid of cws_nh3 (or ns3...?).hijack
if you OR if anyone knows how to get rid of that could you email me? ESO_Agent@hotmail.com
Thanks
Kill all the f*ckin spy/adware
May the Force be with you
Hmm.. how stupid of them to pick an episode of The Family Guy (or any other video for that matter) to infect with adware.
Wouldn't it be a lot more effective/less suspicious to infect a game ISO like say, GTA San Andreas or some other popular title..
"if im asleep and theyre ready to go live, i hardly expect a phonecall at 3 in the morning to confirm every detail is correct. They should maybe use their own proofreaders, not expect me to check the entire piece for them."
It's not your problem to arrange the production of the article so that your right to review it before publication is fulfilled in a reasonable way. Your choice is just whether you care enough about getting your message through the way you want it and *demanding*, as a condition of accepting the request to be interviewed, that they honor the system. The other option is just to care enough to have the interview done and have your name mentioned, regardless of how it turns out. If you don't have time to follow through, then don't give interviews. In any case, you have a responsibility, it can't be entirely rolled off to "distorting yellow press", if you are not willing to do your part of the show.
"We (in the antispyware world) have already had confirmation that this was indeed a massive attempted influx of files - its really not my fault if you didnt happen to know of any of the places where this was going on."
Massive means that
a) A significant portion of files are being infected. These sites index tens of thousands of torrents. If a few, or let's say under hundred are infected, _per site_, that's less than a percent. It's hardly noticeable! If we had really something "large, massive, swamped" etc. we would have heard about it from the users! Not some researchers who will think it's "massive" by just getting a lot of requests for assistance. You are not getting these requests so much from other P2P networks because they don't have such a strong community element, and most of them are also much smaller to begin with.
b) That a significant portion of users getting these obviously trojaned files is actually falling for a pretty weak social engineering threat and basically acting against common sense in running highly suspicious executables. Here I would say that significant is more than 10% of users getting these very few and far between files. It has not happened either.
"Problem solved, and you "reclaimed" portions of your networks."
BT filesharing is not so much a "network", it's a community. And not a significant portion of it was ever lost or even threatened. The most damage this episode did to BT (however small) was due to bad PR, claiming that spyware is becoming a problem in BT, when in fact it isn't.
So in conclusion I still believe that you have done a disfavor for BT in exaggerating the problem in public and allowing your statements being used to further exaggerate it several times more. This doesn't need to happen in malice for your part, for it to be used against BT by the content industry and the media owned by them and aligned with them. The forged Kazaa study was used in a highly public education campaign for parents about the "risks of P2P" usage of their kids i
"I personally think the stuff *has* been licenced - if it hasn't, its a MAJOR error of judgement and I'd be very surprised. Although as we've already seen, so much of the MMG installer has left a fair bit to be desired..."
Fox hasn't AFAIK licenced Family Guy for distribution via the Internet by ANYONE. Why on earth would they start with a spyware company doing the distribution over P2P? The only even remotely possible explanation would be that it's a ploy to try to poison the BT community, paid by someone else for a change.
That would make these companies quite strange bedfellows.
This is pretty easy to investigate. The release was portrayed as LOL release, so someone could get the original LOL release and do a byte compare to find out if they are identical. If yes, then MMG or whoever just took an unauthorized release and added their spyware to it. It's much more likely that had they licensed it off Fox, they would have gotten a different source file to begin with.
Interesting, because you're berating me for other people putting words into my mouth, yet i happened to see *you* on the Slyck forum doing *exactly the same thing*. And I quote:
"This guy has serious issues with exaggeration (entire sites "swamped", "flood", "invasion", "massive software distribution campaign", etc."
Flood - that was used by the *writer* of the Eweek article in the title. I didn't write the title.
"Invasion" - I believe you mean "invaded", and again - that was clearly put together by the article writer as a lead in and not a direct quote. Didn't you claim to be involved in journalism, and yet you're pretending you couldn't see that? Please.
"massive software distribution campaign" - again, that was clearly ad-libbed by the writer. I said it was "the marketing campaign to end all marketing campaigns", because it *is* - its an entirely new distro channel for major adware players. DR will likely bow out, but others will replace them.
"swamped" - the best one yet! Go back and RTA. Note the use of the words "SECURITY FORUM" before the word swamped. Because all major security forums that clean out adware / spyware ARE swamped with Aurora requests. Go to the major security forums and see how swamped we are.
"If you can't follow through, don't give interviews" - I've already had a number of sites correct totally fallacious entries regarding this story, but again - please tell me how to have sites that I haven't even heard of who are syndicating the MMG bundle in a cack handed fashion correct their entries? That's just plain silly. If you did that for every interview, you'd spend your entire life chasing people round.
I would have listened to you more until I saw that forum entry, which did exactly what you're accusing me of and then some! Pot, meet Mr Kettle. Switch the lights out when you're done
"Flood - that was used by the *writer* of the Eweek article in the title. I didn't write the title."
I'm holding you accountable for the language they used, because you took part of it by giving the interview and not reviewing it.
"I said it was "the marketing campaign to end all marketing campaigns", because it *is* - its an entirely new distro channel for major adware players. DR will likely bow out, but others will replace them."
I don't know exactly what you thought you were implying with that. However, in my mind this immediately associates with the 1st World War, which was at the time touted as the "war to end all wars". This means that it was the biggest and most horrible war up till then. In contrast, this is probably the first campaign to target BT, a very WEAK campaign in terms of files released and especially their cumulative impact.
That would be like calling the first major stone throwing match between Neanderthals "the war to end all wars", just because it was the first time when more than two people were involved in a feud!
""swamped" - the best one yet! Go back and RTA. Note the use of the words "SECURITY FORUM" before the word swamped."
You wrote here:
http://www.haloscan.com/comments...95752905/
#97544
"I said that this was the first dedicated marketing campaign pushing aurora and other programs by major adware companies, as opposed to the handful of random malware / viruses usually found in BT land. I also said ___a *number* of sites (not the whole of BT / P2P land)___ were currently swamped with these things and i was helping out some admins where necessary, and that the problem would likely not become "widespread" as the installer was now in the public consiousness and all marketing campaigns have a limited shelf-life anyway."
There it seems you are talking about BT sites being swamped and their admins calling for help. So which is it? No BT site admins crying out how they are "swamped"?
In here
http://www.haloscan.com/comments...95752905/
#97564
*I ask*:
""currently swamped with these things"?
Really? The admins said to you something to this effect?"
You never answered this and I took it that you were indeed talking about BT sites being swamped (this was before my Slyck post about how you exaggerate things like silly).
"please tell me how to have sites that I haven't even heard of who are syndicating the MMG bundle in a cack handed fashion correct their entries?"
I've never claimed that as your responsibility. You are only responsible for the interviews you gave directly and how they were used by the media which did the interview.
"I would have listened to you more until I saw that forum entry, which did exactly what you're accusing me of and then some! Pot, meet Mr Kettle."
I find it disturbing that you are not willing to address the actual concern, which is the overinflation of the significance of this "marketing to end all marketing" crap. You can see from the comments that contrary to what you claim above (30'000 visitors and only one complaint), many others have taken issue with the fact that this was made news as a serious problem, when clearly it's no such thing in the big picture.
Sure there are lots of idiots who ran the installer and are asking for help in removing the shit that came with it. The impact on BT filesharing is mostly just bad blood from seeing exploitative media reports once again and then flat out denial that anyone involved in preparing them did anything wrong.
omg, youre either being paid by someone to distract from the adware installer or you need to get out more. you hijacked the entire thread with your self righteous waffle on bittorrent, and youre just repeating yourself endlessly. you honestly think the most significant part of the eweek article is one single quote stating an *INDIVIDUALS* point of view on what the marketing campaign may or may not represent? last time i checked, you were entitled to an opinion on something. doesnt have to agree with yours, but if someone says something (in this case a marketing campaign) is "the marketing campaign to end all marketing campaigns" ((which seems to be your beef, though i couldnt be sure as your focus seems to shift every few entries)) then so frikkin what. its obvious thats a subjective comment (unless youre stupid), much like your own where you stated the author was fond of exagerating - yet for all of the points he mentioned, you went trawling and dug up ONE line from the haloscan comments rather than any of the ARTICLES or the EWEEK piece and ranted about that. gimme a break and get back in your cage. in case yuor too thick to work it out, massive problem beforehand + mass publicity of the install = install being pulled resulting in - NO MORE PROBLEM. so its now more accurate to say there WAS a problem in BT, but not anymore.
This is totally stupid. Assuming anything needs correcting (and i dont really think anything does), if the issue is the eweek article then immediately you're screwed. articles on eweek get passed round to numerous websites, and although the article is the same, they change the name of the guy "interviewing" to make it look like "home grown" content. How the hell can you pull all those articles back? it would be a logistical nightmare to get anything changed in all quarters. Whats more, the "damage done" to the BT "community" is non existent. I've seen very few articles stemming from the Eweek piece that put a slant on it like the Eweek guy did. Take out his comments, and the authors comments dont seem as "OMFG" as they previously might have. Also...seems like people who are actually dealing with this are agreeing with him. Quote, CNET News, Alex Eckelberry, Sunbelt Software head:
"This is one of the most egregious spyware infestations that we have seen," said Alex Eckelberry, president of Sunbelt Software, a maker of anti-spyware software. "It is a major concern. It is going to riddle your system with pop-ups, slow your system down and potentially cause system instability."
Either everyone in the antispyware industry is dead wrong, or you're making an imaginary mountain out of a "problem" that isn't anywhere near as your endless whining would suggest.
By the way Red, I saw your latest post in the forum: Please don't twist what I accused you of. You said:
"...he did so vaguely and claiming later that he was talking about "security forums" and not BT sites or their forums."
Actually, I'm referring to the piece above your post in the forum - SlyckTom's interview. And I quote:
"Almost every *security forum* out there is currently swamped with Aurora / Nail.exe removal requests, and when being probed further, these users have never been whacked by a URL"
*That* is what I am referring to. In the Eweek article, I *am* referring to certain BT forums which were full of these installers. Just thought I'd clarify that. Continue to bash away if you must - though searching for "Bittorrent spy/adware" brings up only a handful of pieces (as the poster above has said) that syndicates the same content already published (by and large), and doesn't mention "floods", "invasions" or anything else. I haven't distanced myself from the Eweek article comments that I made in the slightest, nor do I think the comments made by original author herald the "end of Bittorrent" as you seem to think.
Check out the register simply stating that the mediafiles were definitely unlicenced, for an example of reckless journalism.
A media piece saying a network has spyware on it (which has since been cleaned out), or a media piece saying a network has unlicenced media content on it?
I know which one would worry me more if I was a BT user.
Holy crap, pg and red_blue, you guys have been at this for days. I don't see much to discuss about this article here that hasn't already been discussed. Red_blue, I can say for a fact that at least at some point, possibly even now, some torrent sites are indeed "swamped" with these installs because I've seen them myself. Hell, that's where I got the installs from in the first place. You are correct to say that most respectable torrent sites are not swamped in the same way, but keep in mind that there are hundreds of torrent sites out there, only a handful are respectable, and all of them have regular visitors.
By the way, this security blog/forum is here to, among other things, help ALL users who may possibly be affected by malware/spyware/etc., which includes what you and I may call "n00bs". If you're too "1337" to get infected then fine, but I don't see why you're spending so much time arguing a dying argument (this stuff is old news by now) unless you're profiting from BT somehow or....well I can't think of another good reason.
OK yeah nice find but like many other posters have stated...
"Why the hell would you have to run an install to play the damn movie in the first place!!"
If it's not in ISO, MPG or any other type of video format that is instantly playable with WM or DivX that should raise some red flags right there. And if it doesn't then you're a n0ob and deserve the spyware infestation.
Once again, we get that cynical attitude from the so called "1337" ppl. Did you read my comment which is right above yours? What did I say about n00bs? I said that since we care about security and are interested in helping others, we should love'em. Jeez. I swear this is my last comment on this article. I don't see how seventy plus comments do not cover every damn detail of this piece.
I agree, the "leet" attitude is just totally stupid. What kind of retards criticise people who point out potential security threats? Did it not occur to them that the people most likely to fall for things like this WON'T IF THEY SEE ARTICLES LIKE THESE?
Has MSFT lowered the bar for someone to qualify as a MSFT MVP? Or do they just hand out MVP titles to anyone shilling for MSFT? Next out, your penetrating insight into why MSFT Avalanche is so much better than BitTorrent. What's the delivery mechanism have to do with the nature of the payload? I've seen more articulated arguments from teenagers.
...and I've seen more impressive trolls from monkeys in cages. The site owner has been an MVP since late March, and news of Avalanche went "live" sometime last week. And this thing with the Bittorrent files has been rumbling on since early May. And this site does not contain ONE mention of Avalanche, anywhere.
In addition, this site has broken some of the biggest malware and spyware stories out there:
http://www.theregister.co.uk/200...iframe_exploit/
http://www.channelregister.co.uk...tive_slimeware/
http://www.revenews.com/waynepor...ves/
000594.html
http://www.eweek.com/article2/
0,...,1776347,00.asp
So please, don't display your laughable ignorance in public. The distirbution method has *everything* to do with the payload, as this is the first major vector of attack in Bittorrent thats been seen. This story has caused absolutely seismic shockwaves in the antispyare world, and the effects look like rumbling on for a long time.
get your facts right. bittorrent is a downloader, what YOU download is YOUR responsibility.
"get your facts right. bittorrent is a downloader, what YOU download is YOUR responsibility."
I don't believe anybody did. The issue here (for any boneheads left who don't understand) is that what uo download is your responsibility. However, how the item downloaded is presented is that of the people who created it. And that responsibility seems to be a touch awol at the moment.
Every time an antispyware site hits the newspages, they're always flooded by idiots who just *don't* understand any of the issues surrounding adware and why it makes people so mad in the first place. Gimme a break.
The spyware came from downloading the file not from the bit-torrent file itself....Microsoft propaganda at its best.
Man, this is one of the worst FUD's I've ever read.
"The distirbution method has *everything* to do with the payload, as this is the first major vector of attack in Bittorrent thats been seen. This story has caused absolutely seismic shockwaves in the antispyare world, and the effects look like rumbling on for a long time."
How does the distribution method have anything to do with the payload at all?
Any number of protocols can transfer files, and any executable file could do anything imaginable to your system.
This caused SHOCKWAVES?
How you could not see this coming a mile away?
Buddy,
You totally lack the ability of seperating chaff from grain. Your assesment of the BitTorrent protocol, concept, and sourcecode point to your knowledge of comuting to that of a three-year old. BitTorrent is assembled and scrutinized by an army of coder, if there EVER was any sort of "questionable" software included in the bittorrent package, it wouldn't be there now. But of course, you knew that because yourself being the security expert that you are, you looked at and contributed to the sourcecode already. 95% of people will not examine the type of file that they are executing or downloading 95% of people should not be operating a computer on the internet, you are one of them.
Idiot!
"This caused SHOCKWAVES?"
yes, because Direct Revenue had to put out all kinds of "whoops!" propoganda (something that very rarely happens. check out their latest news page with a "THANKS VITALSECURITY.ORG!! WE LOVE YOU!" write up, MMG who have seemingly gone to ground under MAJOR copyright issues (which could have massive implications on the companies included in the bundles) and Aurora installs are now being found, analysed and discussed.
" The spyware came from downloading the file not from the bit-torrent file itself....Microsoft propaganda at its best."
Wow, well done on writing pure semantic gobbledygook. The article clearly states, if you download then run one of these files after obtaining it from the Bittorrent network (which was its primary source of distribution) then you will become hit with the adware if you agree to the licence. You're probably like those idiots who heard about this and then started fuming that "THE BITTORRENT CLIENT DOES NOT COME BUNDLED WITH ADWARE!!! RAAAAAR!!!", completely neglecting to RTFA.
Feeding time for the trolls!
....LOL. Go cry about it all you want.
Ahahah! Man Ray, well done on confirming everything fu manchu just said! IDIOT!!!! the article DOES NOT STATE ANYWHERE THAT THE BITTORRENT CLIENT COMES WITH ADWARE!!!!!
IT STATES THAT ADWARE BUNDLES ARE BEING PACKAGED WITH MEDIAFILES AVAILABLE FOR DOWNLOAD FROM BITTORRENT SITES!!!!
RTFA NUMNUTS.....ahahahaha.
Congrats Man Ray on posting what is quite possibly the most useless addition to this entire thread. I only wish you'd posted a website address so I could go laugh at you some more.
The Scheme to Discredit BitTorrent:
http://www.pcmag.com/article2/
0,...4039TX1B0000663
PC Magazine has exposed Chris Boyd's deception and Microsoft's underhanded scheming to discredit BitTorrent in order to position Avalanche, its alternative to BitTorrent.
" Thank you for posting the video on Vital Security.org today showing an improper download of Direct Revenue software. We have identified the third-party distribution channel responsible for the download in question, confirmed that the download of our software was occurring in breach of our distribution agreement and without user consent and, as is our policy in such matters, we have shut down the distribution channel responsible for the offense. "
That hardly sounds like THANKS WE LOVE YOU. More like, "quit drawing attention to us, we've got spyware to distribute".
Mr.Boyd,
Please explain your conclusion? You tried to (illegally) download an episode of Family Guy from Bittorrent and got infected with spyware!! Oh 7eh noess!!11!!!
Guess what, Mr.SecurityExpert, if you download spyware and install it... YOU GET SPYWARE!!!!
Has it ever occured to you that the problem is with Winblows and not Bittorrent?!!?!!?
OH MY GOD. YOU ARE SO STUPID! Bit-torrent has nothing to do with the crap you download. You download a bad porn file, that's your stupid fault. Don't blame your user stupidity on Bit-Torrent, you could have downloaded the same crap of this very vital security site. Your entire article is without basis, innacurate and slanderous. Vital Security needs to employ some more competent people to write their articles, people who understand security, and not just hop on the bus of the latest security news...
Hey Mr Boyd,
What makes you a "renowed security expert"? Which university degrees do you hold? How many security papers have you authored? How many holes have you detected (other than those in your head)?
You're nothing but a MS shill and we're on to you!!!
wow, Dvorak writes another piece of useless, trolling garbage. i particularly like the way he seems to imply for the bulk of the article that this site somehow implies the bittorrent client itself carries the adware. by that point, neanderthal reader stops reading and comes on here to moan, accusing the author of saying the client itself is infected. note man ray as a wonderful example of that. ive seen lots of BT sites slewed with these files since last month, its really tough shit if you didnt use your eyes.
The Root of the Accusations. This was all begun by a Microsoft MVP character named Chris Boyd, who is always described as a "renowned" security expert. By whose standards is he renowned? Has he written books? Academic papers? Articles? What exactly besides blogging? So where does this assertion come from? The blog?
He posted his BitTorrent discovery on his security blog here. He discovered that the Aurora spyware is on machines that also have BitTorrent installed and implies that BitTorrent has more to do with it than a casual coincidence. Does this guy know that BitTorrent is a downloading system and people who do a lot of downloading tend to have it on their machines? The cause and effect logic here eludes me. Is he saying it's impossible to get Aurora without BitTorrent?
Whatever the case, someone managed to get his discovery of spyware (spyware is news?) into CNet News, eWeek, and IDG News service, as well as hundreds of blogs talking about how BitTorrent was an "adware distribution vehicle." Hey, BitTorrent will distribute whatever you choose to distribute. How is this news? This all happened just as the once skeptical, now wishy-washy Register (which also reported on the BitTorrent issue without questioning it) reported on Avalanche being oh-so-superior to BitTorrent.
For a good laugh view the Avalanche PowerPoint slide show. It shows all sorts of graphs as if Avalanche is actually in the wild being used. I have never seen such a crock in my life. Can you say "dry lab?"
Where Is the News Reporting? What bothered me the most about this episode was that there was no reporting whatsoever regarding the BitTorrent as spyware claims or even the credibility of the renowned MVP Chris Boyd. It was basically parroting a leap-of-faith accusation in a blog that somehow developed into these eventual talking points: Use BitTorrent and you'll get spyware. BitTorrent sucks, and oh, Microsoft has something better, although it's never been shipped—but it's better!
This thing has now been spun and counter-spun.
As you didn't say anything other than bit-torrent was the download vehicle, along come the Amazing Kreskins with their deeply penetrating analyses.
"Hey, that guy said bit-torrent downloads are full of spyware."
"Really?! Oh my God!! Bit-torrent is infecting computer with spyware!"
"Call the papers! We have proof that bit-torrent is evil!"
...
It's not surprising that files being downloaded via BT have spyware. It's the latest download-darling. Files obtained from Kazaa (not to mention Kazaa itself) were big targets for spyware when Kazaa was front and center.
The sad fact is that the sheer audacity of a company to wrap a HUGE copyrighted download in devious spyware is going to be lost in all the back and forth shouting.
Please, before writing another alarmist and offensive piece like this, do some proper research, or try to do a better job of putting the detail across.
Bittorrent is merely a protocol (with numerous client/server implementations) for distributing data efficiently. The official client is entirely open source (as are many others) and devoid of ad/spy/malware.
Of course, any file can be distributed using the Bittorrent. And yes, 'any file' includes adware executables. ** This is no different to any other file distribution mechanism **: Web downloads, Email attachments, files on CDs, DVDs, Floppies, ZIP discs, files from P2P networks such as Gnutella, FastTrack, OpenFT, Ares, eDonkey etc.
Clearly, the onus is on the user to verify the content of a bittorrented file (by comparing an MD5 hash with a trusted source, for example).
is it just me or does this place swarm with utter, utter idiots sometimes? Dvojak is a known troll and not particularly adored by anyone in the press or indeed anywhere else. once again, someone is posting on here full of outrage that "THE CLIENT HAS NO SPYWARE!"
word up dummy, in case you hadnt noticed not ONE of the pieces here state the client has *anything* in it. unlike the Dvorjak nonsense which INTENTIONALLY makes out *this article* does until about halfway down, by which time losers who cant read properly come on here and start accusing people of things that werent there in the first place. Plz go suck my balls. k thx bye
omg that pcmag writeup is the lamest thing i ever saw. where the hell is avalanche mentioned even ONCE on this site?!? i wouldnt be surprised if Microsoft send in the lawyers as a result of some of those accusations.
btw this guy got his MVP award for work done covering a mass apache server hack - note that says apache, not a microsoft box. He's stuck the knife into MS lots of times when they've deserved it. so please cut the "shill" crap. when MS released the antispyware beta, he was running round telling everyone NOT to use it because it crippled net connections through numerous borked spyware removals. hardly the actions of a shill. lol.
"(spyware is news?)"
omfg, what a numbnut. no John, spyware is most definitely *not* news. thats why its always *in* the news, thats why Spitzner just dragged one of the biggest spyware court cases through the legal system and thats why every second person you talk to would love to know "how to get x,y or z" off their system.
Why does he keep repeating,mantra-like that "the client is infected? bittorrent is infected? bittorrent was tricked?"
sorry, can you read? nobody said bittorrent was infected so stop with the FUD-galore and RTFA. and how the hell do you trick a non thinking piece of software anyway?
Whats it got to do with bittorrent?
oh i dont know, maybe the fact that THIS IS WHERE THE INSTALL WAS PAID FOR TO BE DISTRIBUTED. did it ever occur to you fanboys that if the distribution method had been FTP, Kazzaa, Email or some other vector of attack then they would have been mentioned instead? How thick are you idiots buying into this stuff? Heres the deal. John misses the boat on getting the story, john has a slow news day - john writes a BIG FAT CROCK and deliberatly tries to be "controversial" and just comes across as someone who knows *absolutely nothing* about affiliate distribution, the spyware industry in general or how these things work. Has anyone from MMG actually denied any of this yet? No? how about the adware guys? No?
Are lots of people from the antispyware industry such as Suzi Turner, Sunbelt and Wayne Porter (from their respective blogs) to name but a few said this is false? No?
Please put your brain into gear before typing.
Ha hahahahahahaaa..... oh man my sides hurt. I know the ethics of the author will dictate his taking my post down but I have to say this: You are a paid lackey of the corporate business machine who has little credibility, and after this post of yours, will have exponentially less credibility. Hey, it's not so bad, this is the internet! ...and so is a place for anyone to "try" to discredit something that actually works against said business machine. Words can be used to construct an opinion that sounds intellectual but completely B.S. in its scope... case and point: I claim to be french only to antagonize MY naysayers even further - which I will casually walk away from after I speak my truth and hit the publish button.
What a waste of a perfectly good white boy (assumption based on corporate stature) ...try doing something of substance! Get outside, go to disneyland, eat BOTH kinds of clam chowder, in their native states... hey, you could even download a linux distro (for free) and get installing bittorrent on there; COMPLETELY FREE OF ADWARE!
dumbass!
Finis!
I sort of missed the point you tried to make that somehow BitTorrent is the problem here?
Just like any other data source on the internet, BitTorrent downloads need to be scanned for viruses, or feel the wrath of malware, spyware, and viruses.
Security Expert? Heh!
i particularly love the french guy who made no point whatsover, coupled with a bizarre rant about linux David - are you stupid too? can you understand the words "the distribution method was bittorrent, therefore bittorrent was mentioned as the distribution method"?
Crap....
This is pathetic. Mr Security Guru indeed. Bittorrent is merely a distribution method, and a damn good one at that. What you choose to download is your own responsibilty, regardless of where you get it from. It's about time that microsoft stopped acting like a spoilt child and admitted that there are alternatives, and quite often better alternatives. Like we don't all know the real purpose of this article. *cough* avalanche *cough*
Who paid you to specifically bash BitTorrent??? Your article would have been much better if you had blamed P2P its not BT's fault that users are stupid!!!! Learn what you are doing b4 you do it. This is like the people that opened their whole drive to search's on P2P networks and then complained because they weren't told!!!!!! Hello!!!! RTFM!!!!
try here for some news written by someone who knows what he is talking about!!!! http://www.pcmag.com/article2/
0,...,1829684,00.asp
You need a serious lesson in what P2P and file names are. btdownloadgui.exe is BitTorrent Download Graphical User Interface. Secondly, if you run an exe without first scanning it and monitoring what it does, you're an idiot. The EULA screen you show unmistakable displays what it's going to do and if you allow it to, you deserve every bit of bandwidth eating, CPU hogging software it installs if not more. In fact, you CAN'T click the install button unless you agree to it, *technically* blasting the "spyware" term out of the water because you're giving it permission.
Once again, BitTorrent is a protocol. Saying BitTorrent has spyware is like saying TCP/IP has spyware. Idiot.
I am apalled at the amount of obviously illiterate people commenting here. Or have they all fallen under some sort of Dvorak spell, that renders them incapable of "reading" what was written!?
Don't let the bastards get you down PG....keep up the good fight.
bandwagons, gotta love 'em.
How's about people take a chill, step back, breathe a bit, then start discussing like reasonable people (not gonna say adults, as some like me are bloody immature at times
My undertsnading of this is that paperghost wrote an article on his vitalsecurtiy page and Dvorak didn't quite agree. To the tune of not actually processing the data on the page, merely glancing at the words he liked and re-aranging them into somthing he can create hysteria with. And dear god did a lot of you swallow it up!
Maybe if Dvorak was to have a basic concept of reality (think that's the right one) the article wouldn't have been published. I'm more than willing to bet a substantial ammount of money, that if offered to put this article into print in a major newspaper, it would be swiftly declined for the piece of irrational hype that it is.
i'm not saying i'm one of the most choherent or well thoughtout writers on this planet, but i'm not paid to be
neways enuff of a rant to cover the last few mins of work. btw don't bother with comments on my grammar/spelling/punct/etc. not bothered. i am more than fully aware of thier failings.
-spooky
Dude, you completely missed the bit that says "unrar downloaded malicious content, find the executable, and run it".
You'd have to be preeetty flucking stupid to know how to find a torrent, download it successfully, extract the rar(s) and run the damn thing.
OMG IT MUST BE T3H EBIL BITTORRENT!
I find your painting with a rather large brush here, I have bit torrent on a couple of my PC's and have zero spyware and hgave never had aurora....
I have upgraded my Bit Torrent client etc,
Perhaps you need to research just a little more.
nice foot work but your conclusions about bit torrent are wrong.
Congratulations Keith, you are idiot number 6,982 who has wrongfully accused this site of claiming the bittorrent client contains spyware. in case you cant read, its contained in files available for download on bittorrent networks. or at least they were - theyre now being pulled as a result of the pieces on this site and elsewhere. So shut your whining and get down on your knees. it the least this place deserves.
Yes - it's true - the article doesn't say bittorrent contains spyware - it just goes a long way to try and take the blame away from where it belongs - the user who is downloading and executing material from the internet without properly checking it's integrity. Just because he doesn't EXPLICITLY say that bittorrent contains spyware doesn't excuse the author from a lack of professional integrity...
"Just because he doesn't EXPLICITLY say that bittorrent contains spyware doesn't excuse the author from a lack of professional integrity..."
Okay, so from now on we can criticise people for what they DONT actually say - AT ALL!!!
Wow, not even when it isnt implied either? newsflash - files put into bittorrent network, guy finds them and writes about it, guy also states where the files are being distributed, company doing it gets shut down and no one ever attempts putting spyware bundle into bittorrent networks ever again.
Call me when you find a problem in that.
If you can't tell by reading the article that there is an implication, however slight, that bittorrent is to blame, then you are beyond help - And yes, people should be held accountable for what they imply when it is put out into a forum such as this - that's just a level of professionalism that you must not subscribe to - if you don't understand or can't comprehend these ideals, don't bother posting any more replies
No even implied?? " It would have never occured to the end-users that it could have crept in by another means altogether."
Very subtle - but it DOES imply that the spyware was coming in through stealth, and that was facilitated by bittorrent. This is what everyone should be crying foul about.....
I have never before seen an article that has made such ridiculos leaps of logic. How you connect bit torrent to the adware company is really just stupid. Thanks for loweing the intelligence level of internet information another notch.
Charles, you are a dolt. As has been repeated over and over again, no-one connected bit torrent to an adware company. go back and rtfa, idiot.
" No even implied?? " It would have never occured to the end-users that it could have crept in by another means altogether."
Very subtle - but it DOES imply that the spyware was coming in through stealth, and that was facilitated by bittorrent. This is what everyone should be crying foul about....."
No, because if youre not one of Dvoraks drones, you can easily deduce he means the MMG bundle. Especially because he immediately follows that sentence up with a - i'll slow down if this is too fast for you - BLOW BY BLOW ACCOUNT OF HOW THE MMG INSTALLER PUTS AURORA ON THE PC.If you still cant see that after reading the whole piece, you are an idiot, pure and simple. even more so considering the latest talking point on this is how some of these files apparently contained underage porn. go rant about that instead.
It would have never occured to the end-users that it could have crept in by another means altogether.
This can be taken one of two ways - that the MMG bundle was the way spyware could be creeping in, or through bittorrent itself. It should be made explicitly clear, when you are accusing anybody of doing anything malicious, just what it is you are trying to say. BTW, thanks for proving what I had thought: you can't participate in an adult conversation without slinging mud. Throughout these several posts, I have refrained from calling you an "idiot", but your last post definately removes all doubt. Since you obiously aren't a professional, I expect you can't appreciate professional integrity either
whatever. there is no ambiguity there.
adware creeps in > how > not by a URL > another means altogether > what means > here is a walkthrough of a MMG installer that puts Aurora onto your PC, complete with pictures > summary confirming Aurora and other adware loaded onto PC by running the MMG installer and accepting the licence agreement > problem solved by reading even halfway through the article
Otherwise known as Bittorrent. I checked hundreds of those damn logs, and more often than not, it was chugging away in the background. No wonder none of the victims (or spyware experts) seemed to know what site Aurora was coming from - there was no site.
Still implys that bittorrent is doing something malicious. No, it doesn't actually say "bittorrent is doing something malicious". You're right about that. Try reading between the lines, moron. It's a clear case of FUD. Face that fact - or not. I mean, in your case , ignorance probably is bliss
That comment comes before both the line you mentioned and the follow up which quite clearly described how aurora got on the pc in the first place. are you saying that after reading your own little "inferred subtext" that your brain suddenly lost the power of logial thought and was then completely unable to process the information which directly followed?
And all you could do then was get caught in a perpetual loop of "HE SAID IT WAS BITTORRENT! HE SAID IT WAS BITTORRENT!", without being able to digest and comprehend the rest of the piece, understanding that (rather obviously) a bundle of adware put about by MMG *found on* bittorrent networks was the cause? Even with screenshots included?
*Really*?
Wow, that's pretty messed up. Congratulations.
Erm... right.
Be it a problem of stupidity on my part, but I really do not see how the article lays blame to BT, or even implies this.
All the article was doing was presenting facts, like how the crap got onto the pc. It IS NOT saying "BT IS TEH SUXX0R COS IT HAS SPYWARE!!!!!!", far from that. It just shows that BT is (or was) being used as a channel for distributing all this crap. Just because it centres around the use of BT, and not another system/network/what-have-you, everyone jumps on the article because if you read it WRONG(!!!) you get the idea that your oh so beloved BT protocol is suddenly spyware ridden or whatever.
Bollocks it is.
I have re-read the article several times and yet all I see (still) are the facts combined with analysis from PG.
On another note, people complaining about clicking yes being stupid and n00bish really need their heads seeing to. As said by someone before, what is the point of publishing something like this only to say "here is the license agreement but I'm not going any further because I know not to". What is wrong with showing the world what actually can happen should you click yes?
In the real world, there are people that just click yes without thinking, that run exe files without scanning them first. But then if the exe was an installer of spyware, what use is scanning it? I don't know of any tool which allows you to scan installer files for spyware. Do you?
I'm pretty sure PG has said this here, or in another of the articles he has posted which has kicked up a storm among the followers of the central program/technology, that by announcing it it may make people click no instead of yes, he will be happy/happier.
I may post more if I can be bothered, but the way all this is going it seems somewhat pointless as you all seem to refuse and deny the idea that BitTorrent, the love of many and best friend of many downloaders, is a possible avenue of attack from spyware companies
But why point out that BT could be used for propagating spyware? Isn't that overstating the obvious? Breaking news: email can be used to propagate spyware. TCP/IP can be used to propagate spyware. C'mon. Dvorak's point was that it seems very convienient that the one application that is being hightlighted, even slightly, is a direct competitor of Microsoft's Avalanche program. Eveyone knows that if you mention the word spyware in the same paragraph as application "x", then that generates a negative connatation with that application. That's why most people who really had no ulterior motives with BT would have spelled out exactly what they were trying to say. Most geeks would know the truth anyway, but when the Register picks up the story and runs with it, one can see how it can spread FUD
Breaking news - Microsoft's Avalanche can be used to spread spyware... Sheesh... Most of these people making these posts in here should just turn off their computers and step away - Using a computer is not a right, it's a privilege
What's this got to do with BitTorrent? BitTorrent is a delivery mechanism, you'd get the same crap if you downloaded it directly from a site...
What a stupid article.
once again, try reading what has already been posted ad infinitum. whats it got to do with bittorrent...
http://www.pcpitstop.com/spychec.../
badtorrent.asp
And for info, the register piece was dismissed as being unconfirmed rumour, NOT fact in any way, shape or form by this sites author in one of his posts. That's hardly pushing a "lie", is it?
If this is the best blogging you can do, it's a wonder you're in a supposed security position to start with.
BitTorrent itself to blame for spyware?
Time to find a new line of work before reality smacks you upside the head.
While we're at it, we'll ban IM, FTP, IRC, HTTP, and any other method by which files are downloaded.
Because they're all download mechanicisms, just like BitTorrent.
Any moron (like yourself) that runs an avi as an exe deserves all the spyware their machine can handle.
Dear Chris,
I hope that Microsoft is at least PAYING you to be a mouthpiece for disinformation that conveniently helps bolster the perception of "Avalanche." It is hard to categorize the logical fallacies that you are guilty of: Ad Hominem (if BitTorrent was a person), Straw Man (again, if BT was a person), Red Herring, etc. Red Herring is pretty close but I think you didn't really understand the problem with your "article"/editorial so maybe just plain ignorance of common sense and logic.
Don't get me wrong, this is NOT personal. I don't know you, I only can comment on what has erupted out of your brain and onto your blog.
First of all, why would you download an EXE file that was supposed to be a movie? Okay, maybe to demonstrate the ease that the uninitiated can pick up a slew of spyware.
Second, and by far the most important is that you are attacking BitTorrent as the CAUSE when BitTorrent has as much to do with spyware as PCs have to do with privacy and security. They are two very separate and distinct things. One is a protocol and the other is a series of executables that nefariously work for their masters. BitTorrent has no master and is simply a tool for downloading that doesn't depend on the direct peer connection. It also just happens to be the dominant competition against the dubious Avalanche project from Microsoft.
So, I ask myself, why would this guy badmouth a protocol that has zero to do with what he is complaining about? Hmmm...methinks something foul is afoot. This is like a carload of bank robbers driving to the bank in a Hummer and then charging the Hummer with the robbery! The robbery was committed by the criminals and the Hummer was just the VEHICLE that they USED to get where they needed to go. Exactly like BitTorrent is the vehicle to deliver files. It doesn't have any control over the files, nor should it.
Chris, I think the thing that bothers me the most is that you know better and yet you choose to mislead your readers. Well at least you'll always have a friend in Microsoft.
SINCERELY,
Jeff
Window Security? Now there's an oxymoron right up there with Jumbo Shrimp!
It is beyond me how you talk of marketeers and the nefarious adware alchemists, all while kissing up to and using Microsoft Windows. The biggest and certainly most negatively opportunistic juggernaut of a conglomerate has sown the fertile fields for the adware to grow in. When's the last time you saw adware or spyware in a Unix box or on Mac OS X? Don't give me that line of crap that it isn't cost-effective for the malware masters to go after a group of users that have such a small market share. If you combine OS X, Linux, and Unix, you have quite a large group of users and certainly the most users with information that is valuable (see the FBI, CIA, and NSA's databases...oh yeah, you can't break in because their systems don't run Windows!).
There IS a causal relationship between Bill Gates' FrankenWindows and the loss of millions of man-hours every year to viruses, security "holes," and data-loss crashes. Add to that Microsoft's refusal to allow the anti-virus companies a look at their special, secret CODE, preventing timely destruction of worms, viruses, and trojans and you have what amounts to a loosely-affiliated capitalist's wet dream! However, they don't see the obvious point that the more money that they horde, the less is in circulation and therefore the less their money is worth. What do they do then? They horde more money, of course, further devaluing the dollar.
All from a company that stole, coerced, bought, or copied every single so-called "innovation" that they have taken credit for over the years. The sad thing is, their innovations, because they are second hand, are outdated by the time they get marketed. Case in point: Longhorn, the first new system in almost 7 YEARS from Microsoft that was supposed to come out in 2003, then 2004, now 2006! It promises all these new "amazing" features. Every one and many more have been included in OS X Tiger, released almost 2 months ago! Microsoft is hemmorhaging customers every day now as the exodus has finally begun toward Macs.
Way to go, MVP Chris! Maybe you need some more time in the trenches.
As for your little essay dissing BitTorrent, you said it best: "Deceptive? My God, yes, I'd say so."
http://pcpitstop.com/spycheck/ba.../
badtorrent.asp
http://sunbeltblog.blogspot.com/...-
bittorent.html
http://sunbeltblog.blogspot.com/...ent-
adware.html
keep on continuing to miss the point.
Unless the installer that puts "btdownloadgui.exe" on your computer put Aurora on your computer it is irresponsible of you as a "security expert" to claim that BitTorrent had anything to do with spyware.
Holy crap, my grandmother just gave me a floppy disk with an EXE in it containing spyware. ERGO, spyware comes from direct contact with grandmothers.
Am I here to keep mopping up people who can't read or what?
Once again - sigh - he never said Bittorrent came with spyware. he said a marketing company was pumping lots of cash into a dedicated distribution of adware across large portions of bittorrent networks. this has now been confirmed by pretty much anyone who is anyone in the antispyware world, so stop falling for Dvorak's obvious nonsence and try reading some of it.
Here's another one for starters...is it just me or is Dvorak looking sillier by the second?
http://www.revenews.com/waynepor...ves/
000765.html
Silly doesn't do him justice really.
I think Porter blog hit nail on the right on the head. http://www.revenews.com/waynepor...ves/
000765.html
It was Dvorak projecting his anger over the media coverage and he let it spill over into a Paperghost issue. Dvorak needs to suck it up and admit he was wrong.
It is really sad when people say shit like "You deserve to get spyware on your machine." The flames need to be directed to the assholes that booby trap files for noobs so they can take over their PCs with advertising garbage. No one deserves this kind of shit on their PC. Why is everyone so elitist all of the sudden?
Why not say "You are new to the city so you deserve to get hit by a delivery truck. Everyone knows the delivery truck comes by at two past noon." Not everyone will know. Some people are new to the city or maybe they are deaf. Who knows. Maybe we should say "You dumbass you were handling ChemicalX so you deserve to get cancer. Everyone doctor knows that ChemicalX is a carcinogen." Yeah the doctors knew it but the common joe didnt so let's punish him.
This was not some random driveby. This company claimed to specialize in marketing shit on BitTorrent!!!! They got caught early on but someone has to draw the line in the fucking sand. The more they get away with the more they will try. First it's teeny porn and copyrighted files. Next it will be educational programs for your little brother and sister.
Funny how they dissappeared all of the sudden once their great delivery plans were exposed in the media.
Rock on PG!
For all you bashing those who are bashing this article you are correct, it didnt say anything about BT actually containing a spyware payload.
What it did it give that impression to anyone who is not nearly as savy with the concepts of protocols, file transfering and the interweb as yourselves.
So when this article gets passed around, and your glorious Team leaders/project managers/IT managers/etc etc read this article, all the grunts will be taking BT off all PCs in the office because someone higher up the food chain with much less knowledge of the product didnt understand, but if it came from a security guru at MS it must be true.
Jon can't read either. The guy doesn't work for MS. He happened to be awarded an MVP award from MS.
...how many business networks use BT out of interest? Just curious, I wasn't aware that was a widespread thing, much less existed at all.
Is everyone keeping up to date with the old PC Magazine forums war.
Its really fun. :D
http://discuss.pcmag.com/n/mb/me...d=&
msg=50491.84
This comments system is really confusing to my brain 
Oh, and hello fumanchu *high-five*
Did someone call a troll convention and forget to send me an invite
Ok BoyZ LetS Go....
After reading this epic comment threads a couple of conclusions spring to mind.
1)there are a lot of elitist scmucks posting here with an inability to understand(read) something before passing judgement.But thankfully theres no grey area to quibble,they look&sound like phools to the rest of the audience except themselves.
TO YOU PRONOID POSTEES TRY READING THE ORIGINAL ARTICLES BEFORE BRINGING YOUR PLEASENTRIES TO THIS BLOGG!!!
d'oh!
2) Hey Red_blue do you work for one of these adware companies by any chance ?
Keep up the great work Ghostie !
hey fcukdat, how ya doing? Good to see you!
:D
Never used BitTorrent and got Aurora.
you wouldn't, if you hadn't come across an MMG installer.
Hey Anon,nobody nowhere here said aurora only came c/o infected files on the BT network.There are other avenues of infection just that were struggling to identify them all.
Do you know how you came to have aurora on your PC ?
Did you consent to its installation ?
Any info would be helpful.Thx
I enjoyed your article and I agree with you about full disclosure over obscurity. I also agree that utlimately people need to be more careful about what they're clicking and what type of files they're opening. However, your average user will MAYBE go as far as scanning the downloaded file with their antivirus software and being satisfied that as long as no infections are reported, it's ok to run. Where I'll have to disagree with you is the idea of the people who got suckered into the 'family guy' torrent scams being the ones who drive the nail into the coffin. I don't think it's any coincidence that these packages are bundled in with what is (or at least seems to be) copyrighted material which in most countries is illegal to download. Most aren't going to be so quick to kick up a fuss when they know they came across it while doing something illegal. Most don't want the hassle. They'd rather just clean their systems and be done with it, rather than saying 'I have a complaint about what happened to me while I was doing what I shouldn't have been doing.'
*Disclaimer: while I don't ADVOCATE copyright infringement, I know that all day, every day, it's happeneing somewhere, and the vast majority of us have some part in it, whether we know and will admit it or not.
This article, while based on good intentions, totally 100% misses the point.
Moses, Jeffrey,whatauselessblog,Scorpios, Pete and hundred other commenters are 100% on the money.
The whole main point of the article should have been obviously that if you download anything, and your Windows Media Player does not run it directly, then it's a CONTAINER. And containers may contain other containers and executables. And IF they contain EXECUTABLES, you should not run it unless you are on a VIRTUAL MACHINE.
Of course common people do not get how containers and container-executables are different to movies, when people like YOU spread the BULLSHIT.
Note: Of course there's the claim that on a "security" blog you do not need to mention obvious things.
But given that this blog is (now atleast) read by the Common Joe, you can't ASSUME everyone knows about container formats and what executables ran from inside containers can do vs when ran from a browser.
Well since I made a mistake, I'll correct it:
"media files" like .avi .wmv etc are also containers. However embedding spyware onto them isn't as common as onto .exe's and getting malware run from inside media container usually requires user initiated action, other than pressing the play/seek/stop buttons. Unless there's a bug of course to allow malicious non-user-initiated actions.
Anyhow now that common people may read your ramblings and you know it, you better mention these obvious things too!
What a load of shit. If you call yourself a security expert (!) couldn't you have at least gotten hold of a real bitorrent program and not the crap you decided to dl?
hey me, in case you hadnt noticed or cant read, the adware *WAS.NOT.PART.OF.THE.BITTORRENT.CLIENT.USED.*
LOL, youre repeating the same old tired rubbish. here is the deal. distribution company lose control of its own affiliate who promptly bundles a stack of "now legit" adware guys in with everything from rogue bundles to missing disclaimers to (potentially) dodgy porn.
MMG are exposed and distribution across the bittorrent networks stops.
if you have a beef with this distribution method, did it ever cross your pea brain to take it up with the people DISTRIBUTING it instead of *writing* about it? No? Didn't think so.
Don't let the door hit you on your ass on the way out!
LOL, can we also mention the obvious fact that youre a dumass?
"Anyhow now that common people may read your ramblings and you know it, you better mention these obvious things too!"
oh my god, "common" people come here too? Really? apart from not really wanting to know what your definition of "common" people is (though i imagine its vaguely patronising), this site gets shitloads of traffic on a daily basis. In fact last time a big story broke here, i got 21,000 individual visitors in one day. Im guessing the majority of *those* were "common people" too.
I don't need to put a big fat warning up saying "LOOKOUT! CLICKING YES TO THINGS IS BAD! DOWNLOADING AND RUNNING FILES CAN BE BAD!" at the start of every page, because simply reading the piece should be enough to deduce the same conclusion. If you read it with even a portion of your brain switched on, would you then go out to the nearest Bittorrent forum and download the very same Family Guy installer?
Of course you wouldn't.
By the way, the reason you probably agree with most of those other posts is that a raft of them (along with others) were done by the same handful of IPs. Like people don't think I check for that or something...doh.
C'mon BoyZ is this best you can do ???
Where are your facts to substanciate your concerns ???
Recylcling the FUD spread by JD's article and citing it as fact is ineffective anymore,agreeing with your own posts to continue the FUD and attempt to give it credibility(d'oh!,lucked out BoYz)
You will never win a battle repeatedly shooting yourself in the foot phools!
ROFLMAO BoyZ
Time to evolve up your own orifice's
You have no arguement based on reality(facts),its all in your mind(fiction).
Fact Vs Fiction
Fact wins.
Game over!
Have a nice day 
holy shit, this guy is an idiot, i can cleary see he really does not know ANYTHING about the internet , or how to operate the programs inside The Wired.. i have pulled in a couple of TB with BT and not once have i infected myself with spyware from being a DUMB ASS by not know what i am doing.
I'd add something worthwhile to your utterly useless comment, but that'd be like kicking a sad, shambling puppy. You've clearly never seen someone do a walkthrough of what an adware install does. Guess you haven't heard of using VMWare under test conditions then. Or purposefully running adware on said system to then produce a writeup of what the bundle does.
Where's the eye-rolling emoticon when you need it.
Well looks like I'm gonna break my own promise and post here. Hehe it's like spamming the forums....without the forum points 
Hey pg it just occurred to me that since this aurora episode has gotten so much attention and misinterpretation, maybe you can do a complete blog on the whole subject with a timeline and all the technical details. It won't stop the useless spammers here, but at least ppl like JD won't get confused no more and be forced to handle forum abuse personally.
I have to say that Ghost wrote the best post I've ever read. I'm sitting here just shocked at how mad other people actually get over stuff like auroraco. I thought I was the only one really pissed!
I've spent my fair share of time dealing with them, but I think I have a fiar technical fix for all of you right now, some probably already know:
CNT+ALT+DEL
Task manager...
Click on EXPLORER.EXE and click END TASK.
THEN go ahead and end all the little B.S. .exe files that shouldn't be there.
THEN go to File, New Task, Browse, and open Adaware/Spyware/etc. and scan the crap out of your computer.
That should kill auroraco and Thinstaller once and for all, plus give you time to search through your computer for those files stuck in your Windows folder, and delete them without them running, which I know usually stops them from being deleted.
I'm one of many pissed off internet users that can't get online and watch some FG or futurama without clicking DENY on abetterinternet ad for Zonealarm. If anyone wants to start some shit with the companies, I'm with you with a torch, shotgun, and spork for their eyeballs.
Good luck on killing the spamware, and keeping your computer safe for now on.
P.S: For those amature users:
Get the trio to protect your comp:
Ad-aware SE, AVG free edition, and ZoneAlarm.
Oh and by the way, like Ghost said, he didn't need a banner flying high with a Stephen Hawking computer voice saying "Do not click yes" just to get the point across. Read the forum. I mean, at least appreciate his grammer use and wording. :Þ
I did have a question, how exactly is a virus like auroraco.exe or Nail.exe started and distributed without being traced to a maker or source to point a finger at?
Or if a link is found to be leading to that same spyware, why not inform the government, who I am sure would squelch the problem immediately rather than pick on the filesharing world online.
ha ha ha...yeah that will happen. F*ckers.
Aurora sites are now starting to creep out of the woodwork, but its hard going. There just arent that many "known" sites, which is incredibly odd when you consider how many people fill security forums wanting it removed.
Seems like just about any site with a popup is a supporter of the spyware. That's about 98% of the internet right there.
Not to mention, I had a wicked dream where I was installing something created by Microsoft, like a windows update or something with the standard installshield and all that good stuff. You all know how you can sometimes see individual files flashing their names as they install?..well I was watching those, and all of a sudden I saw, without a doubt, Nail.exe flash before my eyes...then aurora...and then I noticed it: No cancel button!!! There I was after I just cleaned my whole damn computer off, I was installing these viruses all over again. That's when I woke up...
Yeah that's a pretty scary dream, but the bad part is I have a feeling that it's true.
JeanInMontana haha what a mental woman
You're a fucking idiot.
no offense, but i think u only did initial research on bittorent and u aint very qualified to make a statement on bittorent.
bittorent is the best p2p at this time, it is unmatched by other and able to download at max speed when the torrent is well seeded.
And lastly, to make a bold comment of bittorent based on its lame original bittorent client (nowadays who still use that? newbie perhaps) is discriminating.
I suggest u look up bt clients like azureus and utorrent (great idea, a no-installation efficient bt client with massive cool features.)
Self-extracting packages?
Never heard of 'em
I use the Context Menu -> IZArc ... Extract To ...
Just curious.. But since when is the distribution method to blame for the content it delivers? If someone adds a virus/ad-nag-program or whatever to a file and begins to upload it, its the originators fault. This is a little like saying a b52 doesnt need bombs to bomb a target. But since its only the -delivery system-... you see my point.
Seriously folks...opinions are great, but before you decide for yourself, make sure to research the facts of the matter.
What make this install so special? I seem to remember a little thing called Silk Rope from a few years back that worked WAY better than this ever will. Furthermore, what the hell did any of this have to do with BT? Are you just shooting the messenger or are you just that stupid?
"What make this install so special?"
I can only assume you didn't read the article because if you had, you'd see that the whole point of the writeup is to illustrate that we finally figured out where endless installs of Aurora were coming from - files that were intended to be downloaded from sites / forums / wherever using bittorrent. I mean, its even mentioned in the title.
but hey, if you DO want to play "shoot the messenger", here's unauthorised installs of a kludged version of bittorrent used to download pirated movie files to hijacked PCs
http://www.eweek.com/article2/
0,...,1904429,00.asp
Commenting by HaloScan
