[ _owl_ @ 14.01.2003. 15:38 ] @
Sledi tekst poruke koju sam danas dobio:

Introduction:
Several months ago, GOBBLES Security was recruited by the RIAA (riaa.org)
to invent, create, and finally deploy the future of antipiracy tools. We
focused on creating virii/worm hybrids to infect and spread over p2p nets.
Until we became RIAA contracters, the best they could do was to passively
monitor traffic. Our contributions to the RIAA have given them the power
to actively control the majority of hosts using these networks.

We focused our research on vulnerabilities in audio and video players.
The idea was to come up with holes in various programs, so that we could
spread malicious media through the p2p networks, and gain access to the
host when the media was viewed.

During our research, we auditted and developed our hydra for the following
media tools:
mplayer (www.mplayerhq.org)
WinAMP (www.winamp.com)
Windows Media Player (www.microsoft.com)
xine (xine.sourceforge.net)
mpg123 (www.mpg123.de)
xmms (www.xmms.org)

After developing robust exploits for each, we presented this first part of
our research to the RIAA. They were pleased, and approved us to continue
to phase two of the project -- development of the mechanism by which the
infection will spread.

It took us about a month to develop the complex hydra, and another month to
bring it up to the standards of excellence that the RIAA demanded of us. In
the end, we submitted them what is perhaps the most sophisticated tool for
compromising millions of computers in moments.

Our system works by first infecting a single host. It then fingerprints a
connecting host on the p2p network via passive traffic analysis, and
determines what the best possible method of infection for that host would
be. Then, the proper search results are sent back to the "victim" (not the
hard-working artists who p2p technology rapes, and the RIAA protects). The
user will then (hopefully) download the infected media file off the RIAA
server, and later play it on their own machine.

When the player is exploited, a few things happen. First, all p2p-serving
software on the machine is infected, which will allow it to infect other
hosts on the p2p network. Next, all media on the machine is cataloged, and
the full list is sent back to the RIAA headquarters (through specially
crafted requests over the p2p networks), where it is added to their records
and stored until a later time, when it can be used as evidence in criminal
proceedings against those criminals who think it's OK to break the law.

Our software worked better than even we hoped, and current reports indicate
that nearly 95% of all p2p-participating hosts are now infected with the
software that we developed for the RIAA.

Things to keep in mind:
1) If you participate in illegal file-sharing networks, your
computer now belongs to the RIAA.
2) Your BlackIce Defender(tm) firewall will not help you.
3) Snort, RealSecure, Dragon, NFR, and all that other crap
cannot detect this attack, or this type of attack.
4) Don't fuck with the RIAA again, scriptkids.
5) We have our own private version of this hydra actively
infecting p2p users, and building one giant ddosnet.

Due to our NDA with the RIAA, we are unable to give out any other details
concerning the technology that we developed for them, or the details on any
of the bugs that are exploited in our hydra.

However, as a demonstration of how this system works, we're providing the
academic security community with a single example exploit, for a mpg123 bug
that was found independantly of our work for the RIAA, and is not covered
under our agreement with the establishment.


Affected Software:
mpg123 (pre0.59s)
http://www.mpg123.de


Problem Type:
Local && Remote


Vendor Notification Status:
The professional staff of GOBBLES Security believe that by releasing our
advisories without vendor notification of any sort is cute and humorous, so
this is also the first time the vendor has been made aware of this problem.
We hope that you're as amused with our maturity as we are. ;PpPppPpPpPPPpP


Exploit Available:
Yes, attached below.


Technical Description of Problem:
Read the source.


Credits:
Special thanks to [email protected] for the ethnic-cleansing shellcode.

Da li su ovi momci normalni?? Zamislite sve moguce posledice zloupotrebe onoga sto su oni smislili ( pogotovo s obzirom na obim i popularnost p2p mreza + zloupotrebe -- stavka 5 ne znam da li se sale ili ne ali...)
[ McKracken @ 14.01.2003. 16:07 ] @
Klasican HOAX... Nema veze sa realnoscu :(
[ -zombie- @ 14.01.2003. 18:30 ] @
Citat:
_owl_:

Things to keep in mind:
1) If you participate in illegal file-sharing networks, your
computer now belongs to the RIAA.
2) Your BlackIce Defender(tm) firewall will not help you.
3) Snort, RealSecure, Dragon, NFR, and all that other crap
cannot detect this attack, or this type of attack.
4) Don't fuck with the RIAA again, scriptkids.
5) We have our own private version of this hydra actively
infecting p2p users, and building one giant ddosnet.


ne bi koristili ovakav recnik da je ovo ozbiljno...
[ _owl_ @ 15.01.2003. 00:26 ] @
Moze biti ja sam se malo naglo reagovao kad sam procitao poruku, ali fora je da je poruka prosla kroz moderisanu listu.
[ Gojko Vujovic @ 15.01.2003. 01:13 ] @
Koju to listu?
[ InsurrectoR @ 15.01.2003. 14:19 ] @
Citat:
_owl_:
4) Don't fuck with the RIAA again, scriptkids.


RIAA defaced -again!

By Drew Cullen, The Register Jan 11 2003 10:21AM

Reader reports are flooding in that the RIAA.org has been defaced - again. At time of writing, the site appears to be down, And several readers have been kind enough to include screen grabs, showing that the front page today carried the following message. RIAA - 0wn3d by.... ;p oooh riaa want's to hack Filesharing Users / Servers ? - better lern to secure your own server... Sorry Admin - had to deactivate ur accounts - they'll be reactivated after 2 hours greetz : Rage_X, BRAiNBUG, SyzL0rd, BSJ, PsychoD + all the others who want to stay anonymous :] wanna contact ? mailto:[email protected] Underneath the greets, there is a list of RIAA 'recommended' file-sharing tools, such as KaZaA and eDonkey. Downloads from these sites are 'sponsored by www.riaa.org'.

preuzeto sa: http://online.securityfocus.com/news/2036

toliko o tome ;>
[ _owl_ @ 15.01.2003. 19:10 ] @
Citat:

Koju to listu?


Vuln-watch ([email protected]), lista i nema neki veliki dnevni protok tako da sam pretpostavio da se ne radi o prevari pogotovo sto je uz poruku stigao i exploit za mpg123.
Ovo je poruka koja se nadovezuje na prethodnu.

Some of you have written in wondering if the Gobbles post was a hoax or
not.

Skipping past all the RIAA stuff (I can't exactly confirm any of that),
there is still the issue of a buffer overflow in mpg123 version 0.59s.
That *is* real, and so is the exploit that is attached (which, if
successful in exploitation, will run 'rm -rf ~').

So yes, there is a mpg123 vulnerability in the latest development version
(which some linux distros ship). The latest stable version (0.59r) seems
to be OK for the moment.

As for the 'hydra' (Swordfish, anyone?), RIAA involvement, and massive P2P
neworking compromises, well, that's for you to determine.

Your loving VulnWatchdog,
- - rain forest puppy
[ BobMarley @ 15.01.2003. 22:56 ] @
da je to istina ne bi to objavili jer bi se taj crv i bugovi u softwerima locirali u roku par dana .... a to im nije u interesu

ali zanimljivo kako je riaa zbog patke dobila po pič**
[ vindic8or @ 07.10.2003. 21:59 ] @
glupost...
cist politicki potez RIAA mafije. I ovo objavljivanje vesti o neunistivom virusu, koji niko ne moze da detektuje (ovo utice na zrtve holivudske predstave hakera). Kao i ovo sa focusa. Verovatno su sami postavili taj page i posle jednostavno ugasili masine.
Prvo (virus) bi trebalo jedan deo p2p usera da zaplasi i natera da deinstaliraju sharing programe.
Drugo je vec cista politika, koja bi trebalo da prikaze kako su ljudi koji koriste p2p osvetoljubiva djubrad.
Ovo mnogo ne dopire do ljudi kod nas, ali zato u Americi ovakvi potezi puno znace, i efektivni su, zato sto je americka javnost uglavnom brainwashovana televizijom i holivudom (koji koriste politicki metod formiranja, ne samo misljenja, vec i licnosti).


btw. ovo je smesno
mailto:h4x0r0815 at mail.ru - tako su se kao potpisali na RIAA sajtu....

hehehe ... ovako spusta novi nivo dna u reci lame....
[ H203 @ 11.07.2018. 13:19 ] @
Šta je bilo sa crvom iz P2P mreža? Da li se na kraju pretvorio u leptira ili muvu?