QuebecTorrent spyware alert may be wrong
p2pnet news view | P2P:- The weekend report of a QuebecTorrent rootkit infection may be erroneous.
The so-called Canadian corporate music industry, comprising Vivendi Universal (France), Sony BMG (Japan and Germany), EMI (Britain), and Warner Music (US), has finally succeeded in closing down the P2P site QuebecTorrents.
The Quebec Superior Court issued a permanent injunction against QuebecTorrent and its administrators and, “We don’t know the strength of this, but just in case,” said p2pnet of the spyware warning.
Now, “I am the same person having reporting the first warning and I want to give more details of what I experienced,” says a Reader’s Write.
The first post stated >>>
The site is infected with a rootkit!
It is the almost the same rootkit used by Sony! How strange!
It will try to infect you computer with a rootkit hiding any file or folder with name starting with css.
Now, “The system infected was running window 2K Sp3 ans security update with IE6 sp1 running under defaut security,” says a new comment post, going on >>>
I tried to visit what I thing was www.quebectorrent.com after the anoucement of the shutdown and this particular system got infected. (By the way I never visited this site before.)
How did I know? I have a deteciton software that give me a warning and also the firewall show up with a warning and started blocking all the in/out traffic to the network. Two exe files got copied on the C drive root directory and these two file was detected by my security software. After unpluging the system from the networkand removing the memory stick containing my personal files I proceeded to study the issue. Addware and my antivirus software failed to detect anything wrong but rootkitrevealer show up with an hiden css folder that I know was legitimate plus one new executable file in the window sys32 folder called something like css$$$.exe probably the payload.
I don’t believe that the administrators of these site have anything to do with this. It could be a hacker internal or external it could be a bug infecting this site and now trying to infect client machine.
But, admits the poster, “There is a small chance that I might have reach a different physing site accidentaly (I doubt it) or that the bug is comming via a server from my ISP instead ( Never hear of it though.)
“To know if you are infected with this rootkit creat a file called something like ‘csssomething.txt’ and see if you can still see it. You could also try to creat a folder named CSS.
Meanwhile, Sébastien Brûlotte, president of Québectorrent.com, said this, in part, in a letter (Google translation) to users >>>
I …want to explain my decision not to challenge the procedures for a permanent injunction had been served on us and against which we have always expressed our disagreement. The upheavals have caused sites such as ‘torrent’ and ‘p2p’ had a significant impact on trade and distribution of music, movies and any works protected by copyright.
At the time we had to take a decision about defending our interests before the courts, we found that both the recording industry and film, represented by ADISQ and APFTQ, that users and operators sites such as ‘torrent’ and ‘p2p’ were governed by laws outdated and patently non-adapted to current and modern technology.
We also urge our governments to intervene in this area and to legislate so as to reflect current realities and needs of its population. It goes without saying that this reality is not only the interests and needs of distribution companies, which will inevitably adjust to the market. It covers more than ever, consumers of music and movies, without which the industry would not be both affluent today. The legislature must listen to those consumers who are an important part of the population.
Besides, I must respond to how the ADISQ commented on the judgement of the Court.
The vice-president of public affairs and CEO of ADISQ, Mrs. Solange Drouin, commented that ‘it was a first major victory for the local industry against a torrent site and that other suits against such download sites could be considered.’
At the time the procedures we were served, we hired a prosecutor who, for health reasons, had to stop representing us last March. Thereafter, in early May, we hired the law firm Fetch Legal Ltd.. to represent us. Our prosecutors have indicated then that the status of the dossier was limited, and that we should require a court delay to enable them to state the cause, and position us well in our defence. An expertise was needed to counter that of ADISQ and the APFTQ, and a defence should be filed on record. It remained only two months before the hearing. Our prosecutors have recommended to submit a request for surrender of the hearing. ADISQ and the APFTQ were opposed to this request. As a result, and following arguments ADISQ and the APFTQ, the court refused our request for surrender, and ordered the trial as planned in July 2008.
Given this state of affairs in the best interest of members who have supported us financially and cause sites such as ‘torrent’ and ‘p2p’ we preferred not to present defence rather than defend ourselves inappropriately. It goes without saying that our intention was to avoid a legal precedent detrimental to any litigation of the same nature. We believe we have made the right decision on this aspect, as pointed out aptly Tristan Péloquin in his blog on 10 July. We are surprised by the position of the ADISQ and the APFTQ to the effect that this ruling is a precedent, because in fact there has never been a substantive debate about the issues raised by the dispute.
Ultimately, it was never our intention, in connection with the operation of our site, to allow the violation of copyrights, as claimed the allegations contained in judicial proceedings. We are convinced that the Court could make an interesting decision in the case if she had to assess contradictory positions, which it did not have to.
We still intend to abide by the terms of the injunction issued against us, but wanted to correct certain statements made publicly in recent days.
ADISQ also wanted $200,000 in damages from QuebecTorrent and Brulotte.
However, ADISQ dropped the demand when QuebecTorrent agreed not to fight the permanent injunction.
Stay tuned.”
.
.Stumble It!
rootkit infection – QuebecTorrent ‘rootkit infection’ warning, July 11, 2008
Use free p2pnet newsfeeds for your site. It’s really easy!Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.
July 14th, 2008 at 9:10 am
I am the one who reported this as bullshit.
I also have rootkit revealing software.
There were no warnings from it.
no traffic got blocked.
Naming files CSSanything.any showed nothing but normal activity.
There is a LARGE chance that this is still bullshit from a paid label
employee.
” But, admits the poster, âThere is a small chance that I might have reach a different physing site accidentaly (I doubt it) or that the bug is comming via a server from my ISP instead ( Never hear of it though.) ”
I don’t think there is a small chance you are wrong.
I think you are full of it.
Anyone on the internet can claim to be an expert at anything.
Yes, the same can be said about me. It just seemed waaaay to odd
that with al the hubbub around QT, suddenly a ‘rootkit’ appears to further try to keep
folks out.
Too much coincidence.
So, I went to find out myself ..and found, as expected, nothing but pain in the
butt popunder adds, that just keep rolling. Nothing malicious, just annoying.
If the labels really had the side of ‘right’ , would they need to stoop to tactics
like this .. and the stuff they do in COURT .. whew.
Protect yourself from net threats, but don’t believe everything someone tells you,
especially when it comes to torrent sites and big music.