View Single Post
Old 03-02-02, 12:54 AM   #6
JackSpratts's Avatar
Join Date: May 2001
Location: New England
Posts: 10,023

thanks for the posts buzz, tg & malk. as malks' screen print illustrates, that IP trick only pulls up what morpheus users are sharing in the first place – but it sure is a lot more complicated than just letting morpheus do it!

the netstat -n exploit has been around since april and it doesn't give you anything off a drive morpheus user's aren't already allowing you to have. you're basically looking at how morpheus works - it's a IE based app. to work this hack your target has to be on morpheus and transferring in order for you to scan his drive but you can do that normally by checking “find more from user”! if that's what this is then the bbc has been snookered - probably by a pro-winmx group at that haha!

the article does darkly suggest they're getting user names a different way. so maybe they're doing “resume.dat” searches, but it also suggests they're going deeper into peoples' hard drives than the IP paste in IE ever went. it certainly sounds bad alright...

well it's late but here's my guess:

people who are trying to cause a bit of trouble towards morpheus (could be anyone – giFT – winmx – riaa - ignorant “experts”? well meaning dopes - who knows…) are re-posting the old IP trick and if so then so what, it's nothing new.

to make it sound new (and scary), they're doing a "resume.dat" scan to view ALL the current users on a supernode (well, 100 anyway or whatever your search limit is - it can be a bit higher). it sounds evil but again so what, that's what the program is supposed to do; query all users connected to a node.

finally, they're confusing a common user mistake; sharing the entire contents of a hard drive, with some sort of Morpheus vulnerability. people have been inadvertently putting their whole hard drives on Morpheus since the beginning, but that's a user mistake made on all file-sharing clients (that allow you to share everything). it's never been unique to Morpheus. new users scream about it of course on xolox, blubster, gnucleus, bearshare and the rest.

so if this is the case then the alert is about nothing more than the old spooky hack that's been around since april '01 and was – and is – totally benign. it's a fun and harmless “shortcut”. sure, it takes longer to do than what the client will do anyway, but it uses IE & Morpheus, instead of IE-based morpheus alone, and if that makes it kind of cool, it doesn't also make it bad.

- js.
JackSpratts is offline   Reply With Quote