|
|
|||||||
| Peer to Peer The 3rd millenium technology! |
 |
|
|
Thread Tools | Search this Thread | Display Modes |
14-06-02, 07:02 PM
|
#1 |
|
Napsterite
Join Date: Apr 2002
Posts: 138
|
ultimate evil?
this was first brought to my attention by a 3l33+0r (eliter) in the filesharing world and also a "guardian of the net"
by now I hope most of you are aware of the new threat: viruses in jpg images of all things if you aren't please read the link to this article provided for you enlightenment... I've known about hiding things in bitmaps and images for quite sometime as i have been a frequent peruser of Fravia's website (for netlore and reverser's)... we'll I've discovered KaZaA uses some type of hidden dll inside on of its image icon's...i don't as of yet know what its purpose is...it has a really weird name...looks like its written in Swedish maybe no one needs any more warnings about kazaa...but i have to expose a few things i've noted just for the sake of conscience...hopefully others can investigate these things for themselves and be able to tell us more about them... aside from the hidden dll inside of the kazaa icon.... i've noticed that KaZaA affects something called Streaming MRU in your window's registry....something to do with Internet explorer's settings...I think this is one way that the data in your registry can get "manipulated" or switched on and off by kazaa... I'll post more on this...enough to provide the RIAA with plenty of fuel to shut them down for good if they so desire by showing how they control the network and what they use to do it. This will probably be my last effort in educating the public on the client known as kazaa...it was good but its now so untrustworthy i'm afraid to use it.  -Hby |
|
|
|
14-06-02, 07:30 PM
|
#2 |
|
yea, it's me.
Join Date: Jan 2002
Location: usa
Posts: 2,093
|
dammit Harby.........wtf
That's IT - I'm quitting the internet!!!!!!!!!!!!!
|
|
|
|
|
15-06-02, 08:06 AM
|
#3 | |
|
Napsterite
Join Date: Apr 2002
Posts: 138
|
Re: dammit Harby.........wtf
Quote:
 i tried that (quitting the Inet) and it did not work for me...so now it seems other solutions must be found...yes of course this is a terrible thing (imho) because the idea of getting a virus from just looking at a bmp or jpg image? i mean that is a horrifying thought. I may post more on this later...for now though i just wanted to raise awareness that its possible. on another note...i've enjoyed my stint (stay-here at the Napsterites) after I complete the last tutorial i will no longer post here...i guess maybe that's why I'm taking my time on it... i've only a few things to say anyways...and I've done said all i wanted to on religion so kazaa is all i have left to talk about and after i do the tell all (please note i originally intended to expose personal and confidential info about the creators but I now have decided against doing that...i will only speak about the network and the program its self the other info is irrelevant and conscience (once again rearing its polite head) has indicated to me (do unto others as you would want done unto you) so i now feel this to be inappropriate... however I do want to show how (in my opinion) from research I've done my hypothesis (educated guess and theory on how this network is functioning. Sadly though it leaves me (a dialup user) without that many possibilites and choices for a p2p app that i can download movies from (i was able to do this even on dialup with kazaa) and have confidence that the download would be completed..no other networkcan provide me with that level of satisfaction or certainty of completing a large download 250,000kb in size with a dialup modem the way kazaa did...its sad to see them end but their days are numbered.  |
|
|
|
|
|
15-06-02, 05:28 PM
|
#4 | |
|
Registered User
Join Date: Apr 2001
Location: Vancouver, Canada
Posts: 454
|
Re: ultimate evil?
Quote:
|
|
|
|
|
|
15-06-02, 05:49 PM
|
#5 | |
|
Napsterite
Join Date: Apr 2002
Posts: 138
|
Re: Re: ultimate evil?
Quote:
now then just out of insatiable desire to learn as much as i can about as many different things as i possibly can... how's that "other project" I asked u about a while back going? have u given up on it as a hopeless cause? i'm sad if u have but i totally understand it...it was not an easy task by any stretch of the imagination....hope u haven't forgotten what i'm inquiring about..if so pm me and i'll refresh your memories    p.s. for more on that streaming mru's check out this link its midway down the page close to the end...however the whole article is a good read if u are interested in this sort of thing (i don't understand it myself) Last edited by butterfly_kisses : 15-06-02 at 05:59 PM. |
|
|
|
|
|
15-06-02, 06:52 PM
|
#6 |
|
Convict: 1337
Join Date: Apr 2002
Location: Lost in my own little world
Posts: 24
|
Harby..... This *.dll might be what i was looking for....... you could have the answer in your hands.
Resolving kazaa was/is not easy, we all know it calls for the cd_clint.dll... but nothing shows up on dependacy walks.... and the *.bmp's were always a bit strange (to say the least). what you have found might be the answer... it could be the call we are ALL lookig for. Please specalate further or email me the dll you have found. I may have been quiet recently.. but i never lost the cause
__________________
No matter where you live, no matter what you do, some of these things are always true. |
|
|
|
|
15-06-02, 08:10 PM
|
#7 | |
|
Registered User
Join Date: Apr 2001
Location: Vancouver, Canada
Posts: 454
|
Re: Re: Re: ultimate evil?
Quote:
|
|
|
|
|
|
15-06-02, 08:25 PM
|
#8 | |
|
Napsterite
Join Date: Apr 2002
Posts: 138
|
Re: Re: Re: Re: ultimate evil?
Quote:
i remember reading somewhere (i read lots of news articles especially about kazaa and fasttrack) where this new "update" release method (doing them more frequently) is a new strategy for the company to keep interest high in the client by making it seem like its constantly being augmented when [opinion only] it seems most of the updates are new additions by their third-party partners with new gimmicks to provide them ad-revenues...[which is fine..just go easy or not at all on spyware and they'd have much happier and possibly loyal userbase....still remembering though that is the "content" that truly matters not some blind devotion to a particuliar "brandname in P2P][/opinion] p.s. I'd settle for your work on any version...partiuliarly though on the 1.70 as it allows for twice as many search results which can be achieved by doing a normal search with 200 set as the maximum search results returned....but did u know.... that if you did the search again or pressed Search again after doing your initial search it will contact a different or new supernode and actually add to the results you already had before? This then quadruples the search results in esscence giving you 400 search results returned or whatever the maximum number of results is (whichever number is highest) ususally you won't exceed 400 . I personally have seen as high as 343 results returned on a search...which i feel is an excellent update to the client...it still needs a better instant messaging device where the windows does not disappear after the message is sent...heck if they could somehow achieve legality with the client they could set up a server to store the offlinemessages much the way yahoo messenger does now. I tell you there is still so much potential and possibility for this client...lol if they would just [i]hire TankGirl as their public relations person and use her ideas it would be a terrific client. Hello, TankGirl |
|
|
|
|
|
16-06-02, 03:23 AM
|
#9 |
|
'
Join Date: Jan 2002
Posts: 209
|
Note...
Harby, please delete your registry and reboot.
I think what your refering to is W32/Perrun. The way you typed your post is completely stupid. The dramatics and "news from darker net characters!" do nothing to back up your post and only add to hysteria. RTFM: Perrun turns JPG files into a kind of "archive format", wherein JPGs can become "carriers" of (potetially) malicious code But the virus has and needs 2 parts to surive. The second part of the virus acts as a "extractor" kinda like winzip. A .jpg being a carrier is a more accurate way to think of Perrun's modifications to JPGs. Ever heard of .zip files that have been infected with a virus? Whoa! you have? Of course, who hasn't. A virus "injecteing" an infected file or dropper into the ZIP file! What a concept. lol. Going on dummy oppinions the slide from the infected zip idea, to "Perrun infects JPG files" is a short one. So you can infect .jpg files. I can execute your "infected jpg" as long as I want on my PC. Aslong as the pc is not compromised, and the second part to the virus is missing, I will never get infected. Its not as simple as simply having a jpg image that once viewed instanlty infects a pc. Sure some people have had images that have seemed to be responsible for an infection or triggering a virus alert, but those arent images or Perrun, they are a whole diffrent thing. image.jpg.exe usually. Yep doubble extesnions. What a crazy thing. Back to Perrun though, JPG files are not "executable" thats important to remember. Once affected by extrk.exe, though (re:the second part thing) a JPG file carries an inactive copy of the part of Perrun's code that modifies other JPG files. However, that code is only ever activated if extrk.exe is used to "view" the JPG file. So it isnt really doom and gloom like the media and other sources around the net (or harbyngers) are making it out to be. You can use additional registry keys checks in startup if your extra worried about infected jpgs and that jazz, or use one of the many image file cleaners out there, to remove any extra crap if you think a jpg might be carrying extra bagage. If everyone also knows theres also a comment part in a jpg header thats lets you add extra crap that can be ingonred by the viewers. Most common is the appending of an exe. Although JPG viewers will ignore it when they get to the end of the stream of compressed image data. so its pretty pointless. Most will also tell you that the file is actually longer than it should be. And if additional code is appended not imbedded, and it can be removed by opening then saving the JPG file in a graphics program such as Paint Shop. But this whole jpg thing is not new or amazing concept stuff. Try runing a bot through a large binary news group. you will be amazed at the amount of "data" that has been added or stegnated into those pics. Some malware, some not. Even Adobe Photoshop, adds data to jpg's, texts such as File written by Adobe Photoshop, Creator: PolyView(R) Version 3.32 by Polybytes Blah, Blah, and other color management data. Why is kinda puzzling as viewers like Internet explorer dont even use this extra data and just trash it when displaying the images. In summary, it all comes down to if a computer is compromized or not. If a system is trojanized or exploited any other way, in Perrun's case, the "extractor", *nothing* is actually really safe, executable or data files. Viral evilness can be stuffed in whatever file you want, with a ".txt", ".jpg" or ".harbynger" extension, as long as a hook up is made on the PC to the viewer's execution, then you can be carrying out infections. Its like saying, running a basic kiddy trojan on someones computer is the king of hacking.  |
|
|
|
|
16-06-02, 07:19 AM
|
#10 | |
|
Napsterite
Join Date: Apr 2002
Posts: 138
|
Re: Note...
Quote:
Last edited by butterfly_kisses : 16-06-02 at 07:34 AM. |
|
|
|
|
|
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Linear Mode
