February 13, 2005
Anti-Piracy Score- Torrents: 0 MPAA: 1
MPAA closes LokiTorrent but P2P universe grows new sites. First Trojan targeting Microsoft Anti-Spyware appears. Firefox / Camino / Safari / Konqueror / Opera IDN vulnerability. Secure transfers with WinSCP and Sourceforge's Project for February 2005 is ClamWin Anti-AntiVirus for Windows
The Internet's in an uproar: the Motion Picture Association of America (MPAA) has actually closed down LokiTorrent; one of the more popular BitTorrent search engines. On-site is an announcement "You can click, but you can't hide" with a warning that the MPAA now possess the site's access logs which they are going to use to track down all those illegally sharing movies.
However, this may be more bombast than fact. Although the site was a Torrent tracker, the only people at risk are those actively sharing downloads (seeders). If you are guilty of seeding but connect via a dynamic IP, the MPAA has to first find out the IP block owner. And the trail often goes cold when it crosses the US' territorial boundaries.
Of course, the death of LokiTorrent doesn't mean the end of the Torrent and P2P networks. There are new Torrent sharing and search sites springing up every day. And if you've been happily downloading content for free, I recommend lying low for a while. Of course, if you prefer quibbling, the MPAA can only (legally) prosecute movie pirates. Not those ripping off music, books and software (including games). A specious argument oft used by companies to justify their buying just one legal copy of a software product, but using 10 or more copies across multiple systems.
What's interesting that BitTorrent itself is an open-source technology. That's ideally suited to sharing large files without overloading one specific server. And many of the larger, more-popular downloads including Mozilla Firefox, Mozilla Thunderbird and OpenOffice.org suite are available as .torrent.
As a Firefox user, beware of a newly discovered IDN vulnerability. That also affects OmniWeb, Opera, Mozilla, Firefox, Camino, Konqueror, Netscape and Safari. Internet Explorer is safe. The IDN spoof attack can be exploited by a malicious web site to spoof the URL displayed in the address, SSL certificate and status bars! The Secunia Advisory: Multiple Browsers IDN Spoofing Test for details. Firefox 1.1 nightly (Beta) has been patched. But Firefox 1.0 users should try the quick fix
open about:config from the browser's address bar.In the unlikely event this modification doesn't stay, you'll need to manually edit compreg.dat located in your Firefox profile directory. Open the file with WordPad and comment out lines containing IDN by adding a '#' at the start of the line (e.g. #{4byteshex-2byteshex-2byteshex-2byteshex-6byteshex},@mozilla.org/network/idn-service;1,,nsIDNService,rel:libnecko.so). But other than this minor glitches open-source is the most happening thing today. Even if you aren't a developer (cultivator) just a user (harvester) of its fruits, the breadth of applications available is staggering. For every commercial product there's a free alternative. One example is the excellent 7-Zip file compression format recently updated with LZMA compression technology for more optimized file packing. The 7z format includes a self-extraction option, with little loss in compressed file size. The 7-Zip manager supports 7z (native), ZIP, CAB, RAR, ARJ, GZIP, BZIP2, Z, TAR, CPIO, RPM and DEB. And offers 2-10% better compression ratios for the ZIP and GZIP format as compared to that offered by industry-leaders PKZip and WinZip. And if you use Total Commander, there's a free 7-Zip plug-in available. Another excellent open-source tool is WinSCP. This secure copy client uses SSH to safely copying files between local and remote computers. The interface is close to Norton Commander (as also to Total Commander). But its a stand alone application. File management options supported include copy, move, rename (files, folders), create new folders and change properties (files, folders). I use WinSCP at work to transfer files between my desktop and our production web servers. And to download transaction logs from our payment gateway. I think I've earlier highlighted the need to compress larger message attachments. But that was using WinZip's plug-in for Outlook. Now PowerArchiver has released its plugin. This supports not just the native .Zip format, but also 7z, CAB, TAR.GZ and SFX (self-extracting) formats. PowerArchiver plug-in also supports up to 256-bit encryption using PAE or AES. The plugin need PowerArchiver installed and works with Outlook 2000, XP and 2003. If you (like I) use Mozilla Thunderbird as your primary email client, there's still no plug-in to compress message attachments. Although there is the EnigMail extension to encrypt messages. Perhaps its time one of the developers reading this column created a Thunderbird extension to compress message attachments. Send me a copy and I'll preview the add-in. Yahoo's the first search engine to release a Mozilla Firefox toolbar. This mirrors the companion bar for Internet Explorer, excluding only Anti-Spy and support for International Yahoo IDs. The Beta release is for Windows, but Yahoo is working on Linux and Mac OS X versions. If you prefer Google, there's a community-developed extension that ports Google's IE toolbar to Firefox. If you are looking for a free MP3 player that's missing ad- and spyware, look no further than jetAudio 6.1.1 Basic. That natively supports MP3, OGG, MPG, AVI, WMA. With (audio CD) ripping and burning included. The player supports DVD and VCD playback, Monkeys Audio support, skins and visualizations. As well as CDDB lookup and an integrated lyrics viewer that can now search Leo's Lyric Database (requires an Internet connection). The new release also plays AVI and MPG files while these are downloading! The Pro version support broadcasting and mp3PRO (ripping to and playback from) formats. JetAudio is my main multimedia player. Troj/BankAsh-A (Trojan-Spy.Win32.Banker.jv, PWS-Banker.j) steals credit card and other stored private data. Its also the first Trojan that specifically targets Microsoft Anti-Spyware and attempts to close this application. It also attempts to close other running anti-virus programs. The Trojan also deletes files, installs a key logger. And opens a backdoor to download code and exchange information with a remote site. The Trojan spreads through an infected email attachment. Hijacks the Internet Explorer start page. And steals email login details and passwords from the browser's protected store. BankAsh-A drops ASH.DLL to the Windows system folder then creates a Windows Registry entry
Locate network.enableIDN
Set to FALSE
HKCR\CLSID\(C6176B04-8896-4446-9939-E00EE94C420F). The DLL registers as an Interface "IIEHlprObj" and as Type Library "AS 0.96 Type Library". It also creates the registry branches
HKCR\AntiSpy.AntiSpy
HKCR\AntiSpy.AntiSpy.1
HKCR\Interface\(17A45F93-AEC8-440B-AC33-1BA9CC3192AC)BankAsh-A attempts kill Microsoft AntiSpyware application. And deletes the entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\gcasServ" and terminates GCASCLEANER; GCASDTSERV; GCASINSTALLHELPER; GCASNOTICE; GCASSERV; GCASSERVALERT; GCASSWUPDATER; GCIPTOHOSTQUEUE; GIANTANTISPYWAREMAIN; GIANTANTISPYWAREUPDATER processes. The Trojan also deletes the %\Program Files\Microsoft AntiSpyware folder. Modifies the Windows HOSTS file. And unregisters then deletes IEHELPER.DLL from the Windows system folder. Luckily BankAsh-A works only for Barclay's Bank, Cahoot, Halifax, HSBC, Lloyds TSB, Nationwide, NatWest and Smile. When any of the latter's online banking sites are accessed, the Trojan hijacks the browser to display a fake login page. Sophos offers well-presented virus removal instructions. If you are still waiting for the so-far elusive free anti-virus, do consider ClamWin. SourceForge's Project of the Month for February 2005, this open source virus checker for Microsoft Windows combines a GUI that works with a Windows32 port of the ClamAV scanning engine (previously available only for Linux, BSED, etc). It includes automatic virus database updates, a scanning scheduler with a stand alone virus scanner. It integrates into the Windows Explorer menu and works as an add-in for Microsoft Outlook. According to the developer,, ClamWin 0.37.3 was downloaded 59,000 times in under two months. And if you want to give something back, ClamWin project desperately needs developers with Python and C++ experience with exposure to both Windows and Unix operating systems. Who can devote at least 5 hours a week. Anyone interested should send an email to alch at users dot sourceforge dot net. That's it for this week, until next time, Stay Safe!
HKCR\TypeLib\(D941DA88-1DAA-4ED2-8946-ABABCF2A4C3F)
Post a Comment