IFPI Employee Describes P2P Sabotage Activities 431
Maxwell'sSilverLART writes "From The Reg: Matt Warne, an employee of the international version of the RIAA, admitted that he helped the organization spread garbage and random noise on the P2P networks. Apparently, they used multiple DSL connections to present the appearance of separate users, disguising the origins of the files. His group has stopped, but he claims several of the big record companies are still doing it themselves. And here I thought all of their garbage came on CD."
Just block 'em at the firewall. (Score:5, Informative)
OverPeer:65.174.255.255
OverPeer:65.160.0.0-65
Ranger:216.122.0.0-216.122.255.255
MediaForce:65.
MediaForce:65.223.0.0-65.223
MediaForce:4.43.96.0-4.43.96.255
MediaD
RIAA:208.225.90.0
RIAA:12.150.191.0-12.150.191.255
MPAA:64.166.187.
MPAA:198.70.114.0-198.70.114.2
MPAA:209.67.0.0-209.67.255.255
NetPD:207.155.
NetPD:128.241.0.0-128.241.2
UnknownC&DCop:64.106.170.128-64.106.170.19
BayTSP:209.204.128.0-209.204.191.255
Vidius:20
GAIN(spyware):64.94.8
GAINCME(spyware):66.35.247.0-66.
GAINCME(spyware):66.35.229.0-66.35.229
MediaDefender:64.225.292.0-64.225.292.127
R
Xupiter.com:63.23
Xupiter.com(mirror):63.208.235.30
I get dozens of hits to each IPchains rule everyday when I am using P2P.
Re:Just block 'em at the firewall. (Score:4, Informative)
Um. 292?
I presume that's a typographical error, but you might want to double check those numbers... especially with the hordes of people incorporating them into their IPChains/IPTables rulesets right now. :^)
Re:Just block 'em at the firewall. (Score:4, Informative)
How can I verify its legitimacy?
nslookup
Re:Just block 'em at the firewall. (Score:5, Informative)
Re:EULA? (Score:2, Informative)
The RIAA/MPAA/xxAA could just write their own client that connects to the network. They are not bound under any EULA, as it is their software.
As the companies releasing P2P lean towards, there is no owner of the network, and as such, there is no EULA to enforce for the network.
Re:YES!!. Virus also, i think. (Score:4, Informative)
The dummy results always come from the same few machins; they say they're running Gnucleus, and I believe it - access to the source code helps if you mean to screw with Gnutella in this way.
The .exe files in the !!_YEEHAA_!! zip files probably hijack Internet Explorer - going by what comes out of running 'strings' on them, they also add a whole lot of porno bookmarks - venusseek.com in particular. This is just a guess as I'm not planning to actually run this thing on Windows :-) The images and mpgs just show an ad for some porno site.
The .vbs viruses... they seem to have come from Columbia. A look at the source of one of them reveals
rem "Plan Colombia" virus v1.0
rem by Sand Ja9e Gr0w (www.colombia.com)
rem Dedicated to all the people that want to be hackers or crackers, in Colombia
rem This program is also a protest act against the violence and corruption that Colombia lives...
rem I always wanting that all this finishes, I have said...
rem Santa fe de Bogotá 2000/09
rem I dedicate to all you the song "GoodBye" of Andreas Bochelli
It relies on user stupidity and Windows' habit of hiding file extensions. Instead of 'virus.mp3.vbs' the user sees 'virus.mp3' and thinking all is well doubleclicks to play it. VB script promptly scans the whole hard disk and creates a copy of itself under the name of every MP3 it finds. That's why you tend to get double results - maybe Quadrophenia.mp3 and Quadrophenia.mp3.vbs from the same user. It also seems to redirect IE's start page to a FortuneCity site, and has a bunch of other stuff going on related to script kiddie life and Colombian politics.
Compared to this sort of malevolence, a Coral song that craps out after five seconds and continues in silence is positively benign.
What I want to know, though, is why I keep getting back 'Free Bird' by Lynyrd Skynyrd no matter what I search for?
Re:This reminds me.. (Score:5, Informative)
Re:Yeah (Score:2, Informative)
So a one minute 128kbps MP3 file will still soak up 1MB of space after compression.
Re:Just block 'em at the firewall. (Score:1, Informative)
Everyone might want to look at those ranges a little closer.
> MediaForce:65.223.0.0-65.223.255.255
That is a whole class B
PeerGuardian has this list too. (Score:3, Informative)
Re:Yawn... MD5 Checksums (Score:3, Informative)
Fuzzy checksums would detect this but now we are getting off track. This supposed checksum database would have literally hundreds or thousands of valid checksums for each ripped file.
So,.. yawn. Learn what you are talking about before posting.
--Aaron