From SlashDot: Teen makes Trojan Horse disguised as image [modified]
-
My question was how did he disguise is as an image. Did he just change the extension to that of an image?
God Bless, Jason
Programmer: A biological machine designed to convert caffeine into code.
Developer: A person who develops working systems by writing and using software. [^]I agree with the other posters that the probability is high that the feat made use of the "hide known extensions" (ahem) "feature." But also, keep in mind that that was posed on usenet groups, so it would have appeared in the browser as a link to be clicked. Now, what I find amazing is that the program was "smart" enough to find an "appropriate" image (by "appropriate" I mean one in keeping with what the person expected to see based on the link he clicked) on the local HD to be displayed.
-
I think what there are 2 laws in question: 1) The law of the men Yes, "he be charged for breach of privacy". None discussion. 2) The law of the good and the bad If you have the power of make good (saving person, specially children), and you not use it, then you are doing the bad (i.e. killing persons). If this boy offer to help policemans (in order to follow laws), imagine the bureaucracy to start some job. In this meantime, a lot of children has been destroyed. The laws are created to men, and not the men are crated to laws.
Engaged in learning of English grammar ;)
For God so loved the world, that he gave his only begotten Son, that whosoever believeth in him should not perish, but have everlasting life.(John 3:16) :badger:Precisely. There is the law of the State, and then there is the Law of morality. The law of the State may or may not accord with the ultimate law, and if the law of the State does not accord with morality, then one should say "To hell with the State, I must do what is moral."
-
Slashdot link: http://it.slashdot.org/it/07/02/22/0223239.shtml[^] News Artical: http://www.crime-research.org/news/2002/08/Mess1901.htm[^] This is diffently on to talk about. He breaks the law to catch sick people in thier sick addictions. Should he be charged for breach of privacy? The law is the law, so wrong is wrong. (I know the next question propable only U.S. folks will understand.) Could this relate to what to group that is called the 'Minute Men' (I think) that watch our southern board for people crossing the river? But then again unless they hurt someone they have done nothing wrong, right? So, unless this hacker used the information gathered to hurt someone i.e.:identity thief or retrieve money from bank accounts. Then he was done nothing wrong, right? Lastly, how do you think he hide the trojan horse in the images? -- modified at 9:25 Thursday 22nd February, 2007
God Bless, Jason
Programmer: A biological machine designed to convert caffeine into code.
Developer: A person who develops working systems by writing and using software. [^]I've read something were Playboy and other professional art galleries use something similar to see who's copying there files. Can't find the original article, but here's another[^
]. And I personally think this guy's a hero. There's no difference between this guy doing it and other major corporations spying on the public. He at least is putting scum behind bars.
"I know which side I want to win regardless of how many wrongs they have to commit to achieve it." - Stan Shannon Web - Blog - RSS - Math - LinkedIn - BM
-
Slashdot link: http://it.slashdot.org/it/07/02/22/0223239.shtml[^] News Artical: http://www.crime-research.org/news/2002/08/Mess1901.htm[^] This is diffently on to talk about. He breaks the law to catch sick people in thier sick addictions. Should he be charged for breach of privacy? The law is the law, so wrong is wrong. (I know the next question propable only U.S. folks will understand.) Could this relate to what to group that is called the 'Minute Men' (I think) that watch our southern board for people crossing the river? But then again unless they hurt someone they have done nothing wrong, right? So, unless this hacker used the information gathered to hurt someone i.e.:identity thief or retrieve money from bank accounts. Then he was done nothing wrong, right? Lastly, how do you think he hide the trojan horse in the images? -- modified at 9:25 Thursday 22nd February, 2007
God Bless, Jason
Programmer: A biological machine designed to convert caffeine into code.
Developer: A person who develops working systems by writing and using software. [^]Truly amazing, though his life must've been miserable, he has managed to catch criminals while committing a crime himself, but he really did make a great program o_O
-
IlÃon wrote:
The program, disguised as an image,...
:laugh::laugh::laugh: That's the future of programing! We shall just draw how our program should work and, voilla! :cool:
Don Miguel wrote:
That's the future of programing! We shall just draw how our program should work and, voilla!
-
Many people with Windows have "Hide known extensions" checked in their folder setup. So something with a .jpg or .gif extension might really .gif.exe and the program can just pass an image to the computer to open in whatever program is associated with that extension.
Cleako
AVG Free clamps down on files like this ... just try to rename a file like MyDataFile.Zip.Exe
:..::. Douglas H. Troy ::..
Bad Astronomy |VCF|wxWidgets|WTL -
I agree with the other posters that the probability is high that the feat made use of the "hide known extensions" (ahem) "feature." But also, keep in mind that that was posed on usenet groups, so it would have appeared in the browser as a link to be clicked. Now, what I find amazing is that the program was "smart" enough to find an "appropriate" image (by "appropriate" I mean one in keeping with what the person expected to see based on the link he clicked) on the local HD to be displayed.
-
I suspect it was a truely random selection the first time. IF it randomly picked a nonsense image the perv would just delete it.
-- Rules of thumb should not be taken for the whole hand.
-
I've read something were Playboy and other professional art galleries use something similar to see who's copying there files. Can't find the original article, but here's another[^
]. And I personally think this guy's a hero. There's no difference between this guy doing it and other major corporations spying on the public. He at least is putting scum behind bars.
"I know which side I want to win regardless of how many wrongs they have to commit to achieve it." - Stan Shannon Web - Blog - RSS - Math - LinkedIn - BM
-
I've read something were Playboy and other professional art galleries use something similar to see who's copying there files. Can't find the original article, but here's another[^
]. And I personally think this guy's a hero. There's no difference between this guy doing it and other major corporations spying on the public. He at least is putting scum behind bars.
"I know which side I want to win regardless of how many wrongs they have to commit to achieve it." - Stan Shannon Web - Blog - RSS - Math - LinkedIn - BM
Bassam Abdul-Baki wrote:
I've read something were Playboy and other professional art galleries use something similar to see who's copying there files.
There is no comparison here! :confused: Playboy, and others, are watermarking their (emphases on their) images and scanning the internet to see if anyone is posting their images without proper permission. :doh: This guy is distributing a Trojan that is installing itself on your [editorially speaking] computer and allowing him to view your [again editorially] personal data. X| Where is there even the slightest hint of common method here? :confused: In the case of Playboy they are scanning a public resource, the internet, for misuse of their images. :cool: In the case of the virus writer he is intruding on private resources, albeit some of which are owned by despicable people, when he has no legal right to be monitoring these resources. X| I know that child pornography is an emotionally charged subject, and I deplore pornography, child or otherwise, because it makes objects of people, but I cannot condone unethical means being used to combat it. :rolleyes: It is ironic that I find myself coming to the defense of Playboy but what they are doing is perfectly within their right. What this virus writer is doing is simply illegal and of questionable morality, regardless of the cause he is crusading. :doh:
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes -
Slashdot link: http://it.slashdot.org/it/07/02/22/0223239.shtml[^] News Artical: http://www.crime-research.org/news/2002/08/Mess1901.htm[^] This is diffently on to talk about. He breaks the law to catch sick people in thier sick addictions. Should he be charged for breach of privacy? The law is the law, so wrong is wrong. (I know the next question propable only U.S. folks will understand.) Could this relate to what to group that is called the 'Minute Men' (I think) that watch our southern board for people crossing the river? But then again unless they hurt someone they have done nothing wrong, right? So, unless this hacker used the information gathered to hurt someone i.e.:identity thief or retrieve money from bank accounts. Then he was done nothing wrong, right? Lastly, how do you think he hide the trojan horse in the images? -- modified at 9:25 Thursday 22nd February, 2007
God Bless, Jason
Programmer: A biological machine designed to convert caffeine into code.
Developer: A person who develops working systems by writing and using software. [^] -
Bassam Abdul-Baki wrote:
I've read something were Playboy and other professional art galleries use something similar to see who's copying there files.
There is no comparison here! :confused: Playboy, and others, are watermarking their (emphases on their) images and scanning the internet to see if anyone is posting their images without proper permission. :doh: This guy is distributing a Trojan that is installing itself on your [editorially speaking] computer and allowing him to view your [again editorially] personal data. X| Where is there even the slightest hint of common method here? :confused: In the case of Playboy they are scanning a public resource, the internet, for misuse of their images. :cool: In the case of the virus writer he is intruding on private resources, albeit some of which are owned by despicable people, when he has no legal right to be monitoring these resources. X| I know that child pornography is an emotionally charged subject, and I deplore pornography, child or otherwise, because it makes objects of people, but I cannot condone unethical means being used to combat it. :rolleyes: It is ironic that I find myself coming to the defense of Playboy but what they are doing is perfectly within their right. What this virus writer is doing is simply illegal and of questionable morality, regardless of the cause he is crusading. :doh:
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesActually, he's posting his Trojan in an illegal forum as pedophilia, and if someone wishes to download it, he's not forcing them. Same reasoning as downloading a Playboy image. However, this guy is smart. He's not going after people who just download because they could just be looking for porn, be other hackers, or knows that they can't be imprisoned for viewing (first amendment and all). He also knows that there's enough real scum out there for him not to waste time on the downloaders. However, the posters are the one he's going after and I think he's doing a great job where police officials are severely lacking or not capable of doing. How different is this from Google cookies, or a private investigator sent to spy on someone, or the bounty-hunter guy who goes out and find people? Everybody has a reason and an excuse, at least this guy's were more honorable.
"This perpetual motion machine she made is a joke. It just keeps going faster and faster. Lisa, get in here! In this house, we obey the laws of thermodynamics!" - Homer Simpson Web - Blog - RSS - Math - LinkedIn - BM
-
Slashdot link: http://it.slashdot.org/it/07/02/22/0223239.shtml[^] News Artical: http://www.crime-research.org/news/2002/08/Mess1901.htm[^] This is diffently on to talk about. He breaks the law to catch sick people in thier sick addictions. Should he be charged for breach of privacy? The law is the law, so wrong is wrong. (I know the next question propable only U.S. folks will understand.) Could this relate to what to group that is called the 'Minute Men' (I think) that watch our southern board for people crossing the river? But then again unless they hurt someone they have done nothing wrong, right? So, unless this hacker used the information gathered to hurt someone i.e.:identity thief or retrieve money from bank accounts. Then he was done nothing wrong, right? Lastly, how do you think he hide the trojan horse in the images? -- modified at 9:25 Thursday 22nd February, 2007
God Bless, Jason
Programmer: A biological machine designed to convert caffeine into code.
Developer: A person who develops working systems by writing and using software. [^]This raises several legal questions. Can the evidence he gathered can even be used legally in court? I'm pretty sure it can't be. One issue is establishing a chain of custody--how do we know he didn't plant this material on the computers of people as some sort of sick joke? A bigger issue is using evidence gathered using illegal means. The courts take a dim view of police using proxies to do what they can't do. In this case, what the guy was doing is illegal under most country's laws. The big US constitutional issue is whether evidence gathered illegally can be used as the sole reason to create a warrant that results in gathering evidence independent of the original source. If I remember right, the US courts have recently said that you can't do that. Whatever the emotional appeal of vigilantism, it greatly worries me. History shows that what starts as a noble effort usually ends up being a witch hunt that hurts many innocent people. For all of the problems of government law enforcement, there is at least some accountability in most democratic countries (not enough, but some.) It's bad enough that our civil rights are being eroded by our elected officials; having them eroded by private citizens is worse. (While child pornography is in a category all its own, I can't help but think of the KKK of years past lynching black men for even talking to white women. I also worry about the entrapment aspects of all this. Yes, there are people who are on the line of legality, but who wouldn't have crossed that line without the heavy manipulation of law enforcement.)
Anyone who thinks he has a better idea of what's good for people than people do is a swine. - P.J. O'Rourke
-
Slashdot link: http://it.slashdot.org/it/07/02/22/0223239.shtml[^] News Artical: http://www.crime-research.org/news/2002/08/Mess1901.htm[^] This is diffently on to talk about. He breaks the law to catch sick people in thier sick addictions. Should he be charged for breach of privacy? The law is the law, so wrong is wrong. (I know the next question propable only U.S. folks will understand.) Could this relate to what to group that is called the 'Minute Men' (I think) that watch our southern board for people crossing the river? But then again unless they hurt someone they have done nothing wrong, right? So, unless this hacker used the information gathered to hurt someone i.e.:identity thief or retrieve money from bank accounts. Then he was done nothing wrong, right? Lastly, how do you think he hide the trojan horse in the images? -- modified at 9:25 Thursday 22nd February, 2007
God Bless, Jason
Programmer: A biological machine designed to convert caffeine into code.
Developer: A person who develops working systems by writing and using software. [^]Just another example of why the Canadians can't be trusted.
"Do you know what it's like to fall in the mud and get kicked... in the head... with an iron boot? Of course you don't, no one does. It never happens. It's a dumb question... skip it."
-
Actually, he's posting his Trojan in an illegal forum as pedophilia, and if someone wishes to download it, he's not forcing them. Same reasoning as downloading a Playboy image. However, this guy is smart. He's not going after people who just download because they could just be looking for porn, be other hackers, or knows that they can't be imprisoned for viewing (first amendment and all). He also knows that there's enough real scum out there for him not to waste time on the downloaders. However, the posters are the one he's going after and I think he's doing a great job where police officials are severely lacking or not capable of doing. How different is this from Google cookies, or a private investigator sent to spy on someone, or the bounty-hunter guy who goes out and find people? Everybody has a reason and an excuse, at least this guy's were more honorable.
"This perpetual motion machine she made is a joke. It just keeps going faster and faster. Lisa, get in here! In this house, we obey the laws of thermodynamics!" - Homer Simpson Web - Blog - RSS - Math - LinkedIn - BM
Bassam Abdul-Baki wrote:
Actually, he's posting his Trojan in an illegal forum as pedophilia, and if someone wishes to download it, he's not forcing them.
Firstly the forums he is posting his Trojan in aren't illegal; of an objectionably nature yes, but not illegal. :doh: A forum devoted to pedophilia would probably be illegal but a forums where pedophiles lurk but is intended for other things doesn't make them illegal. :~
Bassam Abdul-Baki wrote:
Same reasoning as downloading a Playboy image.
Not the same reason at all. :rolleyes: Playboy images, although exploitive and demeaning in my opinion, are not child pornography. :doh: They have been interpreted by the courts to be within the legal framework of the society. Regardless of my personal feelings about Playboy images they are legal to be posted on the internet and used according to the licensed use provided by the authors. What Playboy is doing is well within their right. :doh: What the virus writer is doing is advertising pornography and downloading a virus! X| What don't you understand about downloading a virus, regardless of the lie to get you to download it or target audience, as not being illegal? :confused:
Bassam Abdul-Baki wrote:
However, this guy is smart.
Devious yes, smart not demonstrated by his actions. :~
Bassam Abdul-Baki wrote:
He's not going after people who just download because they could just be looking for porn, be other hackers, or knows that they can't be imprisoned for viewing (first amendment and all).
What gives him a legal right to go after anyone in the way he is going about it? X| I must ask again what don't you understand about downloading a virus, regardless of the come on or target audience, as not being illegal? :rolleyes: He is not empowered by the legal authorities to spy on people. He is invading their computer, reading their personal email and capturing their files. He is a criminal regardless of his good intentions. :doh:
Bassam Abdul-Baki wrote:
How different is this from Google cookies
I seriously doubt that Google is reading your private emails or installing virus programs on your computer. :rolleyes:
Bassam Abdul-Baki wrote:
o
-
Bassam Abdul-Baki wrote:
I've read something were Playboy and other professional art galleries use something similar to see who's copying there files.
There is no comparison here! :confused: Playboy, and others, are watermarking their (emphases on their) images and scanning the internet to see if anyone is posting their images without proper permission. :doh: This guy is distributing a Trojan that is installing itself on your [editorially speaking] computer and allowing him to view your [again editorially] personal data. X| Where is there even the slightest hint of common method here? :confused: In the case of Playboy they are scanning a public resource, the internet, for misuse of their images. :cool: In the case of the virus writer he is intruding on private resources, albeit some of which are owned by despicable people, when he has no legal right to be monitoring these resources. X| I know that child pornography is an emotionally charged subject, and I deplore pornography, child or otherwise, because it makes objects of people, but I cannot condone unethical means being used to combat it. :rolleyes: It is ironic that I find myself coming to the defense of Playboy but what they are doing is perfectly within their right. What this virus writer is doing is simply illegal and of questionable morality, regardless of the cause he is crusading. :doh:
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesstand up and bow.
JimmyRopes wrote:
It is ironic that I find myself coming to the defense of Playboy
:laugh::laugh::laugh:
God Bless, Jason
Programmer: A biological machine designed to convert caffeine into code.
Developer: A person who develops working systems by writing and using software. [^] -
Bassam Abdul-Baki wrote:
Actually, he's posting his Trojan in an illegal forum as pedophilia, and if someone wishes to download it, he's not forcing them.
Firstly the forums he is posting his Trojan in aren't illegal; of an objectionably nature yes, but not illegal. :doh: A forum devoted to pedophilia would probably be illegal but a forums where pedophiles lurk but is intended for other things doesn't make them illegal. :~
Bassam Abdul-Baki wrote:
Same reasoning as downloading a Playboy image.
Not the same reason at all. :rolleyes: Playboy images, although exploitive and demeaning in my opinion, are not child pornography. :doh: They have been interpreted by the courts to be within the legal framework of the society. Regardless of my personal feelings about Playboy images they are legal to be posted on the internet and used according to the licensed use provided by the authors. What Playboy is doing is well within their right. :doh: What the virus writer is doing is advertising pornography and downloading a virus! X| What don't you understand about downloading a virus, regardless of the lie to get you to download it or target audience, as not being illegal? :confused:
Bassam Abdul-Baki wrote:
However, this guy is smart.
Devious yes, smart not demonstrated by his actions. :~
Bassam Abdul-Baki wrote:
He's not going after people who just download because they could just be looking for porn, be other hackers, or knows that they can't be imprisoned for viewing (first amendment and all).
What gives him a legal right to go after anyone in the way he is going about it? X| I must ask again what don't you understand about downloading a virus, regardless of the come on or target audience, as not being illegal? :rolleyes: He is not empowered by the legal authorities to spy on people. He is invading their computer, reading their personal email and capturing their files. He is a criminal regardless of his good intentions. :doh:
Bassam Abdul-Baki wrote:
How different is this from Google cookies
I seriously doubt that Google is reading your private emails or installing virus programs on your computer. :rolleyes:
Bassam Abdul-Baki wrote:
o