Friday, December 16, 2005

Ed gets it wrong, again!

I got an email today from Ed, the guy who claims to have hacked my PC using a "security flaw" in LimeWire. This time he's all excited about a "worm" (actually it's a trojan) that spreads using P2P programs, in this case LimeWire.
The trojan is called Win32.Alcan.H and it poses as video.exe inside a ZIP file with the name of a porn movie. It also goes by the names of "W32.Alcra.D" or "Trojan-Dropper.Win32.WinAD.h". Yawn. There have been trojans like this around for as long as there have been P2P networks. A quick search on the Symantec virus encyclopedia lists 89 trojans that use LimeWire or related P2P networks.
Anyone who downloads an executable (in a ZIP file or not) and doesn't treat it with extreme suspicion is a fool. Even the LimeWire User Guide warns you about executables. And anyway, since when was a porn movie only 602,893 bytes long? There are plenty of bogus files out there, and the moral of the story is simple: if it seems too good to be true, it probably is. Anyone who thinks they can download Office 2000 in 200k deserves the trojan/advert they get.
It's sad that a company like Computer Associates can't tell the difference between a worm and a trojan, and it's sad that people like Ed don't read the virus alert properly anyway. But then Ed can't tell the difference between a security flaw and a product feature, or the difference between a "hidden" file and a non-existent one. But I guess when a "security consultant" like Ed plays fast and loose with the truth it's easy to lose perspective and fail to notice these details. Sad.
The only useful piece of information in the whole episode was the fact that the LimeWire sharing settings are stored in "limewire.props", a file stored in the
C:\Documents and Settings\user\.limewire
folder. Actually, I found a security issue there, which I have reported. No, Ed, it isn't a flaw, just a bad practice, and can't be used to hack anyone's machine.

Related pages: File not found; Flaw not found | Computer Assiciates "Worm" article | Go Ahead, Hack My LimeWire | Abort, Retry, Fail

1 comment:

Anonymous said...

Hey Donn, lay off this Ed fellow. Just because he made false claims doesn't mean you should beat him to death. Time to move on.

Have a merry Christmas, not a grumpy one. At the moment you seem to be extremely grumpy.