Virus writers have unleashed a worm that attempts to delete MP3 files from infected machines. The Deletemusic worm spreads via removable devices. As soon as an infected device is accessed the worm will be executed. Thereafter it copies itself onto all drives, including removable devices, and executes whenever Windows is started …
I have a list of suspects
Who suspects the RIAA? Or Sony's Rootkit department?
.ogg .flac .wma .aac etc. immune?
The notes about the worm say that it only affects .mp3 files, so does that mean .ogg .flac .wma .aac etc. are immune from deletion?
Hey, if we're taking facetious suspects, I'd put forward Apple and Microsoft, both of whom would prefer you stop using the elderly .mp3 format and moved to their ones instead.
Come to think of it, I notice ogg and FLAC are immune, too...
Good old symantic
"We recomend that you escew portable storage and install our duff-ware (Or bury your PC under six feet of concrete, where it will work just as well)"
"It's always worth backing valuable files up to a write-once media like DVD"
Add the BPI to the list as well...
Re: I have a list of suspects
Not Sony. The rootkit was too simplistic. I've analyzed the "worm", it's pretty well written. Contract job? We already know that some Vx'ers do work on spec for various criminal elements.
First off this thing is just EVIL...
But don't blame the RIAA directly. This is undoubtedly the work of some crack-pot who has taken everything the RIAA has said (intentionally misinformed) as bible truth.
Anybody here in their 30's remember that a-hole (we'll all knew one) from childhood who's parents bought him every single CD that came to market? He would then show off the racks to his friends with that smug little smile and say 'yeah I'm really into music'. Pity your parents are poor.
He is now so upset that everyone has a an 18,000 song library that no one gives a toss about him anymore. So now he's out to get us.
Sorry if I sound a bit male-centric in this rant but I've never met a female who would actually get in a cock fight over a music collection. Typically the women I've known just say 'My three CDs are better than all of your's combined."
Surely this can only propogate if you are too thick to disable Autorun.inf from doing its nefarious automagical thing?
my money is on
The RIAA, sound exchange. BPI, NAB. and EMI, Viacom scatch any one connected with the major record industry
As likley to be written by someone
trying to discredit organisations who are seeking to prevent the ripping of musicians... Apart from anything else they're more likely to have the skills than the RIAA if this thing is reasonably well written...
"Hey, if we're taking facetious suspects, I'd put forward Apple and Microsoft, both of whom would prefer you stop using the elderly .mp3 format and moved to their ones instead"
Dunno about Microsoft, but the iTunes software from Apple supports MP3, you have a choice.
Why is it "thick" to not disable autorun? For the average user out there (and despite what you may think, that means the majority of PC users) autorun is an entirely useful feature.
@ Will Leamon
Wow, sounds like you're more bitter than the "a-hole" from your school :oP
I wonder if he knows you still care after all these years...
Wet work? Nah, too messy. We'll just kill their finances
@ Dillon Pyron: "Contract job? We already know that some Vx'ers do work on spec for various criminal elements."
And by "criminal" one assumes you mean "record companies who take 97% or more of the sales and pocket it, before passing anything on to the artists - when they bother to pass on anything at all."
Spel Chek any-one?
******OLD FART ALERT********
Anyone out there in comments land ever thought of using a spell checker?
If I wrote it...
I'd have it delete all MP3s that haven't been listened to inside of 6 months, and all mp3's at 56K or less, cos they are just SINFUL.
GPL Photo recovery software
Here is the recovery tool: http://www.cgsecurity.org/wiki/PhotoRec
This utility is on TestDisk and Knoppix.
Don't get it.
What flash drives come flying out of your butt, and
infest your computer I was going to be mean and point
out Linux doesn't get this but there is no real reason anyone
should have this problem.
RE: RIAA Indirectly.
"Anybody here in their 30's remember that a-hole (we'll all knew one) from childhood who's parents bought him every single CD that came to market?"
Oh yeah. I know a few of them showoff bastids back at college. I hope they rot in hell.
Good thing I have my MP3s backed up on DVDs and CDs. And ghost images of my PC's hard drives backed up in a removable USB disk.
If it makes it to my place it'll be unlikely to do anything.
Symantec AV Corporate should whack it before it goes anywhere. If it makes it past that, well then it has to know that my MP3s are actually stored on a different box (Linux server). And if it does find them, it'll hardly hurt.... All the music I care about is OggVorbis.
I'm missing something
How does it actually get onto the removable media in the first place?
Hang on, so you're saying the music industry could be to blame as it has "past form". The "past form" you refer to is an unfounded allegation from a blogger (who it could be argued doesn't like the industry very much). Please.
MP3s on Windows
Er, can I suggest having a backup? Maybe two?
Hard drive failures are probably more common than any mp3-eating worms...
Re: .ogg .flac .wma .aac etc. immune?
Even .mp3 files are immune on a PC that isn't already infected with Windows.
'Why is it "thick" to not disable autorun?' -- Adam West.
Er, for the same reason that it's a bad idea to run executables attached to unsolicited emails, or downloaded from dodgy web sites. Rocket science it ain't, Batman.
Could be of good use on a corporate server
If this virus can delete all .MP3 files on our corporate server, I'll have it scheduled weekly...
Not necessarily the industry
This isn't necessarily the work of the Music Industry. There are a lot of sad-acts out there who, for some reason, take pleasure in denying other people the enjoyment of their property. People who steal mobile phones, for instance: they know full well that the handset can be deactivated and rendered useless, even before the credit runs out. Their motivation isn't to have the phone for themselves: it's to stop you from having it. A virus that attacks media files sounds like the same sort of thing. Peevish, spiteful, mindless vandalism, but not necessarily the Music Industry.
Still, if it teaches people always to mount removable drives with -onoexec then it's probably a good thing in the long run.
+1 on list of suspects
If the pFY wrote it then it would copy the files off somewhere first, replace with some recorded sounds of a smutty nature and email the machine owner's other half a zip file full of p0rn for good measure.
I suspect BOFH would be more restrained and just delete the stuff from the corporate network "without prejudice". The deletion from any other attached devices is just good sense to stop it all being copied back.
Auturun == leaving your doors unlocked
>>Why is it "thick" to not disable autorun?
Because it implies utter and complete trust that anything you connect to your computer (CD/USB/DVD/What have you) is harmless.
It would be trivial for me to create a CD that would run rampant on your system, delete any number of files (or worse yet, scramble them just a *little* bit so you wouldn't suspect), install spyware, keyloggers, any other malware you can imagine. Autorun makes it simple.
My suggestion: Don't be so trusting. Don't leave your doors unlocked, don't put your keys under the mat, and disable autorun.