back to article Worm eats music on infected PCs

Virus writers have unleashed a worm that attempts to delete MP3 files from infected machines. The Deletemusic worm spreads via removable devices. As soon as an infected device is accessed the worm will be executed. Thereafter it copies itself onto all drives, including removable devices, and executes whenever Windows is …

COMMENTS

This topic is closed for new posts.
  1. ian

    I have a list of suspects

    Who suspects the RIAA? Or Sony's Rootkit department?

  2. Haku

    .ogg .flac .wma .aac etc. immune?

    The notes about the worm say that it only affects .mp3 files, so does that mean .ogg .flac .wma .aac etc. are immune from deletion?

  3. Iain

    Other suspects

    Hey, if we're taking facetious suspects, I'd put forward Apple and Microsoft, both of whom would prefer you stop using the elderly .mp3 format and moved to their ones instead.

    Come to think of it, I notice ogg and FLAC are immune, too...

  4. call me scruffy

    Good old symantic

    "We recomend that you escew portable storage and install our duff-ware (Or bury your PC under six feet of concrete, where it will work just as well)"

    Not...

    "It's always worth backing valuable files up to a write-once media like DVD"

  5. Vladimir Plouzhnikov

    Suspects

    Add the BPI to the list as well...

  6. Dillon Pyron

    Re: I have a list of suspects

    Not Sony. The rootkit was too simplistic. I've analyzed the "worm", it's pretty well written. Contract job? We already know that some Vx'ers do work on spec for various criminal elements.

  7. Will Leamon

    RIAA Indirectly.

    First off this thing is just EVIL...

    But don't blame the RIAA directly. This is undoubtedly the work of some crack-pot who has taken everything the RIAA has said (intentionally misinformed) as bible truth.

    Anybody here in their 30's remember that a-hole (we'll all knew one) from childhood who's parents bought him every single CD that came to market? He would then show off the racks to his friends with that smug little smile and say 'yeah I'm really into music'. Pity your parents are poor.

    He is now so upset that everyone has a an 18,000 song library that no one gives a toss about him anymore. So now he's out to get us.

    Sorry if I sound a bit male-centric in this rant but I've never met a female who would actually get in a cock fight over a music collection. Typically the women I've known just say 'My three CDs are better than all of your's combined."

    Touche!

  8. Andy Silver badge

    Autorun

    Surely this can only propogate if you are too thick to disable Autorun.inf from doing its nefarious automagical thing?

  9. mike

    my money is on

    The RIAA, sound exchange. BPI, NAB. and EMI, Viacom scatch any one connected with the major record industry

  10. JimC

    As likley to be written by someone

    trying to discredit organisations who are seeking to prevent the ripping of musicians... Apart from anything else they're more likely to have the skills than the RIAA if this thing is reasonably well written...

  11. Tony Martin

    Huh?

    "Hey, if we're taking facetious suspects, I'd put forward Apple and Microsoft, both of whom would prefer you stop using the elderly .mp3 format and moved to their ones instead"

    Dunno about Microsoft, but the iTunes software from Apple supports MP3, you have a choice.

  12. Adam West

    re: Autorun

    Why is it "thick" to not disable autorun? For the average user out there (and despite what you may think, that means the majority of PC users) autorun is an entirely useful feature.

  13. bluesxman

    @ Will Leamon

    Wow, sounds like you're more bitter than the "a-hole" from your school :oP

    I wonder if he knows you still care after all these years...

  14. Morely Dotes

    Wet work? Nah, too messy. We'll just kill their finances

    @ Dillon Pyron: "Contract job? We already know that some Vx'ers do work on spec for various criminal elements."

    And by "criminal" one assumes you mean "record companies who take 97% or more of the sales and pocket it, before passing anything on to the artists - when they bother to pass on anything at all."

  15. Anonymous Coward
    Anonymous Coward

    Spel Chek any-one?

    ***********WARNING**************

    ******OLD FART ALERT********

    ***********WARNING**************

    Anyone out there in comments land ever thought of using a spell checker?

  16. El Regular

    If I wrote it...

    I'd have it delete all MP3s that haven't been listened to inside of 6 months, and all mp3's at 56K or less, cos they are just SINFUL.

  17. herman

    GPL Photo recovery software

    Here is the recovery tool: http://www.cgsecurity.org/wiki/PhotoRec

    This utility is on TestDisk and Knoppix.

  18. Alan Donaly

    Don't get it.

    What flash drives come flying out of your butt, and

    infest your computer I was going to be mean and point

    out Linux doesn't get this but there is no real reason anyone

    should have this problem.

  19. Anonymous Coward
    Anonymous Coward

    RE: RIAA Indirectly.

    "Anybody here in their 30's remember that a-hole (we'll all knew one) from childhood who's parents bought him every single CD that came to market?"

    Oh yeah. I know a few of them showoff bastids back at college. I hope they rot in hell.

    Good thing I have my MP3s backed up on DVDs and CDs. And ghost images of my PC's hard drives backed up in a removable USB disk.

  20. Tim Bates

    Oh well...

    If it makes it to my place it'll be unlikely to do anything.

    Symantec AV Corporate should whack it before it goes anywhere. If it makes it past that, well then it has to know that my MP3s are actually stored on a different box (Linux server). And if it does find them, it'll hardly hurt.... All the music I care about is OggVorbis.

  21. Anonymous Coward
    Anonymous Coward

    I'm missing something

    How does it actually get onto the removable media in the first place?

  22. Gorgone

    unfounded accusations

    Hang on, so you're saying the music industry could be to blame as it has "past form". The "past form" you refer to is an unfounded allegation from a blogger (who it could be argued doesn't like the industry very much). Please.

  23. Nick Pettefar

    MP3s on Windows

    Er, can I suggest having a backup? Maybe two?

    Hard drive failures are probably more common than any mp3-eating worms...

  24. Anonymous Coward
    Anonymous Coward

    Re: .ogg .flac .wma .aac etc. immune?

    Even .mp3 files are immune on a PC that isn't already infected with Windows.

  25. Andy Silver badge

    Re: Autorun

    'Why is it "thick" to not disable autorun?' -- Adam West.

    Er, for the same reason that it's a bad idea to run executables attached to unsolicited emails, or downloaded from dodgy web sites. Rocket science it ain't, Batman.

    -A.

  26. Anonymous Coward
    Anonymous Coward

    Could be of good use on a corporate server

    If this virus can delete all .MP3 files on our corporate server, I'll have it scheduled weekly...

  27. A J Stiles

    Not necessarily the industry

    This isn't necessarily the work of the Music Industry. There are a lot of sad-acts out there who, for some reason, take pleasure in denying other people the enjoyment of their property. People who steal mobile phones, for instance: they know full well that the handset can be deactivated and rendered useless, even before the credit runs out. Their motivation isn't to have the phone for themselves: it's to stop you from having it. A virus that attacks media files sounds like the same sort of thing. Peevish, spiteful, mindless vandalism, but not necessarily the Music Industry.

    Still, if it teaches people always to mount removable drives with -onoexec then it's probably a good thing in the long run.

  28. Anonymous Coward
    Anonymous Coward

    +1 on list of suspects

    BOFH?

    If the pFY wrote it then it would copy the files off somewhere first, replace with some recorded sounds of a smutty nature and email the machine owner's other half a zip file full of p0rn for good measure.

    I suspect BOFH would be more restrained and just delete the stuff from the corporate network "without prejudice". The deletion from any other attached devices is just good sense to stop it all being copied back.

  29. doctechnical

    Auturun == leaving your doors unlocked

    >>Why is it "thick" to not disable autorun?

    Because it implies utter and complete trust that anything you connect to your computer (CD/USB/DVD/What have you) is harmless.

    It would be trivial for me to create a CD that would run rampant on your system, delete any number of files (or worse yet, scramble them just a *little* bit so you wouldn't suspect), install spyware, keyloggers, any other malware you can imagine. Autorun makes it simple.

    My suggestion: Don't be so trusting. Don't leave your doors unlocked, don't put your keys under the mat, and disable autorun.

    Seriously.

This topic is closed for new posts.