back to article Classic Shell hackers: We infected FossHub so ransomware couldn't (and yeah, also for fun)

The hacking group credited for compromising FossHub and briefly infecting downloads of Audacity and Classic Shell says the fallout from the website's insecurity could have been far worse had they not got there first. In a conversation with El Reg, a member of the Peggle Crew group said the security breach – in which the …

  1. RIBrsiq

    Ah, the righteousness of youth! How I miss those heady days!!

    But here's the thing: one *can* raise security concerns with a site's admins, if one finds serious vulnerabilities. No real need to hose anyone's system; and nothing gained from that, apart from those death threats mentioned. Even if the damage is minor and would take someone who knows what they're doing only minutes to fix: the vast majority of users will not be able to handle anything close to fixing an MBR, for example.

    What if the admins will not take a friendly warning seriously, you ask? Well, then it's probably a hopeless situation and nothing will prevent a catastrophic breach of the site concerned, sooner or later. After all, raising awareness of a specific issue or three, no matter how dramatically done, is unlikely to change the underlying culture.

  2. Dan Paul


    Seems the old adage of downloading programs directly from the website of their creators (instead of some software aggregators) has fallen by the wayside.

    So has checking the MD5 hash although some hackers are able to fool you with spoofed data.

    Ivan actually SIGNS his software so don't blame him if the version you downloaded comes up and says there is no publisher. Even if it is Windows, UAC is pretty good about pointing out that missing data.

    1. DropBear Silver badge

      Re: Fosshub

      Okay, be honest - prior to all this did you really _know_ that Classic Shell is _supposed to be_ signed? If not, do you always research beforehand whether something you want to install is supposed to be signed or not, even when downloading from a source generally perceived as legit? If yes, do you have more than ten pieces of software installed? Because I have many hundreds, and occasionally use them all...

  3. Jonathan 27 Bronze badge

    This article is a little confusing, does this only affect MBR discs or GPT as well?

  4. Walter Bishop Silver badge

    Master Boot Record (MBR) nuking malware

    "FossHub .. used to spread a few hundred copies of a new piece of Master Boot Record (MBR) nuking malware" ..

    Wouldn't it be a good idea to lock down the MBR with a hardware lock?

    1. LDS Silver badge

      Re: Master Boot Record (MBR) nuking malware

      You mean something alike a TPM...? <G>

  5. Jamie Jones Silver badge


    "We screwed up your PC for your own good"

    "I only hit you because I love you"

    "It's not you, it's me" ....

  6. Walter Bishop Silver badge

    Software nasty hidden in Windows

    Only if you install under Microsoft Windows.

    1. Steve Channell

      I blame Microaoft

      Classic shell is an "essential" piece of the Windows 8 Operating System, that Microsoft cant be arsed to ship. I always resented having to install classic shell and was a major reason for Reinstalling Windows 7 on a touch computer

  7. moiety

    Shitheads. So for their mild frisson of "fun" a "few hundred" people have a very bad day and probably -especially if they're not very technically literate- considerable expense.

    A pop-up message; porn clip; meme slideshow...any of these would have got the point across and could -in dim lighting by a good-natured liar- be vaguely equated to fun. Fucking up people's MBRs just because they can is the act of a bunch of total arsepipes.

    1. Adam 1 Silver badge

      Rickroll homepage; black hat respect and kudos. This; you are a tool*

      *My sincerest apologies to the tool community for bundling these guys with you.

  8. bombastic bob Silver badge

    I hope they enjoy the Iron Bar Hotel

    I hope they'll enjoy the Iron Bar Hotel, because the *kinds* of miscreants that do these things 'for fun' end up there, eventually. Usually it's after they've done something really stupid, maybe even a few years ago (such as using the same identifier as an old gamer ID or on a public forum), and the law enforcement investigations finally catch up (they don't give up, like a tortoise constantly trying to escape his enclosure) and suddenly, you're arrested, need an expensive attorney, and are facing 15-30 in a supermax due to your apparent danger to society... and are forced into a guilty plea in a plea bargain to avoid serious time (maybe get 1 or 2 years in a min security or something).

    And last I heard, the Iron Bar Hotel has no proper intarweb or cell phone services.

    [I see no favors being done, here]

  9. Unicornpiss Silver badge
    Thumb Down

    I guess I'm getting old..

    It seems like fun. And I like the 'choose your own adventure' or Infocom-era inspired message. For most readers of this site, fixing a corrupted MBR would involve scrambling through their desk for a bootable flash drive (while cursing and muttering oaths) or downloading a utility from somewhere on another machine.

    But there's a lot of people that would have a lot more taken from them by this than 20 minutes of aggravation. Your mom. Some poor bastard down to his or her last few dollars or pounds trying to respond to a potential employer. Someone who just discovered the cool things you can do with a computer (Windows notwithstanding) only to have a little of that sparkle taken away from them by hitting this speed bump full on, and instead of feeling clever, now feeling like a loser. Some poor depressed sod ready to turn a gun on themselves or others if one more straw lands on that fabled camel's back.

    A pop-up or some silly porn would have been enough of a statement. Or perhaps people downloading Audacity could have been treated to a Rick Astley song regardless of what they tried to open. The ultimate Rickrolling. I've never much cared for mean practical jokes though anyway, or anything that makes an already sucky world a little worse. I appreciate the spirit in which it was done, but... <sigh> Guess I'll go back to eating my gruel in my lightless room now..

    1. Gene Cash Silver badge

      Re: I guess I'm getting old..

      If you actually read the article, they don't seem bright enough to do any of those things. It seems they settled for hosing the MBR because that's all they could do.

      "The group considered slipping in a rootkit but gave up on that and went with an old-school MBR killer instead."

      Plus I don't think any of your potential victims would even know what FossHub would be. Except the "poor depressed sod ready to turn a gun on themselves or others if one more straw lands on that fabled camel's back" does sound like a typical Windows user though.

  10. Mark Simon

    Collateral Damage?

    This goes to show how being skillful doesn’t mean you’re not a moron. Pat on the back for writing a clever bit of code. Kick in the head for targeting the wrong people.

    If they think FossHub has a weakness that needs to be addressed, how will punishing the users help? This self-righteous crap is for puerile twerps who don’t care who gets hurt in their pubescent posturing.

    1. et tu, brute?

      Re: Collateral Damage?

      You mean like striking tube drivers, who also punish the users instead of the company?

      Same principle, if you ask me...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019