Anti-piracy vigilantes track file sharers

Found on Security Focus on Friday, 19 March 2004
Browse Filesharing

A pair of coders nurturing a deep antipathy for software pirates set off a controversy Thursday when they went public with a months-old experiment to trick file sharers into running a Trojan horse program that chastises users and reports back to a central server.

The program does not permanently install itself, open a back door or harvest the user's name or other personal information. But it does "phone home" to a central server, sending the filename under which it was executed, and the amount of time the user spent staring in shock at the sermonizing text before closing the window-an average of about 12 seconds. The "Dust Bunny" revision launched last month also sends a unique I.D. number that' embedded in each copy of the program; the server logs the I.D., then sends back a new number that gets patched into the code, allowing the creators to track the program as it's re-distributed across the networks.

But Jason Schultz, a staff attorney with the Electronic Frontier Foundation, is wary of the vigilante effort. "It's sort of an invasion of your computer, not much different from other malicious programs or spyware," says Schultz. "When you use file sharing to download an application, you're not giving the person who's sending you the file permission to run rampant on your computer. The fact that they're in some ways tricking you into running it may pose some real problems for them in court."

Those are just Wild West methods. If you try to fight at the same level, you aren't much better. Besides, this only gets the end user, not the pirates. The programs are malicious software, and users are tricked into executing them. If they cause harm, you can sue the creators. Besides, a decent firewall blocks things like that.