April 22, 2005 3:00 PM PDT

Virus pits itself against music pirates

A hacker has created a virus that targets music lovers by deleting MP3 files on infected computers, according to antivirus company Sophos.

The worm, dubbed Nopir.B, spreads over peer-to-peer networks and appears to have originated in France, security researchers at Sophos said Friday.

Nopir.B is designed to look like a DVD-cracking program, to fool people looking for a program that will circumvent copy-restriction technology on the discs. When the worm is downloaded and run, it attempts to delete all MP3 music files and wipe some programs from the infected PC, the company said in its advisory.

Sophos said it believes the author of the virus may be looking to stamp out music piracy.

"The Nopir.B worm targets people it believes may be involved in piracy, but fails to discriminate between the true criminals and those who may have legally obtained MP3 files," Graham Cluley, senior technology consultant for Sophos, said in a statement. "Whichever side of the fence you come down on in regards to Internet piracy, there's no debate about the criminal nature of this worm--it's designed to inflict malicious damage on people's Windows computers."

Sophos has received few reports of the virus, but recommended that people update their security software. The malicious software affects PCs running Microsoft Windows.

Dan Ilett of ZDNet UK reported from London.


Join the conversation!
Add your comment
I wonder who wrote it?
Regular virus-writers don't seem to exactly have this kind of motivation.

The RIAA or a similar organization would never be this stupid. I think.

So, that leaves... a disgruntled musician who thinks piracy is killing him?
Posted by (84 comments )
Reply Link Flag
Who wrote it?
Don't discount the possibility that record companies had a part
in this... And why not consider the anti-virus companies
themselves? After all, Sophos "believes the virus writer wants to
eradicate music piracy" (very profound statement eh? Who
would've though, a virus that deletes mp3 may be linked to
piracy... duh).
It's unlikely it'll get hunted as intensively as say Blaster, since it
won't affect critical systems, while the virus companies will
possibly enjoy an increase in sales to said pirates.
To name but a few.
Posted by stam66 (9 comments )
Link Flag
Congress From Utah
No doubt he made the treats about this issue.
Posted by Willy Wonker (73 comments )
Link Flag
Lars Ulrich!
If it wasn't for those damn pirates, "St. Anger" wouldn't have sucked.
Posted by M C (598 comments )
Link Flag
oh please
The **AA's were lobbying Congress to be able to do exactly that under protection of law! Fortunately for the citizens of the US, the only bumbling congress critters they could buy at the time were Howard Berman, Howard Coble, and Orrin Hatch.
more info:
<a class="jive-link-external" href="http://www.theregister.co.uk/2002/08/23/minnow_isp_aims_counterstrike/" target="_newWindow">http://www.theregister.co.uk/2002/08/23/minnow_isp_aims_counterstrike/</a>
<a class="jive-link-external" href="http://news.cbsi.com/2100-1023-946316.html" target="_newWindow">http://news.cbsi.com/2100-1023-946316.html</a>
Posted by rbochan (14 comments )
Link Flag
"The RIAA or a similar organization would never be this stupid. I think."

Really? I don't put it past them in a minute. Think about how they flout the law (including due process) to sue file traders.

Think about how they engage in illegal price fixing.

Think about how rabid and blind and stupid they are in all their actions to stifle technology at all costs.

The RIAA was the first thought that came to my mind when I considered who may have created this malware. Now, I'm sure they didn't send an email to a virus author and say "Hi, we're the RIAA, and we'd like to hire you!" Rather, they do it while hiding their identity. It's really not that hard. Give me your email address and I'll show you, if you like. :)
Posted by TimeBomb (70 comments )
Link Flag
Another reason to avoid MS
... switch to Mac.

Ever heard of a Mac (running on OS X) that has problems with virus,
spyware or adware? Didn't think so...
Posted by (1 comment )
Reply Link Flag
Please no fanboy stuff on this thread
Please don't start any fanboy stuff... this is a serious issue that could affect a lot of people around the world. The my computer brand is better than yours has no place here.
Posted by (3 comments )
Link Flag
Is there even any P2P programs for the Mac? (I am just curious, honest!)
Posted by Andrew J Glina (1673 comments )
Link Flag
fanboys like you are the reason I don't switch. I would hate to be associated with this kind of Mac zealotry
Posted by unknown unknown (1951 comments )
Link Flag
It is a matter of time
Not sure how long you have been using computers, but a little history for you:

The 1st Worm was written for Unix systems by Rober Morris Jr in the late 80's.

Early Virii were written for the original Mac because at that time, there were more Mac's in use than Wintel PC's. Now that the Wintel/AMD platform is the dominate platform, the virii coders want to code against it. They are looking for the biggest return on their investment. No computer system is completely secure and never will be.

BTW, I have not gotten a virus on any of my systems since 1987 or so. this is because I am careful about the files I open and the sites I visit. I keep my systems up to date with the latest security and anti virus patches. I have no problems with spyware because I do not load programs that install spyware.

My 15 yo daughter has never had a virus because I have taught her safe computing.

The best computer is the one that does the job for you, be it a Mac, Wintel, Linux, or even dumb terminal.

Perry Smith
Posted by (1 comment )
Link Flag
sophos wrong
quote from the article:

Graham Cluley, the senior technology consultant for Sophos, is wrong in his statements. I don't care if it does attack legal mp3s with the illegal ones. You shouldn't be downloading cracks for computer programs through p2p anyways and you get what you deserve if you do. I use a lot of free open source software and when there isn't a good open source alternative I am willing to pay an honest fee to use software. Leave this virus alone.
Posted by (4 comments )
Reply Link Flag
Suleova, meet point. You missed it the first time.
There are valid reasons to skirt DVD copy protections, such as the simple need to backup a DVD you legitimately paid for.

But even if you toss that argument aside, what they gave in the article was just an example of how this malware could propagate. Anyone could easily change this malware to appear like some *other* application--say, HighHorse_PointMisser_2005.exe, which it seems you yourself would benefit from running. And it could also be distributed by means other than P2P (Usenet, email, IM, the web--anything.)

The bizarre position you've put yourself in is one in which you stand up for the digital rights of some (i.e. shareware and DVD authors), but not of others (i.e. those who mistakenly run this malware). To my cultivated mind, you can't have it both ways and still have both legs to stand on.
Posted by TimeBomb (70 comments )
Reply Link Flag
good point
whoever wrote this virus shows us, bottom line, that he wants to sneak into your computer and delete stuff. he isn't an ally.
Posted by (1 comment )
Link Flag
Oy Vey
This is not good. I have nearly 30GB worth of mp3 files on my system as I converted my CD collection. Let's also not forget the fact that some software titles use mp3 as the format for any audio files that the application uses. To convert my collection took a long time and I don't want to have to go through it again. This is an outright malicious attack and I for one would not be a bit surprised if there is some shady corporate sponsorship of the virus (RIAA, MPAA, and BSA).
Posted by (3 comments )
Reply Link Flag
well then
don't download any DVD ripping programs from a p2p's
Posted by mpop1 (57 comments )
Link Flag
This is an illlegal maneuver and it is uploading malicious software to many servers. This person or group responsible is no better than people or groups responsible for the Lovebug, Slammer, Blaster, or Sobig. This conduct whoever is responsible should be punished.

Advice , don't download any executable files or code cracking technology on your computer. Also before opening your files run your up to date antivirus software and have a strong firewall.
Next you may want to do a backup and demarcate a system restore function.

I'm sorry but two wrongs don't make a right.
Posted by alawana (20 comments )
Reply Link Flag
virus is bad but...
look, two wrongs dont make a right but i am sick of hearing the crying of people who do illegal things on the net and then get stung by their actions. having a copy of your dvd that you own is legal but cracking the dvd protection is not. until more ppl like myself get out there and push our legislatures to change the laws the simple fact is. copying protected dvds is currently illegal.

as for this virus spreading and being changed and used by other means such as email and im, people need to realize what is safe and what isnt while on the net. take some personal responsibility while surfing, chatting, and whatever. my anti-virus and anti-spyware barely get workouts because my system is constantly clean.

as for the virus writers: shame on you for adding another resource hog to the internet. the last thing we needed was a wasteful program taking up bandwidth.
Posted by (4 comments )
Reply Link Flag
RIAA has to do with it...that's for sure
I have no reason to doubt the RIAA was responsable for this (In a conspiracy sort of way) Why would someone write such a code...? and they say it came from France most likely ...that I do beleive for some reason.
Posted by BraveErudite (10 comments )
Reply Link Flag
RAA paid some one to write it
You better beleive the RIAA did it....WHo else would want to write somethink like that... Maybe some 14 year old from Shalalabadadukiestan?
Posted by BraveErudite (10 comments )
Reply Link Flag
Why not?
Most viruses are written by amoral people with a lot of free time. And there's no reason why somebody might not have a twisted ethical sense in which distributing a virus is OK to "help starving musicians".

I'm not saying the RIAA didn't do it, just that it seems more... guerilla-like than I've heard of them to be. I mean, they tried to get laws passed that would allow them to do this, suggesting that they (at least then) weren't willing to do it illegally.
Posted by (84 comments )
Link Flag
I don't think so
I really doubt the RIAA is responsible for this--at least, not in any direct sense. They are convinced of the rightness of their cause and that they are following the law. An action like this is illegal and would clearly alienate their allies in Congress. I'm not saying that they wouldn't do this, but they would wait for Congress to give them immunity first, as they've already tried to do.

But since that hasn't happened yet, I seriously doubt they would. Besides, it is never wise to assume someone is responsible without some form of solid evidence. They may seem to have great motive on the surface, but this goes completely against the image of the "righteous crusade" to protect the rights of artists that they are trying to present, since this type of action is still currently illegal.
Posted by (282 comments )
Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.