Stratovarius Community

Posted: **Tue Jun 07, 2005 8:10 am**

Some answers:

No, we didn't plant MP3s with any malware. Of course, that's what I would say even if we did do it so if you don't believe me.. well what the fuck can I do about it.

No, please don't email me or anyone else copies of strato.exe, we don't want or need them. If the descriptions are true that is some sort of "remainder payload" and probably doesn't actively infect anything anymore. But I am traveling with a laptop, I don't have some sort of sandbox (eg vmware), and even if I did -- I'm not interested in spending energy out of a very busy day step-executing and analyzing code to help people who potentially downloaded our music. Excellent opportunity for someone to learn enough x86 assembly to make them puke...

Don't mail MP3 files or threats either. The band has nothing to do with this.

Yes, it's very fucking possible for malicious code to hide in MP3 or other non-executable files. If you don't believe this you are very naive.

There have been exploits that executed just by hovering the mouse over a file. I wish I was making this stuff up, but I'm not. It could be via a bug in the core operating system, some library thereof, some media player, some popular spyware, anything.

No, I don't at all know if MP3s with Stratovarius music is the actual vector. But it seems quite possible given the described payload.

No, I usually don't check, open or read those "PMs" on this or other boards.

No, you will probably not be able to find out who did this. I would consider these strange .strato files as lost. But that "challenge-response" shit could mean that there actually might be some way engineered into this thing to get them back using that challenge information and the right algorithm. Good luck..

Yes, I got copies of a file named "strato.exe" from angry people. And I'm not even going to be hovering my mouse over these files, much less run them to see if a picture of mickey mouse comes up or not.

Yes, provided it's not replicating (a pure trojan) the 12-year-old in me thinks this is at least a little bit funny.

Whichever 12-year-old sociopath did this, if those "certain" new MP3s really turn out to be the vector, well.. no pat on the back, but contact me and I'll get you a signed Stratovarius CD, a few years in federal prison, and probably a great paying IT security job when you get out...

I am at the moment on a promo trip with TK and working 15 hour days. We are in Köln. All else is well by the way! See you on the tour? I'll end with what TT wrote in this thread because it pretty much matches my attitude about this whole thing exactly:

Maybe it is a Finnish goverment secret program to annoy illegal downloaders.
You guy have no idea what downloading is doing for the entire music field.
Very soon, you´ll see even the rest of the most big record companies merging. No risks will be made, they will release only what they know will sell 100%ly and not take any risks.
I stand here with the same attitude than before, IF you download, then at least buy the record please. We are not Metallica and it will seriously harm us. Do as you feel what is right, that´s all I can say.
We are still shocked and pissed of that this happened so early.
But what can you do? Nothing. We trust our fans though.

And I'll add -- this seems considerably worse than just "annoy". Be careful out there, internet is full of anonymous sociopaths who are completely beyond the reach of law. There is simply no way to trace this.

Posted: **Tue Jun 07, 2005 8:18 am**

JensJohansson wrote:Some answers:

No, we didn't plant MP3s with any malware. Of course, that's what I would say even if we did do it so if you don't believe me.. well what the fuck can I do about it.

.....

... too funny....and the rest is well put too..........thanks Jens

Posted: **Tue Jun 07, 2005 8:54 am**

JensJohansson wrote:There have been exploits that executed just by hovering the mouse over a file. I wish I was making this stuff up, but I'm not. It could be via a bug in the core operating system, some library thereof, some media player, some popular spyware, anything.

But how is this even possble?!??!? I thought MP3 files were 100% safe.

Posted: **Tue Jun 07, 2005 10:01 am**

Anyway, the whole thing makes me laughing my ass off

Posted: **Tue Jun 07, 2005 10:46 am**

I can just say one thing to those poor bastards that dowloaded Stratovarius and got the virus:

HAHAHAHA, what goes around comes around.

People can't expect that downloading music illegally is safe forever. The record companies WILL do something about it, then if it's legal or not i think that this thing that has happened is just perfect, those people will never download more music. Maybe they miss their music so much that they will buy themselves the cd's in the future, gaining the artists that lost money before.

So one more taunt for the downloaders: hahahahahahahahahahahaaaaaaa.....start buying some cd's in the future!!

Posted: **Tue Jun 07, 2005 10:58 am**

By the way, have you checked the homepage and the news with the virus picture ?

Posted: **Tue Jun 07, 2005 11:13 am**

Apart from the funny aspect of the thing, I'm more concerned about what TT said, and it should enlighten people about the harm they're causing the bands and the whole alternative music industry in the world. Like it or not, it's thanks to THEM that we get to hear 'underground' bands like Stratovarius (well, pretty much any metal band apart from Metallica and Iron Maiden).

Even if you buy the CD in September (and I do have a hard time believing everyone will, especially those who already downloaded), the fact that so many people (I know people from other boards who are also doing this) are already downloading the album will probably lead the record companies to be more defensive about their product.

At the very least, don't run around telling everyone about the album, and that you got the album, let alone rant about the virus. Have some shame

Posted: **Tue Jun 07, 2005 11:14 am**

Jens is right. There is a HUGE security hole about the "mouse cursor roll-over" function in all the Windows OS. There is nothing you can do about it except (maybe ?) throw your Windows through the window (the real one!) and enjoy Unix based OS.
I am not even sure myself that anti-virus can stop such malicious files.

At least some good (and quick) advice that I can give to you :
1/ Outlook / Outlook Express NO ! -> The Bat
2/ Microsoft Explorer NO! -> Firefox
3/ use several partitions (one for OS, the rest for datas)
4/ antivirus + software AND hardware Firewall
5/ MAKE BACKUPS (which i should do too someday...)
6/ be careful with IRC clients (even web-based ones)
7/ P2P means "cool! illimited music and movies for free", but also "pp can access to my computer and enjoy their meat (not just bandwidth)"
8- permanent DSL connexion is cool, but switching the computer off or disactivating the internet access when you don't use it is even better.

plus this :
0a/ maybe Total Commander (ex Windows Commander) would be a good alternative to that crap Windows file browser.
0b/ You can watch DVDs and listen to music on Linux!

On the other hand, that "strato.exe" thing (I don't have the file myself, and please keep it for yourself!) is nothing compared to a virus that I "met" once, which just killed the bios of a computer plus a hard disk drive.

And about the downloading thing. You guys are big enough to do what you want to do or not. But then, don't complain if you find tons of trojans on your computer.

EDIT : @Strato guys : Perhaps you could rename the new album "Stratovirus" ?

Posted: **Tue Jun 07, 2005 12:13 pm**

MaFiaBoY wrote:By the way, have you checked the homepage and the news with the virus picture ?

Yeah, and I voted with a 5. It's such a LOL. That guy must have been a real n00b.

Posted: **Tue Jun 07, 2005 1:53 pm**

MaFiaBoY wrote:By the way, have you checked the homepage and the news with the virus picture ?

Pretty cute, wasn't it?? Found it with google. Creepy color, crop to 110 130, voilà

Posted: **Tue Jun 07, 2005 2:02 pm**

JensJohansson wrote:
MaFiaBoY wrote:By the way, have you checked the homepage and the news with the virus picture ?
Pretty cute, wasn't it?? Found it with google. Creepy color, crop to 110 130, voilà

This could be better:
http://static.howstuffworks.com/gif/virus-ch.jpg

Posted: **Tue Jun 07, 2005 2:03 pm**

Reroute2Remain wrote: But how is this even possble?!??!? I thought MP3 files were 100% safe.

Hey...... just google for

Code: Select all

microsoft "buffer overflow" imbeciles

That's a nice subset to start looking at. If you google for

Code: Select all

microsoft "buffer overflow"

you get close to a million google hits......

There is also the shatter attack which exploits a flaw in windows that is so deep that it literally can't be fixed unless they redo the whole thing from scratch. I'm REALLY baffled why the shatter vulnerability is not given more attention than it is. [ maybe the CIA is killing anyone who tries to draw attention to it

. wait, i think someone is knocking on the door.... ]

I personally use windows because I have to. I like the attitude of the OpenBSD people though. say what you will about Theo de Raadt, some people say he's a raging asshole I guess. but google for

Code: Select all

OpenBSD "buffer overflow" imbeciles

and you only get 13 google hits..... and I don't think the word "imbecile" on any of those pages have ANYTHING to do with Theo de Raadt.

In fact the more I think about this, media files are close to perfect as vectors for large executables. If you get a 5 mb email attachment from a complete stranger, that you didn't ask from, you would be extremely suspicious.

But it seems people don't think twice about downloading 100 megs or more of MP3 data, literally from hundreds of completely anonymous strangers who drift in and out of a p2p peer cloud.

If I wanted to hide a 2-3 megabyte trojan, as far as the data volume, an MP3 (or video) file is a pretty good place. Nobody's gonna look at the actual file length and notice a few extra megabytes in an MP3 file. Especially with a variable bit rate file. What are you gonna do, write a program which integrates the bit rate ove the length of the file and compare it to the actual size and see if they actually match??

You think you average p2p "customer" will go thru that trouble??

I don't have so much time to write about this because i have to do more interviews and then catch a plane to helsinki. But it's pretty fascinating stuff!

OH -- and another thing I thought of, anyone who reads this who got trojaned, hold on to those .strato files, maybe there will be some method to recover them later. But if they are a lot smaller than the originals, then you're probably shit out of luck.

Posted: **Tue Jun 07, 2005 2:11 pm**

JensJohansson wrote: If I wanted to hide a 2-3 megabyte trojan, as far as the data volume, an MP3 (or video) file is a pretty good place. Nobody's gonna look at the actual file length and notice a few extra megabytes in an MP3 file. Especially with a variable bit rate file. What are you gonna do, write a program which integrates the bit rate ove the length of the file and compare it to the actual size and see if they actually match?? You think you average p2p "customer" will go thru that trouble??

What's more fun, if you encode the same song in mp3 at the same bitrate with two different programs there are hundreds of KB of length difference

Anyway I also use windows because I have to, I cannoct connect to the internet with my accursed dial-up modem under Linux. If only those assholes at FT would move their lazy ass and bring me DSL...

Posted: **Tue Jun 07, 2005 2:30 pm**

Let this be a warning...original cd's are way better..

Posted: **Tue Jun 07, 2005 2:49 pm**

@Jens > this ain't fun to lock the other thread. If you want to lock, there is a thred in the Other Discussions section waiting for you

Posted: **Tue Jun 07, 2005 2:50 pm**

MaFiaBoY wrote:@Jens > this ain't fun to lock the other thread. If you want to lock, there is a thred in the Other Discussions section waiting for you

That's cruel

Posted: **Tue Jun 07, 2005 3:38 pm**

It was funny while it lasted. Now the troll has been silenced, and that's it.

I guess let this whole mess serve as a warning, for downloading MP3's or ANYTHING else.

The internet is a dangerous place!

And I dunno... I could never attatch myself to mp3's as well as I could to CDs and booklets and stuff.

Much nicer.

Posted: **Tue Jun 07, 2005 4:09 pm**

MaFiaBoY wrote:@Jens > this ain't fun to lock the other thread. If you want to lock, there is a thred in the Other Discussions section waiting for you

LOL

True. But Jens shall lock that only after my post.

Posted: **Tue Jun 07, 2005 5:11 pm**

It makes me laugh to see people complaining about a virus affecting them, when they downloaded the album for free. Karma's a bitch sometimes.

Also, I think the labels should pretty much stop with promo's [though I doubt it]. Seems like its always the promo copies that leak early. I think the way of promoting albums must change otherwise the leakage will never stop. Either have journalists come to label and hear CD and that's it - but no sending out mass promo CD's.

Edguy's Hellfire Club - I think 80% of the forum had the CD before it was released - all the promo copy

The list goes on forever

Posted: **Tue Jun 07, 2005 6:20 pm**

Nightmare1z wrote:It makes me laugh to see people complaining about a virus affecting them, when they downloaded the album for free. Karma's a bitch sometimes.
Also, I think the labels should pretty much stop with promo's [though I doubt it]. Seems like its always the promo copies that leak early. I think the way of promoting albums must change otherwise the leakage will never stop. Either have journalists come to label and hear CD and that's it - but no sending out mass promo CD's.

+1

Edguy's Hellfire Club - I think 80% of the forum had the CD before it was released - all the promo copy

that's right. But the case was quite different. The demo was a real promo, with Tobi talking in most of the songs and explaining them, so if people liked the album they probably bought them later (like I did), one big reason for that is that they won't have to stand Tobi's jokes on the album

I think that what Gamma Ray did with Powerplant promo CD was really good. The CD only had 1 minute for each song, so you can get your own opinion about it without just having the same CD several months before the o.r. date.

Posted: **Tue Jun 07, 2005 6:31 pm**

Ikola wrote:
People can't expect that downloading music illegally is safe forever.

Oh yeah? I Will. Try and stop me.

So one more taunt for the downloaders: hahahahahahahahahahahaaaaaaa.....start buying some cd's in the future!!

Immature. This kind of attitude pisses me off. Do not ever generalize people who download music. Please, really we (I) are honest people. Well not most, but at least I know I am, and I'm absolutely confident that there are many more like me who use MP3 downloads for demonstrative purposes.

I have to ask you these things:

1. Please, when you say "haha" at a downloader, please include "those who download and never pay for it"

And finally

2. Through the history of broadband connections it has only become easier and more error free for people to download music, and so far there is nothing that even promises to stop it.

Lets make a deal: I will personally tell you when downloading has its downsides, so before I say so, dont rant about them. MP3 filesharing is a wonderful thing for honest music fans who just want to try before they buy.

I still do share your anger with people who download music and never intend to pay for it. It is something I cannot understand. My problem just is, that just a little side note for us honest downloaders too, please? Pretty please? In my case, bands should thank me for downloading...

MaFiaBoY wrote:
What's more fun, if you encode the same song in mp3 at the same bitrate with two different programs there are hundreds of KB of length difference

This is wrong. The only possible reason for differing filesizes with same encoding settings is that programs use different encoder. If you get for example Lame 3.96.1 and copy the encoder to the rippers, you will get identical results.

Program presets might have differences, but simply for example --preset 128 handle will produce exactly the same shit.

Mad the swine wrote:

Let this be a warning...original cd's are way better..

Who in the right mind would ever suggest that MP3 albums are in any way better than original CD:s? MP3 is Great promo and after-purchase source for listening CD:s (I listen only to MP3, beats CD as a media hands down), but clearly CD is the lossless, proper choice.

My reason for buying CD:s I download has little to do with fancy covers and good sound quality. It has more to do with ethics. CD's most important part is the music. If you get the music from the net, you listen to it on a regular basis, you enjoy it, it only makes sense that you PAY for it too. It has been so clear to me from the beginning.

Why cant illegal downloaders and people who rant about them both understand this fact? Baby Jesus cries for them.

Posted: **Tue Jun 07, 2005 6:34 pm**

As broadband connections increase, so do fixed IP addresses. I'm curious when this will start to be used against people...

Posted: **Tue Jun 07, 2005 6:38 pm**

I'd like to know, how do you trace where did the Promo leak originate from? How on earth you can trace back MP3 files? Are there some specific sounds in each promo copy or something that might reveal the truth? Sounds kinda weird.

Posted: **Tue Jun 07, 2005 6:50 pm**

Latuman wrote:I'd like to know, how do you trace where did the Promo leak originate from? How on earth you can trace back MP3 files? Are there some specific sounds in each promo copy or something that might reveal the truth? Sounds kinda weird.

Timo T did say that the CDs were individually watermarked and each journalist was named, who recieved each cd. They will then track down who did it.

That's pretty awful journalism, if you ask me... I thought you were meant to protect your sources..

Posted: **Tue Jun 07, 2005 6:57 pm**

@ lautman: About how to listen to new music, i persinally subscribe to Sweden rock magazine and from there you get promo-cd's, or sample cd's. they also include their own sweden-rock cd every month with new music from upcoming releases.

From those free cd's I've started to listen to the following bands:
Edguy
Persuader
Kamelot
Megadeth (i knew about them before but this really got me into the)
Masterplan
And a hell a lot of other really good music.

I can't say that I've never downloaded, but the things I download are those that can't be bought. For example rare live-recordings made by local radio-stations and such things. The things I like the best is that you sometimes can find liverecordings of the same concert you've been to.

But downloading a whole album just to listen to it can be a bit stupid, if you don't get promos or things like that you can always buy some mp3's of the album via cdon.com or anything that is resident in your country and then make up your mind if it's worth paying for a whole album.

And yes, i'm very immature and says HAHAHAHAHAAAAAA to those poor bastards that downloaded the new strato-album and got the virus. If they had waited until august/september they would never have gotten the virus.

Posted: **Tue Jun 07, 2005 7:07 pm**

Ikola wrote:@ lautman: About how to listen to new music, i persinally subscribe to Sweden rock magazine and from there you get promo-cd's, or sample cd's. they also include their own sweden-rock cd every month with new music from upcoming releases.

Only magazine with samplers in our shops is Terrorizer. Probably some other. Now you see, usually around 80% songs on these samplers do not interest me at all. They are what I call "shit". I want to select something that even _could_ interest me, I have free choice on the internet.

Also, I dont like reading magazinen, I read my music related news from the internet, it would be a really unprofitable decision for me to subscribe to magazines if there is about one interesting song per magazine.

I can't say that I've never downloaded, but the things I download are those that can't be bought. For example rare live-recordings made by local radio-stations and such things. The things I like the best is that you sometimes can find liverecordings of the same concert you've been to.

I download these rarities too. It would be nice to actually be able to BUY them, but I dont think its financially very smart for record companies. Not at all. Really, who other than fans like to hear microphone recorded crap?

But downloading a whole album just to listen to it can be a bit stupid, if you don't get promos or things like that you can always buy some mp3's of the album via cdon.com or anything that is resident in your country and then make up your mind if it's worth paying for a whole album.

I dont know such services in Finland, havent really bothered because MP3 downloading in my case is not off of anyones paycheck. I cannot see the difference in downloading half the songs instead of whole albums. It's really the same thing, and even stupid. How could you ever study concept albums if you cannot listen to the album as a whole? Not possible.

I dont see buying what I really want as a crime. I tell you whats crime; stupidity. Stupidity to buy albums you dont even like in the end. That supidity should be punishible by law. Dont get too serious now...

And yes, i'm very immature and says HAHAHAHAHAAAAAA to those poor bastards that downloaded the new strato-album and got the virus. If they had waited until august/september they would never have gotten the virus.

Well I laugh at them for a different reason; getting infected MP3:s. That is just so stupid I cannot measure if. If you dont know how to properly use P2P networks, get the fuck out of there and let those who know about them use it.

So lets say P2P should be banned from under 15 year olds. That sounds quite good to me.

NeonVomit

Exactly HOW do you watermark CD's so that the watermark stays on the MP3 rips too? I cant think of any good way to do it.

Posted: **Tue Jun 07, 2005 7:12 pm**

Well, I dont know. That's what Timo T said.

As I always say, I'm just an idiot who posts on a forum who has no life, I'm no expert

Posted: **Tue Jun 07, 2005 7:14 pm**

NeonVomit wrote:Well, I dont know. That's what Timo T said.

As I always say, I'm just an idiot who posts on a forum who has no life, I'm no expert

I see. With games they just add some extra code to the promo copy. So in a way, Strato's watermark is some identifiable extra beep or some other sound in the promo. Otherwise I dont see how it would be possible.

Posted: **Tue Jun 07, 2005 7:37 pm**

Ikola wrote:I can just say one thing to those poor bastards that dowloaded Stratovarius and got the virus:

HAHAHAHA, what goes around comes around.

People can't expect that downloading music illegally is safe forever. The record companies WILL do something about it, then if it's legal or not i think that this thing that has happened is just perfect, those people will never download more music. Maybe they miss their music so much that they will buy themselves the cd's in the future, gaining the artists that lost money before.

So one more taunt for the downloaders: hahahahahahahahahahahaaaaaaa.....start buying some cd's in the future!!

man its not about " illegal mp3s " if strato uploads a song to the web it might be infected, do you think that this " hackers " care about illegal files? they just want to make evil...

the virus is on a .exe file so i dont know why everyone keeps saying that its mp3

download music if you want the risk is yours ofcurse then buy cds

Posted: **Tue Jun 07, 2005 8:04 pm**

Latuman wrote:I see. With games they just add some extra code to the promo copy. So in a way, Strato's watermark is some identifiable extra beep or some other sound in the promo. Otherwise I dont see how it would be possible.

Yes, I was thinking on that as well. And if they really included something special in the promos, then they were really smart. But I think, that they didn't do so... the Internet is still got to be saved.

Stratovarius Community

possible trojan with mp3 vector

possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector

Re: possible trojan with mp3 vector