No, we didn't plant MP3s with any malware. Of course, that's what I would say even if we did do it so if you don't believe me.. well what the fuck can I do about it.
No, please don't email me or anyone else copies of strato.exe, we don't want or need them. If the descriptions are true that is some sort of "remainder payload" and probably doesn't actively infect anything anymore. But I am traveling with a laptop, I don't have some sort of sandbox (eg vmware), and even if I did -- I'm not interested in spending energy out of a very busy day step-executing and analyzing code to help people who potentially downloaded our music. Excellent opportunity for someone to learn enough x86 assembly to make them puke...
Don't mail MP3 files or threats either. The band has nothing to do with this.
Yes, it's very fucking possible for malicious code to hide in MP3 or other non-executable files. If you don't believe this you are very naive. There have been exploits that executed just by hovering the mouse over a file. I wish I was making this stuff up, but I'm not. It could be via a bug in the core operating system, some library thereof, some media player, some popular spyware, anything.
No, I don't at all know if MP3s with Stratovarius music is the actual vector. But it seems quite possible given the described payload.
No, I usually don't check, open or read those "PMs" on this or other boards.
No, you will probably not be able to find out who did this. I would consider these strange .strato files as lost. But that "challenge-response" shit could mean that there actually might be some way engineered into this thing to get them back using that challenge information and the right algorithm. Good luck..
Yes, I got copies of a file named "strato.exe" from angry people. And I'm not even going to be hovering my mouse over these files, much less run them to see if a picture of mickey mouse comes up or not.
Yes, provided it's not replicating (a pure trojan) the 12-year-old in me thinks this is at least a little bit funny.
Whichever 12-year-old sociopath did this, if those "certain" new MP3s really turn out to be the vector, well.. no pat on the back, but contact me and I'll get you a signed Stratovarius CD, a few years in federal prison, and probably a great paying IT security job when you get out...
I am at the moment on a promo trip with TK and working 15 hour days. We are in Köln. All else is well by the way! See you on the tour? I'll end with what TT wrote in this thread because it pretty much matches my attitude about this whole thing exactly:
And I'll add -- this seems considerably worse than just "annoy". Be careful out there, internet is full of anonymous sociopaths who are completely beyond the reach of law. There is simply no way to trace this.Maybe it is a Finnish goverment secret program to annoy illegal downloaders.
You guy have no idea what downloading is doing for the entire music field.
Very soon, you´ll see even the rest of the most big record companies merging. No risks will be made, they will release only what they know will sell 100%ly and not take any risks.
I stand here with the same attitude than before, IF you download, then at least buy the record please. We are not Metallica and it will seriously harm us. Do as you feel what is right, that´s all I can say.
We are still shocked and pissed of that this happened so early.
But what can you do? Nothing. We trust our fans though.