[Snort-sigs] RIAA "hack-back" sig anyone?

Florin Andrei florin at ...697...
Tue Jan 14 10:54:05 EST 2003

The RIAA is preparing to infect MP3 files in order to audit and
eventually disable file swapping.
Gobbles claims that when a peer to peer host is infected, it catalogs
media and sends the information "back to the RIAA headquarters (through
specifically crafter requests over the p2p networks) where it is added
to their records", and also propagates the exploit to other nodes.

Ok, anyone got a sig for the "specially crafted" request(s)?

Florin Andrei

"When you say 'I wrote a program that crashed Windows',
people just stare at you blankly and say:
'Hey, I got those with the system, for free'". - Linus Torvalds

More information about the Snort-sigs mailing list