RIAA calls hacking claim a hoax
Claims that the music industry hired a group of hackers to create a worm to infect peer-to-peer networks are being dismissed by security experts.
In an advisory posted to security mailing lists, a group called Gobbles Security delivered its latest vulnerability -- a real one found in a relatively unknown MP3 player -- wrapped in an apparent joke aimed at the Recording Industry Association of America. The main part of the advisory consisted of Gobbles' claims that its programmers had created a "hydra" -- a worm capable of spreading in a variety of ways -- that infects all major music software.
The RIAA, the organisation that represents major music publishers, wasn't amused. "It's a complete hoax," said an RIAA spokesman, who asked that his name not be used. "It's not true."
Security experts agreed. Steve Manzuik, moderator of vulnerability information site VulnWatch, received the advisory on Sunday. But because of the apparent joke, he held the document until the vulnerability was verified a day later.
"This is typical Gobbles, is it not?" Manzuik said. "Cause a stir, but also release useful information."
[ Read more ]
Symantec released an advisory on a trojan horse (Trojan.Linux.JBellz) that exploits the mpg123 vulnerability.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.