Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The curious case of Combofix and the hostile copyright infringer


  • This topic is locked This topic is locked
88 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:30 AM

Posted 15 December 2009 - 10:38 PM

Sometimes an event takes place that really takes you aback. You work hard on trying to create a helpful site, you try and help friends who have an issue, and then you run into a person who is so hostile and antagonistic that you just have to take a step back and ask yourself ,Why?This is a long read, but I found it so baffling after all the work sUBs, the developer of ComboFix, puts into his program that I wanted to share it with the rest of you. It should also be mentioned that the indented blue text are snippets of email that sUBs or I sent. The red indented text is from the blog post, that was removed, of the copyright infringer. Out of politeness and privacy, which I would expect someone else to respect, I have not quoted any of the infringer's emails.

It all started on December 14th when sUBs, the developer of ComboFix apprised me that someone wrote a blog entry stating that:
"The author of Combofix yanked it offline due to some bug that can cause computers not to boot. In its place is a link to a disclaimer. The last version available was released on 12/11/09. The latest copy we had here onsite was from 11/24/09. Iíve uploaded that version here. I never had the problem of a system not booting due to Combofix and keeping it offline while there are still computers infected with spyware seems a bit irresponible. I guess Iíll have to start mirroring it here in case they decide to take it offline again."
We were baffled. Here sUBs is working his butt off on a solution to a problem that can cause a computer to become a brick, and this jerk is calling him irresponsible for pulling the program so that he can protect users from this bug. Since sUBs was so busy working on the bug, he wrote something up and asked me to contact the author and deal with it. So I sent this guy an email containing the message sUBs requested that reads:
Though I appreciate the fact that you find ComboFix to be useful enough to want to host it yourself, it was taken down for a reason. Please remove your hosted copy of ComboFix immediately.

You state on your blog:

"I never had the problem of a system not booting due to Combofix and keeping it offline while there are still computers infected with spyware seems a bit irresponible."

Do you think that as the developer of ComboFix, and having devoted years of my life to creating and updating it, that I take the program down without intense consideration and regret? I think, as the developer, I know when a bug is important to prompt me to take ComboFix, while I fix it, so that I can protect users from having their systems become unbootable. To me it is more irresponsible for someone to host a file when it has been publicly stated by the developer that it has a serious bug, then to stop the program from being available. If you wish to use the file for yourself that is fine, but it is inappropriate to host it for others to use.

Thank you very much.

sUBs
sUBs didn't care about the blog post. All he wanted was for this person to remove the download so that it would not be distributed and harm anyone, let alone the fact that it is copyrighted and being distributed without permission. I get an email back basically stating that we should allow the download and "buyer beware". He then tries to make an analogy about whether I would drive a car if there was a recall. Then states that he spent half his morning looking for CF because one of his clients had an infection. Finally he states as a compromise he would remove the blog posting, which he did, but leave the file on his web site for personal use, which he did.

First of all, if you can't fix an infection without ComboFix then I suggest you should really start learning some of the other tools that can be found on the web. There are many tools that would allow you to remove almost any infection if you learned how to use them. ComboFix just makes the job immensely easier, but to leave it available with a serious bug because it makes our life easier is ridiculous. Basically, this person wanted to sacrifice other people's computers so that his life would be easier. What really galled me was the fact that he had the nerve to make a compromise. This is not his file. He did not create it. It is copyrighted to sUBs and if he does not give you permission, it is simple as that. Get it off your server!

So sUBs sent him another email that gives his opinion as to why it was removed, whether a car would be driven, and ultimately states:
This is a copyrighted work and I do not want anyone hosting my file for distribution illegally. If you choose to host it for your personal use, then that is your prerogative as long as the URL is not publicly available. I see that the file is still available at this URL:

http://www.leinss.com/files/ComboFix.exe

As this is a publicly available URL, i ask you to move the file elsewhere on the site that is not visible and known to others, so that you continue using it personally.
Well, this morning the file was still there with no response. So sUBs asked me to act as his agent and file a DMCA infringement notice to this person and his ISP. This is where I started dealing with this person, and let me tell you, it is not a pleasure. I feel bad for anyone who has to deal with this guy on a day-to-day basis. So I send him and his ISP this infringement notice with the following email:
Attached is a DMCA Copyright Violation notice for the copyrighted material that you are hosting without permission. This copyrighted content is located at:

http://www.leinss.com/files/ComboFix.exe

I ask that this content be removed immediately as you were not given permission to host this content.

Thank you for your prompt attention to this matter.

Lawrence Abrams
Bleeping Computer, LLC.
http://www.bleepingcomputer.com
If the guy is not going to behave with polite discourse, then we have to use a heavy hand.

A couple of hours later I get an email from the guy stating that he removed the file and is going to post my DMCA Infringement Notice on his site. That does not bother me, but he posted it with my legitimate email, which is required for these notices, and I didn't want that to get picked up by SPAM bots. So I whipped up a new version of the notice, with my email redacted and asked him to host it instead. I also tried to reason with the guy stating that:
Would you react in a similar manner if Microsoft knew you were hosting a file of theirs? Would you tell them they are wrong and even though they are the copyright holder you will do as you wish?
I got back a few scathing emails about how Microsoft is not the same as a file with a bunch of batch files, etc, etc. If it is just a bunch of batch files, maybe this blogger should go and write his own tool. Let's see how he feels when people start disregarding how he wants it distributed. Surprisingly, though, he did put up the version of the notice without my email, which I do appreciate. Thanks! I find out a few hours later, though, that he has banned my IP address from viewing his blog. Go figure.

What I find so confusing, is that here is a person who obviously needs ComboFix, yet he was so willing to piss off the author enough that it may make author wonder, why bother? Not only that, but this person thought it was his god given right to do whatever he wanted with someone else's work, even though that work was copyrighted and he had no permission to distribute it. This is obviously someone who does not care about others wishes and only cares about making his life easier.

I deal with content thieves all day and it is a huge time waster for me. There are those who do it by mistake, but when told that they are taking copyrighted material, promptly remove it. Then you have those who even after being told, don't give a damn, and continue doing so; well they are a breed unto themselves.

From all the comments on our site and on Facebook about ComboFix not being available, I can see that 99.99% of you truly appreciate the work that sUBs does on this program and understand why it was pulled. Yes, its frustrating to lose this tool because it makes our lives easier, but at the same time we do not want to turn our friends, familys, clients, and let alone our own, computers into a glorified brick. Many people who have little technical knowledge use ComboFix because they are told to, not heeding the warnings, and then if they fit the right criteria and hit the bug, no longer have a working computer. Some of these people do not have friends who are technically adept enough to reinstall their computer. Some of these people do not have enough money to hire a technician. So it is important for any program that we suggest work properly and without risk to the user.

In my personal opinion doing anything but that, would be irresponsible.


BC AdBot (Login to Remove)

 


#2 cladmonitor

cladmonitor

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 15 December 2009 - 11:04 PM

People pull the damndist things! Im glad sUBs and you put him in his place, I would love to see any person take this jerks side!

#3 Dustinwhite99

Dustinwhite99

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 15 December 2009 - 11:37 PM

I just want to say that I really love the tool, and I as a technician and avid supporter of the tool, greatly appreciate the responsibility of taking the tool down until the issue was resolved. While it was slightly inconveniencing not having the tool there today, it was well worth the time and effort not having to reinstall multiple computers. Plus it gives me great peace of mind knowing that the tool is functioning properly and that the author cares enough to ensure that no unnecessary damage is done. Thanks so much for all that you do in the battle against malware.

#4 Doctor Inferno

Doctor Inferno

  • Members
  • 503 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 PM

Posted 16 December 2009 - 12:27 AM

I find out a few hours later, though, that he has banned my IP address from viewing his blog.


Heck, web proxies are so freely available these days, you can easily access his blog again. :thumbsup:
Posted Image

#5 redfive

redfive

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 16 December 2009 - 12:44 AM

I fix infected computers all day long and a couple of my peers were going to use it when I told them they shouldn't. We ended up fixing the computers the hard way but sUBs is good people and I'll patiently wait for CF to be patched up.

Thanks guys.

#6 emeraldnzl

emeraldnzl

  • Security Colleague
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 16 December 2009 - 02:10 AM

Well done Grinler. :thumbsup:

Manners are the basis of a civilized society and make everyone's lives just a little happier. They cost nothing but they are worth so much.

 

unite_blue.png

 


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:30 AM

Posted 16 December 2009 - 02:36 AM

Good job :thumbsup:

That guy obviously doesn't know how much fun a manual fix can be :flowers:

Edited by elise025, 16 December 2009 - 02:36 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Beenthere

Beenthere

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 16 December 2009 - 03:37 AM

Nice read, thank you Lawrence.
What a jerk that guy is... I sure hope sUBs will fix the bug soon and combofix comes online again.

#9 AdvancedSetup

AdvancedSetup

  • Security Colleague
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 16 December 2009 - 04:18 AM

Thank you very much for taking this on Grinler.

I agree, it's no fun dealing with people like this but glad you were there to help out and take care of it.

#10 starcraftmaster

starcraftmaster

  • Members
  • 1,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:australia
  • Local time:03:30 PM

Posted 16 December 2009 - 05:49 AM

Lol look at what he said on is blog:I no longer recommend using Combofix to fix malware as the availability of the tool cannot be guaranteed.
We all know he's only saying that because Grinler had put him in his place lol.

#11 Beenthere

Beenthere

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 16 December 2009 - 08:18 AM

"I no longer recommend using Combofix to fix malware as the availability of the tool cannot be guaranteed."

A 8 year old would have made more sense.

#12 schaumann20

schaumann20

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 16 December 2009 - 08:20 AM

just wont to add my 2cents i'v been useing combofix for years and its the one of the best programs i'v ever used and i love it people who do this kind of things do not evan deserve to use the program and probably dont know how to use eny other ither

just wish to express my thanks to the team for makeing a great program and for all of there effort :thumbsup:


Thanks
:flowers::):trumpet:

#13 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:11:30 PM

Posted 16 December 2009 - 08:47 AM

My opinion.....

What the ****........ Obviously, someone doesn't care that he's distributing licensed material without permission and doesn't seem to regard any warnings and whatnot. Personally, I don't use the tool due to the risks of using it (especially, as Papakid puts it, since it's basically like performing heart surgery on yourself by using it yourself without supervision of a trained professional).

Of course, this is the internet, and there's going to be people out there who'll try to boost their own ego because they think they can get away with just about anything (I'm sure a part of it is because they think they have anonymity....I don't know....I could be wrong).

....and now that I think about it....I think this is the first time that I've seen Grinler like this......where things are almost to the point of personal.....(....maybe I'll shut up before I get in trouble....)

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#14 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:30 AM

Posted 16 December 2009 - 08:51 AM

I would personally like to take a moment to express my appreciation to both Grinler and sUBs for not only writing, testing, hosting, and patching such a wonderful tool for the fight against malware but for defending it when it is used improperly.

I also wish to give a Thank You to sUBs for being true to himself and the entire community that uses Combofix by pulling the program after finding a bug that turns a machine into a brick. I think this shows someone who is very true to himself and a very large community of people.

It takes someone with alot of time and energy to make such a tool. Let alone the fact that it is given to a community of helpers who have been trained in its use.

The idea of someone hosting the file, making a blog entry such as they did, and basicly calling the author and the people who use this on a regular basis, liars, is completely irresponsible. I'm sure that sUBs did not pull the file without good reason and due diligence in testing to find the bug or know of its existence. Pulling the file for the sake of the entire community shows true moral standards. Making blog posts to the contrary shows very little moral standards.

Yes, I've used combofix many times myself and have run into a few problems with machines that were just "too" infected ( virut ). And yes, I'm sure I do not know all of the uses nor do I have a complete understanding of it. But I would not wish to host a file, nor condone the use of a file after the author has deemed it necessary to remove it from distribution while a "fix" or "patch" is put in place to make it once again the Great Tool we know it is.

Thank you very much to Grinler for standing up for such a tool. Thank you very much to sUBs for creating such a tool and caring about it.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#15 rrtzmd

rrtzmd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 16 December 2009 - 09:43 AM

...it's still here as well:

http://www.forospyware.com/sUBs/ComboFix.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users