Forum - View topicNEWS: Crunchyroll's Website Redirected to Server With Malicious Software
|
Goto page Previous 1, 2, 3, 4, 5 Next Note: this is the discussion thread for this article |
| Author | Message | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Paulo27
Posts: 400 |
|
|||||||||||||||
|
||||||||||||||||
|
||||||||||||||||
leafy sea dragon
 Posts: 7163 Location: Another Kingdom |
|
|||||||||||||||
For something beyond Crunchyroll's control? If there will be refunds and monetary compensation, it should come from the hackers, as they're the ones who caused your inconvenience.
Yeah, I have to wonder if they're related or even the same person, or at least inspired by the ANN attack. if they're targeting Crunchyroll, it means either Crunchyroll is not as secure as some other sites or the hackers have some grudge against Crunchyroll and/or its users.
Yeah, not everyone watches everything the day of or even the week of. I can see why Saturday would be a major day for Crunchyroll; it's when people are off of school and/or work and actually have the time to watch the shows they want to watch, and I can see why these people chose Saturday to attack the site. (There are some people who posted here saying they intended to watch other shows today too.)
Well, HUGE companies like Target, Sony Pictures, and Wells Fargo have been breached in the past. Crunchyroll is small beans compared to them, so I suspect there is a personal motive behind it. Who knows? Maybe it's one of those engineers who were laid off. Though I doubt it; the lack of maturity in this attack makes me suspect it's some petty grudge from an anime fan.
I guarantee you that the person responsible for this (or if multiple people, then the person who initiated it) is less than 25 years old, and I'd say less than 20. When you haven't truly started living as an adult, with actual responsibilities and accountability for your actions, you don't realize there are better things for you to do than to hold grudges and launch cyberattacks.
Technically, this isn't a virus, as viruses by definition are replicatable and spread to others on their own with no outside assistance or, in this case, one single distribution source. Now, I'm no computer wizard, but I think this is actually a non-viral Trojan, as you need to go onto the site for the program to put itself onto your computer. That is, by visiting Crunchyroll, you are inviting it in, so to speak. If you don't visit the site, it can't attack your computer.
Is that so? They're certainly not helping anyone doing that. |
||||||||||||||||
|
||||||||||||||||
|
sailorsweeper
Posts: 416 |
|
|||||||||||||||
|
It wasn't angry engineer since when I looked at the CR site forums a guy had visited during the attack and noticed that text was in bad english for the ransom site. This was definitely a bitter fan
|
||||||||||||||||
|
||||||||||||||||
TheAncientOne
 Posts: 1872 Location: USA (mid-south) |
|
|||||||||||||||
It required the user to take action to download. A little bit of (un)common sense would have sent up a warning flag. Namely, why would CR be prompting you to download a file before you could access the site? Would that fly with the millions that access the site for free? There were multiple tip-offs in the text:
"Favorites animes", "4k", "Supports lasts", Crunchyroll not capitalized. Frankly, the people that downloaded the file are probably the same ones that would fall for a "You need to update your Flash/Java" prompt inserted on a legit website by malicious advertising. |
||||||||||||||||
|
||||||||||||||||
|
hikura
Posts: 565 |
|
|||||||||||||||
You can get netflix for a month free. https://help.netflix.com/en/node/16282 Online services from different companies have offered compensation for downtime.No matter how long it was down for. |
||||||||||||||||
|
||||||||||||||||
MarshalBanana
 Posts: 5343 |
|
|||||||||||||||
|
Thankfully I barely ever go on the website, instead using the app for the Wii U or Apple TV.
|
||||||||||||||||
|
||||||||||||||||
|
DRosencraft
Posts: 665 |
|
|||||||||||||||
|
One, this is a sad event by a sad individual or group of individuals. More likely than not if they are ever heard from, they will profess to being some sort of social justice seekers, decrying some wrong they feel Crunchyroll is guilty of, and this being their way of bringing attention to it/ hurting Crunchy for it.
Second, asking for compensation is a terrible idea, liable to be a reason someone would do this in the first place, and generally an inspiration for others to take similar actions. I believe that it is bad policy for any company to make such payments. Part of the reason these hackers want to do these sort of things, much like the reason a number of criminals look to commit their various crimes, is the notoriety it gets them; the fame and fortune and glory they're not only able to get from the victim, but the amount they can make the victim bleed - literally and metaphorically. It's a feather in their cap to say, "I made 'Company X' lose this much money when i hacked/DNS/DDoS their website." Unless the company has some actual wrongdoing, I don't think it's appropriate for them to make any compensation or be expected to give compensation, in this sort of situation. |
||||||||||||||||
|
||||||||||||||||
CatSword
 Posts: 1489 |
|
|||||||||||||||
Are you sure? Multiple people said the file automatically downloaded when you went to CR's home page. |
||||||||||||||||
|
||||||||||||||||
|
princess passa passa
|
|
|||||||||||||||
|
Man, I live in Japan and all this went down at night for me so I'm only got the all updates this morning
Last night, the site kept prompting to download the file, I literally had no idea what was happening. I'm gullible only cus it was Crunchyroll but even so it did download automatically but my error came when I opened the file
I've done scans, and nothing seem to show up but now I have to start the arduous task of changing passwords
|
||||||||||||||||
|
Lynx Amali
|
|
|||||||||||||||
It did to me. I visited CR on my phone to check a post I made to see if I got any replies to it. Hit the home page and bam, automatic download. Thankfully, I run Android so it didn't do any damage to it and it was qurantined right away. |
||||||||||||||||
|
DRosencraft
Posts: 665 |
|
|||||||||||||||
|
I think CatSword is right, from everything I've read, and my reading of the ANN article, suggests that the malware is of a particularly aggressive variety that will automatically download, regardless of the user's input. If that really is the case, that would suggest this wasn't just some "random" upset novice, as the terrible grammar and spelling in the fake message suggests. No to go too far down the rabbit hole, but it is entirely possible part of the planning was precisely to use such bad grammar and spelling so as to make people believe the culprit was unsophisticated or not familiar with the English language - perhaps a ploy to cast the blame on someone else.
|
||||||||||||||||
|
||||||||||||||||
yuna49
 Posts: 3804 |
|
|||||||||||||||
|
It's more than a tad disturbing that this hack was undertaken by redirecting the Domain Name Service for crunchyroll.com. According to WHOIS, CR's name service is provided by CloudFlare, who presumably should have had much more stringent controls over access to the domains they host. CR itself is not to blame because someone managed to hijack their domain records hosted by a supposedly trustworthy entity like CloudFlare.
Second, what goes through the minds of people who mindlessly run unrequested executable files? Especially in this case where everyone has watched anime on CR via Flash for what, a decade now? Shouldn't it raise some sort of red flag that suddenly there would be a new app when no one has ever used an app (beyond the official PS3 or Android ones) to watch Crunchyroll on a computer before? Common sense is your first line of protection against hacks. No browser these days automatically runs an executable file without first asking permission to do so. It is very unlikely that anyone's computer was infected merely by visiting the bogus site. The visit may have spawned a downloader, but the user would have still needed to run the file manually. |
||||||||||||||||
|
||||||||||||||||
|
princess passa passa
|
|
|||||||||||||||
|
Man, I'm seeing a lot of "coulda woulda shouldas" on most of the forums about this.
Yeah some of us got caught but I think for some of us our guard was down cus it was a site we sorta trusted that never experienced this kinda hit before. Like, I was just chilling watching anime in PJs while texting friends, I mean damn sometimes you get blindsided without expecting it 
Even saying all that, some people are still gonna come through saying "well, you can never blah blah blah..." Man, sometimes in life you just gotta take that L and move on. Though it's messed up that I was sailing the high seas for years before going legit and this never happened to me on those sites. But then again I always on high alert when I visited those sites... |
||||||||||||||||
Dessa
 Posts: 4438 |
|
|||||||||||||||
|
Update on what happened: https://blog.ellation.com/crunchyroll-com-update-a2a593cf9155
|
||||||||||||||||
|
||||||||||||||||
EricJ2
 Posts: 4016 |
|
|||||||||||||||
Unless you have a Mac. 
But yes, would explain why things have been down at the site for a few days. |
||||||||||||||||
|
||||||||||||||||
 |
All times are GMT - 5 Hours |
|
|
|
Powered by phpBB © 2001, 2005 phpBB Group