Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Sophisticated hijacking in progress

Dec 16, 2014 12:34PM PST

Got a live one for the community.

My browser is locking up when I try to access Disqus posts of mine on The Atlantic... which posts keep mysteriously disappearing. I have had notices from Yahoo that I have too many accounts open, when I have only one machine with one window open to my account.

I suspect I've been attacked by a fairly sophisticated hacker with a real onus against me. And who is watching my every move on this machine; I tried to contact the Hijack This forum with a report and got a lockup again that didn't stop till I took my browser down and back up again. Also, I don't like the looks of this Hijack This report -- I have 'unknown owner' entries to pretty powerful low-level security programs. Can somebody take a look at this and give me an opinion? I appreciate the help.

This guy could be coming after you next. Or your local electrical utility.

========

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:28:05 PM, on 12/16/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

FIREFOX: 34.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
C:\Program Files (x86)\Common Files\AOL\1381031837\ee\aolsoftware.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Users\Pete\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\YoWindow\yowindow.exe
C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
C:\Program Files (x86)\LibreOffice 4\program\soffice.bin
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Users\Pete\Downloads\HijackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [MSI Suite] C:\MSI\MSI SUITE\StartMSISuite.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1381031837\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Fast Boot] C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe
O4 - HKLM\..\Run: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: BUFFALO NAS Navigator2.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
O4 - Startup: NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{16A7E4E3-89D6-4BBE-B63E-91CC315D9450}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{16A7E4E3-89D6-4BBE-B63E-91CC315D9450}: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{16A7E4E3-89D6-4BBE-B63E-91CC315D9450}: NameServer = 8.8.8.8
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL Inc. - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files (x86)\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSIFileSyncMonitor - Micro-Star Int'l Co., Ltd. - C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe
O23 - Service: MSISleep - Unknown owner - C:\Program Files (x86)\MSI\ControlCenter\Sleep\MSISleepService.exe
O23 - Service: MSI_FastBoot - MSI - C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
O23 - Service: MSI_SuiteCharger - MSI - C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe
O23 - Service: MSI_SuiteComCen - MSI - C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe
O23 - Service: MSI_SuiteFastBoot - MSI - C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe
O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: SNMP Trap (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: Interactive Services Detection (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Credential Manager (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Windows Activation Technologies Service (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WMI Performance Adapter (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe

--
End of file - 12446 bytes

Discussion is locked

- Collapse -
Try avoiding that.
Dec 16, 2014 12:45PM PST
- Collapse -
Already did
Dec 25, 2014 7:12AM PST

I'm aware of the vulnerability of torrents, which is why I scan them regularly. I haven't found any threat in them whatsoever, which I realize is atypical.

Such vectors also tend to be pretty random, and I'm pretty sure this is a directed attack. And that it's server-based -- I may not have a local vulnerability but, like Heartbleed, my ISP could be hosting something that's redirecting or garbling my traffic. My ISP has denied such is possible, but the person I believe responsible used Heartbleed on me two weeks before it was exposed. I think he has other surprises in his toolkit. If there's nothing else suspicious in my readout up there, that's what I think is likely going on.

Thank you for your input and help.

- Collapse -
This just in. DNS hijacking.
Dec 25, 2014 7:16AM PST

I've sent up a flare about this so take a gander with https://code.google.com/p/namebench/

However you lead with a HJT log so I'd try a new post as this is not read here unless asked for. In the meantime, reset the browsers and re-test browser and DNS.
Bob

- Collapse -
sorry, posted too fast.
Dec 25, 2014 7:19AM PST

The torrents harbor newest, latest, things that are not detected yet or something else. For example it could alter your hosts file or something innocuous. Browser lockups is NOT a sign of hijack or infection. We've been able to lock up browsers for decades.

At your own risk, research JAVASCRIPT BOMBS.
Bob

- Collapse -
DNS hijacking et c.
Dec 25, 2014 11:14AM PST

I'm actually pretty careful about who I accept torrents from and keep an eye on their contents. I've yet to have any sort of payload, even one resident in RAM, come through that way.

DNS hijacking is something else, though, a threat I have suspected but haven't seen caught in the wild. I can certainly shift to other DNS servers and see what happens. I find it signal that my ISP recently upgraded their local servers and I no longer can get a reverse DNS ID from them. More anonymity, one presupposes, but I'm from Missouri. Thanks for the tip on namebench; I'll give it a look-see and reset my browsers.

Java is a recognized security concern that I also keep an eye on, since I may not always be able to identify hostile scripts, especially if they come named as something previously known as benign. I'm very much aware that perfect security isn't possible in a connected world, unless I choose to live in a buried lead-lined Faraday cage, but my concern here is determining whether or not I am once again a deliberately singled-out target. There's a bad guy out there and the sooner I see him behind bars, the safer we shall all be. For your freedom as well as mine, and all that. You know.

Thanks again for the help. I'll post results to this thread as I find them.

- Collapse -
Sorry the DNS hijack is one thing
Dec 25, 2014 2:04PM PST

Any app can alter hosts as well. It's just a text file and not locked down by most suites.

How goes it at the sites that read those log files?
Bob

- Collapse -
Odd and disquieting results
Dec 26, 2014 2:45AM PST

Not sure how to interpret these namebench results. It would seem all the DNS within reach have Google hijacked, with a bad address, or both. One of the servers tested and preferred is my own. I'm not sure if this is what I'm supposed to see. It's a sobering look at the DNS situation near me.

Resetting my DNS off my ISP helped some, but I continue to have stability issues with my browser. I can't usefully differentiate between the browser's problems and those of my connection, but I will keep looking and testing.

My HOSTS file is blank. Specifically, it's the sample provided at install. It contains no non-remark info. This has been the case since I first checked it, many months ago. I'm not sure how to interpret this result since I don't see a difference between when my connections were not molested and now. Other files in the same location do contain info - lmhosts, networks, protocol, services. I'm not sure how to interpret the data in them; they all have the same creation date and time, including hosts. Is this what I should be seeing? I suspect not.

Thanks again for the info and help.

--->Pete

- Collapse -
Good you checked with NAMEBENCH
Dec 26, 2014 4:28AM PST

I found it sobering as well and expect Carol (another moderator) to post more soon in the news.

As to browser stability we know that sites can crash the browser and there can be other issues like the Flash Hardware Acceleration but today, and right or wrong, a lot of folk will call that out as hijacking.

It's pretty old news and just a month ago I had to reset my browsers for some unknown reason. I wonder if the Windows PC days are numbered as I can't imagine everyday folk putting up with this much longer.
Bob

- Collapse -
Welcome to the New Age
Dec 26, 2014 5:22AM PST

I may have mentioned that I spent twenty years with EDS and GM handling user training, corporate communication and liaison between technical and non-technical management. I've been an observer and an oft-unwilling participant in a good many security issues affecting GM users.

What I'm seeing now, through Heartbleed and other server-level attacks, is a new degree of sophistication and intent designed for specific criminal purposes. I suspect I'm just unfortunate enough to have ticked off a rather immature but otherwise highly skilled cracker who has decided to use his skills to silence me. However, I was only fortunate enough to recognize that Heartbleed had been used to hack my e-mail. What I strongly suspect is that more such tools are being used, and not just against me, that gain access to servers over which I have no direct control. I imagine these are simpler to run than man-in-the-middle attacks requiring false interface data sent to the victims. I can't be sure. Therefore I am documenting as I go.

Which reminds me: I did save my namebench results in HTML for further analysis and use. If they can be useful to you, or Carol, please let me know. I am concerned that we are well into a new age of information insecurity and we need to step up our game correspondingly. As well as act, as I am trying to, to bring down the actual perpetrators.

We are no more at the end of the PC age than we are at the end of the oil age. This technology is too useful for us to abandon it, but I suspect we are going to need far better and far more diligent and particularly moral policing to keep it operating. The crooks are turning the Information Superhighway into a maze of back alleys, and we can't have that. Can't have that at all.

--->P!

- Collapse -
Remember that Torrent users get hit with DOS attacks.
Dec 26, 2014 5:37AM PST

As you know about user training I won't duplicate why torrents are an instant black mark on this PC. Not only can you catch things that won't be seen with scanners, torrent users experience DOS attacks. There are numerous discussions and sites on that so when you see a torrent user you note it and know it may not be solvable given the rather nasties you encounter. Then there's DOS attacks.
http://www.techworm.net/2014/12/sony-fightback-against-torrents-file-sharing-sites.html

I don't see this posting at malwarebytes forums or such so I take it you haven't had time for that or the browser resets.
Bob

- Collapse -
Bigger problem with DNS poisoning
Dec 30, 2014 6:35AM PST

I just ran namebench again and found an even longer list of sites with incorrect addresses or marked as hijacked -- including PayPal and Google, and that's from the DNS server in my box here.

Never mind the torrents -- somebody is hijacking DNS in a big way, if I can trust this tool. To who should I report this? ICANN? Or just make a stink on this forum and elsewhere? Because I think we're all in deep trouble. I hard-reset my Net connection and it took nearly ten minutes for any DNS to respond to me. If this is happening to other people...

Has Carol posted an update? Where can I find it? Looking now.

---->P!

- Collapse -
I was not amazed at my ISP's results.
Dec 30, 2014 6:58AM PST

Even Google DNS results weren't entirely clean but far better. There is no law about DNS but the studios are sharpening their knives to attack DNS as a way to thwart file sharing.

Sorry but all this is in the news so I'll pause here.
Bob

- Collapse -
Whose Internet is it anyway?
Dec 30, 2014 9:36AM PST

I'm concerned that there are criminals hijacking the networks but I am repulsed and angered that the movie and music studios would attack the foundation of Web communications for the sake of profit. This is an outrage that needs to be prevented.

If it came down to a choice of having either Sony or the Internet, I don't think many people would be on Sony's side, even if they didn't know about their 2005 rootkit attack.

---->P!