Cracked Film and VFX software ‘ A Cautionary Tale

With the cost of production software so high, I know a lot of young people who would not be afraid to download a bootleg copy of Cinema 4D or Maya or Combustion or whatever. It’s actually pretty exciting and easy to do. The applications are so powerful; and this would give you the opportunity to learn them and maybe get a job in the industry. Cool. In fact, one major company actually released a beta version of its very expensive software in a cracked version so that starving young artists would have access (albeit illegal) that would be otherwise impossible. Their thinking was to secretly create a farm team of young expert users who could then apply for jobs at the studios that could afford the software since mere mortals couldn’t. This supply of users would assure future sales. This happened a few years ago and I wrote about it then, so I don’t want to beat a dead horse here.

Since that time, version-updated, cracked software has become available almost as soon as the first copies hit the market. In the days of dongles, I actually preferred to download a crack instead of requesting a legitimate copy of software to review. Why? Because I hate dongles and often the PR people at the software companies wanted me to jump through hoops to get a 90-day license. That was silly and exhausting, and it takes me more than 90 days. Thus, I’d just download and run a bootleg with all the security junk removed by some Russian guy trying to make a living by cheating the big companies. No remorse there.

With that said, I don’t do that anymore. PR people in this industry have become much more savvy and cooperative; and I’ve been around long enough that everybody knows who I am. So for me, it’s not an issue anymore. However, if you’re a young, poverty stricken person wanting to learn Vue 7 and Photoshop, or any of the cool Autodesk 3D and film production software, you’ll have to shell out thousands of dollars that you may not have.

Temptation raises its ugly head. I know; I’ve been there. There have long been Eastern European and Russian sites that will sell you just about anything for a hundred bucks or less in cracked forum. But this has always been a chancy proposition. First of all, you’re giving your credit card number to an acknowledged criminal to pay for it. How smart is that? Many of their websites look like legitimate dealerships, but those ultra low prices are a dead giveaway. Some are actually legitimate, illegitimate dealers. By that I mean, the actually take pride in the clean, virus free cracks they offer. But then there are the guys who sell you cracks with malware up the wazoo. You don’t know what pain is, until you’ve been hit by a deep rootkit, but more on that later.

A Torrent of Illegal Software

I think that by far the most popular way cracked software is distributed is via Torrent downloads. Torrent is a peer-2-peer system that allows the downloading of very large files, like HD movies and massive software packages, over a period of time. It runs in background and just keeps chugging away until your big file is downloaded. A torrent (as download packages are called) must be captured by a special application that decodes it, creates a directory structure and places all the files in the right place. It’s very clever. There are massive torrents that might contain say a thousand 3D models stolen from various places. One I saw was for Poser and had about $10,000.00 worth of Poser outfits, hair, morphs, props and scenes. As I recall it was like 2.8 gigs. What a treasure trove…Right? I thought so.

Enter the bold journalist

I decided to explore this shadowy flow of stolen goods to see what I would see. Certainly viruses were a concern. I first isolated one of my desktop computers and started to download all sorts of torrents filled with expensive software and movies. You will thank me for that. I suffered grievously for the effort, as I suspected I might. If I hadn’t this wouldn’t be much of a column.

To prepare for my adventure, I installed Pccillin Internet Security from Trend Micro. It came to me highly recommended by friends. It’s a powerful multi-app protection system that shields you from viruses, unauthorized access and spyware. Here’s what they claim: Comprehensive protection that includes…

• Antivirus
• Antispyware
• Antispam
• Antiphishing
• Identity theft protection
• Two-way firewall
• Parental Control

Stupid me, I thought that would be enough to make me safe. Oh I had so much to learn.

The first thing I downloaded was that big package of Poser goodies I mentioned above. I’d just gotten Poser from Smith Micro to review and I’d been following it since the beginning. Larry Weinberg, the guy who developed it is a friend and it’s always been an impressive package. The typical install for Poser components makes an ideal channel for evil code. You have to run an exe file that automatically takes care of all the complicated install procedures. Cool. I figured among the hundred or more goodies in the torrent, there would be at least one nasty little critter. I was right.

Poser is interesting in that it allows you to create very sexy men and women in 3D by assembling body, hair, skin, somatic characteristics and wardrobe. Judging by the clothes available, it must be mostly guys using this…but no, in the torrent, there were a ton of goodies concerning fairies, and other fantastic creatures too. Unfortunately the first five goodies that I unwrapped were perfectly legitimate stolen property, and installed just fine. I started feeling like a criminal, because that wasn’t my original intention.

Next I checked to see if they actually worked; and they did. My security software just went humming along with no complaints. So far it looked like my adventure was going to have us all yawning.

I tried a little profiling…I am a psychologist after all. I figured any troll who would distribute a virus would be a brilliant male and an emotional midget. Sorry ladies… there is evidence for this. So, I started looking for the most sexist sounding clothing package, and I came across something about sexy leather underthingies, and it sounded just provocative enough. It also had a generic icon for the file in the Torrent library, where legit stolen Daz Items had a Z icon. I took a few deep breaths and clicked on it.

Wisdom arising from the flames

At first nothing happened. There was no virus warning from Pccillin, nothing much at all happened including no sexy leather undies to be found. Usually you can follow messages as Items are installed…nope…bupkis.

Then all of a sudden I get a window opening, screaming that my computer was under violent attack by a virus. It said I must immediately click on the warning to save my machine. I noticed that the warning window looked completely bogus, but I clicked on it anyway. This was after all, an adventure. I wanted to see where it would take me. I arrived at a website selling very expensive alleged antivirus software. I think there were five choices, starting around $140.00. The warning implied that I had to use one of these to save my system. But I closed the window. Clearly this was a ruse.

If my Pccillin had detected a virus (and what else would?), It would have given me their standard warning, which I would recognize. It certainly would not have taken me to a site other than Trend Micro to buy software. I think you’d have to be brain dead, or totally panicked not to notice this.

Suddenly I’m wondering why in hell the Pccillin didn’t detect anything and prevent this massive system hijack. I noticed that it was now disabled. How in hell did THAT happen? I’m starting to panic. I thought I was reasonably safe from attack. I tried to turn Pccillin back on and do a scan. I was at first successful, but then all of a sudden the scan was terminated with no explanation, and the security software was again disabled. My stress level was climbing.

It took me a few minutes to think of what to do next. So I went online (the internet was working) and got to the Trend Micro site and called for customer assistance. They were great; came right on and said: “Go to our website and run HouseCall, their free virus and spyware scanner. I went there and successfully engaged the Housecall application. It started running… five minutes later it was terminated with prejudice by whatever had invaded my computer. Apparently it had completely taken over my system, and was smart enough to recognize what I was trying to do AND TAKE EVASIVE ACTION. That scared the heck out of me. A few minutes later, all access to the internet was also terminated – punishment for my effort to kill it.

Meanwhile I’m worried sick that his thing is messing with my files (all backed up of course before I started this journey.) My drive light was spending a lot of time blinking at me. No matter what I did, I kept getting this bogus virus warning and the invader insisted that I go to that website.

When I called Trend Micro back they told me it’s a good thing I didn’t buy it; because it would have made matters much worse. It’s a Trojan horse that takes over even more of your computer apparently. I’m getting pretty pissed about now. And I mention that to the poor guy at customer service. I complained about how much I was paying for protection and I wasn’t getting it.
He patiently had me reboot and I got back my internet connection. He then sent me a small analysis application called “Hijackthis” and run it. I then emailed him the resulting log file. I got an email back two days later telling me what to do…I had to hand remove certain files and entries in my registry. There were clear instructions. I did it and it seemed like things were fixed.

Root of the problem

About a half hour later I rebooted for some reason and that damned warning came back. Somewhere in my system a disguised file started at the reboot. It was smart enough to notice that the rootkit had been removed and immediately replaced it, again hijacking my system.
I started getting aggressive on the phone and they kicked my problem up to a second tier engineer. He had me download an interesting little application that allowed him to run my computer remotely, from half way around the world. To make a very long story, a medium story…he worked on my computer for more than two hours, and finally declared it clean. He told me I’d been hit by a very vicious and aggressive Rootkit.
Rootkits are Malware that sneek into your computer undetected. They modify or replace your operating system. It usually self-installs drivers and other kernel components, taking over your entire system; often replacing the original Microsoft operating system with a shadow twin. However, it pretends to be your original system. I was both impressed and frightened. Malware, is a word made from “Malicious” and “Software”. Rootkits can give root access to your most guarded secrets and passwords, to someone at a remote site. This is not good. Apparently Pccillin is not equipped to prevent this kind of malware and it’s not a typical virus. Most virus protection is not able to detect and prevent rootkits. Clearly I was in more peril than I realized. I still had my passwords for online banking and my investment account on that machine. I never thought to remove them. I had to change all my online passwords immediately.

Phase 2

Okay, the engineer had cleared my machine. I rebooted and all seemed good, no bogus virus warning. Oh joy, now to download another torrent. There were tons of them. I downloaded a bunch to give myself a variety of them to choose from. I had movies, books, instructional videos and other stuff that a young person might find useful. Most of it I already have in my library. I’ll admit some of the stuff was completely clean, but I won’t tell you what. I experimented with different bootleg applications using crakz: small programs that supposedly unlock the application. More often than not, they install something very nasty in your computer. I got hit got hit by nasty malware time after time, but still no regular viruses. Each hit seemed to be progressively nastier. Finally I got hit by one so nasty, even the guys at Trend Micro couldn’t get rid of it. By now I’d told them what I was doing and why I kept getting hit. They threw their hands up in frustration after nothing worked.

I went on my laptop for some research on rootkits. By now I was more sophisticated and discovered and what I was looking for. I discovered an application specifically for Malware called Prevx CSI 3.0. I had to buy it, but it was amazing. The Rootkit that had defeated the guys at Trend Micro was removed in a few steps, in less than five minutes…completely.

I was now feeling confident. BTW, this really nasty rootkit had been installed by a “Keygen,” or key generator. It’s a little program that is supposed to duplicate the key generation used by the original software publisher to give legit authorization. Sometimes they actually work. This one didn’t. It was an instrument of evil that caused terrible havoc. They can be just as bad as the crack software that often comes with torrent downloads. The cracks are put into the directory with the locked application, you run it and it supposedly unlocks it. Sometimes they actually work…but you have no way of knowing unless you can analyze the crack in detail.

Eventually I tried the the Corel Painter X crack. I’ve also followed Painter for many years all the way back to the first version in a paint can. I’ll make an even longer story short and tell you that I got hit by the mother of all rootkits. It was much worse than the any previous ones. Prevx CSI thought it had vanquished the little demon, but upon rebooting, it was still there. So I called the Prevx people…wonderful customer service btw, similar to Trend Micro, very responsive and concerned. This guy also had me download an application that let him take over my computer completely. He worked for about an hour and then I noticed he went online and downloaded a third application. With some proprietary Prevx tools plus this downloaded tool: GMER, he worked and worked and sweated and after about an hour, he was successful. He admitted that this was a new and very noxious rootkit. I was worried because, I’m never sure if I’ve removed all my passwords etc. There is so much personal info on our machines, and we forget what it is and where it is. Trust me on that.

Is it worth the trouble?

Honestly, I was just writing an article and I ended up going through such amazing stress and worry and aggravation and hours and hours of recovery with my computer. I hope you appreciate it. I’d have to say, unless you are really desperate and willing to do a ridiculous amount of trial and error, and you are by nature a lucky person, I’d forgo using bootleg software. Contact the publisher and see if you can work out a deal with them. If you have extraordinary talent, and no money, you may be able to.

As a side note, the wonderful and enormously powerful 3D software “Houdini” published by Side Effects Software is available to starving non-students. They recognize that some of us do not have deep pockets and are not students. Their full blown software is VERY expensive, but they’ll give you a watermarked version to learn on for free, and for a hundred bucks, they’ll sell you an HD version that’s fully operational with no watermark. You can’t beat them apples.

A quick note about torrent movie downloads

I think the biggest use of torrents is to distribute free bootleg movies. Most of them don’t have viruses attached but some do. The biggest problem with movie torrents is that most of them are bogus. You download a gig or more of data and when you go to run it you get a message that you have to go to some website and get a special Codec. Yeah, right. Don’t do it.

There are rumors that the movie industry has teams of people uploading the bogus movie files to pollute the available stock. Most of what you download that actually play, are terrible copies shot with a video camera in a theater. You get no extras, often the subtitles are missing and the sound can be awful and out of sync.

A mysterious guy named Axxo uploads really clean and excellent quality videos, but it’s hard to tell which ones are form the real Axxo and which ones are just labeled Axxo, but are phony or worse. It’s up to you, but remember stealing is stealing and who knows what cyber-cops are roaming the data-sphere to nab your ass. It’s also a moral issue.

So dear readers, be careful out there and have fun. I’m off to SIGGRAPH Asia and then on to Beijing’s monster Creative Arts and Culture Expo ICCIE, where I’ll be giving several presentations. Wish me good luck and a safe journey please. I’ll tell you about it when I get back.