Press Releases

Browse our press release archive

05 Sep 2005

Arabic Trojan horse interrupts adult website surfing with message from Koran, Sophos reports

Experts at SophosLabs™, Sophos's global network of virus and spam analysis centers, have warned users about a Trojan horse which tries to interrupt surfing of adult websites by displaying messages from the Koran.

The Yusufali-A Trojan horse monitors which websites Windows users are visiting by examining the title bar of the active window. If the Trojan finds a word it doesn't like (such as "teen", "xx", "sex" or "penis") it minimizes the window so the user cannot see its content and displays a message from the Koran instead:

The message displayed by the Trojan horse

The message displayed by the Trojan horse.

"Unlike other malware, it appears this Trojan horse isn't trying to steal money or confidential information, but acting as a moral guardian instead - blocking viewing of websites it determines are unsavory," said Graham Cluley, senior technology consultant for Sophos. "Of course, it's possible for the Trojan horse to make mistakes and block sites which are not pornographic - such as medical sites, or social sites designed for teenagers."

The Yusufali-A Trojan horse continues to display messages if the offending website remains open, and after a while it displays a button labelled "For Exit Click Here". As soon as the mouse is moved the box changes to have vertical bars and the text 'OH! NO i'm in the Cage'. The box contains LogOff, ShutDown and Restart buttons and the mouse pointer is locked within the confines of the box. All the buttons actually cause the computer to logout.

The Yusufali-A Trojan horse

The Yusufali-A Trojan horse forces users to logout of their PCs.

"This Trojan horse may have been written as a joke, or as a serious attempt to clean-up the habits of internet users," continued Cluley. "Whatever the reasons behind its creations, computer users should protect their systems with up-to-date anti-virus software, security patches and a proper firewall."

Sophos users were automatically protected against the Yusufali Trojan horse yesterday. Although Sophos has not received many reports of the Trojan horse it recommends companies protect their email gateways with a consolidated solution to defend against viruses and spam. Businesses should also secure their desktop and servers with automatically updated protection.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.