Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a bizarre Trojan horse that has been distributed on Japanese
peer-to-peer file-sharing networks.
The Troj/Pirlames-A Trojan
horse has been distributed on the controversial Winny file-sharing
network in Japan, posing as a screensaver. However, if P2P users
download and run the program their files are overwritten by
pictures of a popular comic book star who abuses them for using
Winny.
Programs, music files and email mailboxes are amongst the files
targeted by the Trojan horse. EXE, BAT, CMD, INI, ASP, HTM, HTML,
PHP, CLASS, JAVA, DBX, EML, MBX, TBB, WAB, HLP, TXT, MP3, XLS, LOG,
BMP files are all overwritten by images contained inside the
malicious code of comic book character Ayu Tsukimiya.
"This is a visit from the prevalent Piro virus!
Stop P2P! If you don't, I'll tell the police!"
|
"Even though Kaneko-San was found guilty,
you're still using Winny aren't you. I really hate such
people!"
|
"Ugu! It's me, Ayu Tsukimiya! I think I might
start destroying downloaded files and P2P software
now..."
|
"Taiyaki, taiyaki, oh I'd like to eat
some...
If you don't bring me some, I'll destroy your files...
If you don't stop using Winny, I'll expose you to the police... My
phone number is <removed>..."
|
One of the images (which sings a song about fish-shaped pancakes
filled with bean jam) includes a phone number, although it is
possible that this does not belong to the malware author.
"This is one of the most bizarre pieces of malware we have seen
in our labs for quite some time, but it's data-destroying payload
is no laughing matter," said Graham Cluley, senior
technology consultant for Sophos. "But it acts as a timely reminder
to companies that they may want to control users' access to P2P
file-sharing software not just because they can eat up bandwidth,
but also because they can present a security risk to your corporate
data."
Another variant of the Trojan, Troj/Pirlames-B,
displays a different message:
"Ah, I see you are using P2P again... if you
don't stop within 0.5 seconds, I'm going to kill
you."
|
Isamu Kaneko, the author of the Winny file-sharing program, was
convicted by a Japanese court in December 2006 for assisting in
copyright violation. The rights and wrongs of the case have been
widely debated on the internet.
The Pirlames Trojan horse is not the first piece of malware to
take advantage of the Winny file-sharing network:
- In May 2006, Sophos reported
that a virus had leaked power plant secrets via Winny for the
second time in four months.
- The previous month, a Japanese anti-virus company admitted that internal
documents and customer information had been leaked after one of its
employees failed to install anti-virus software.
- Earlier in 2006, Sophos described
how information about Japanese sex victims was leaked by a virus
after a police investigator's computer had been infected.
- In June 2005, Sophos reported
that nuclear power plant secrets had been leaked from a computer
belonging to an employee of Mitsubishi Electric Plant
Engineering.
- The police force in Kyoto, Japan, were left with red faces
after a virus spread
information about their "most wanted" suspect list in April
2004.
A survey
conducted last year by Sophos reflects the serious concern that
uncontrolled applications are causing system administrators. For
example, 86.5 percent of respondents said they want the opportunity
to block P2P applications, with 79 percent indicating that blocking
is essential.
Application Control is an optional feature of Sophos Anti-Virus,
version 6, available to both new and existing customers. Existing
customers of Sophos Anti-Virus for Windows 2000/XP/2003, version 6,
can use this new feature at no additional charge. New customers
have the option to deploy Sophos Anti-Virus either with or without
Application Control.
Sophos recommends companies automatically update their corporate
virus protection, and run a consolidated
solution at the email gateway to defend against viruses,
spyware and spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.