Shockwave as Trojan horse uses animated disguise

June 26, 2007 Sophos Press Release

The Trojan horse plays a Shockwave animation by Italian cartoonist Bruno Bozzetto
The Trojan horse plays a Shockwave animation by Italian cartoonist Bruno Bozzetto.

Experts at Sophos, a world leader in IT security and control, have discovered a Trojan horse that disguises its malicious intent by playing a humorous animation.

The Troj/Agent-FWO Trojan horse plays the popular "Yes & No" Shockwave video created by the Italian animator Bruno Bozzetto, but only after embedding itself on users' computers and downloading further malicious code from the internet.

"Yes & No", which was published on the internet by Bozzetto in 2001, is a humorous video about how obeying the rules of the road does not always make sense. Hundreds of thousands of people are believed to have watched the online animation. According to Sophos experts, the Trojan horse is playing the animation as a smokescreen as it silently infects Windows computers.

"It's important to realise that the animation itself is not malicious - thousands of artists, like Bruno Bozzetto, have created funny movies whose only negative can be the hours that have been spent watching them," said Graham Cluley, senior technology consultant for Sophos. "But the Trojan horse which is playing the animation in this instance is dangerous. Troj/Agent-FWO is exploiting society's predilection for forwarding humorous animations on to friends and family in its attempt to infect as many people as possible."

Sophos recommends companies automatically update their corporate virus protection, and defend their users with a consolidated solution to defend against the threats of viruses, spyware, hackers and spam.