In this section

• Home
• Press office
• News archive
• Articles
• 2007
• 06

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

26 June 2007

Shockwave as Trojan horse uses animated disguise Windows users risk being duped by animation smokescreen

The Trojan horse plays a Shockwave animation by Italian cartoonist Bruno Bozzetto.

Experts at Sophos, a world leader in IT security and control, have discovered a Trojan horse that disguises its malicious intent by playing a humorous animation.

The Troj/Agent-FWO Trojan horse plays the popular "Yes & No" Shockwave video created by the Italian animator Bruno Bozzetto, but only after embedding itself on users' computers and downloading further malicious code from the internet.

"Yes & No", which was published on the internet by Bozzetto in 2001, is a humorous video about how obeying the rules of the road does not always make sense. Hundreds of thousands of people are believed to have watched the online animation. According to Sophos experts, the Trojan horse is playing the animation as a smokescreen as it silently infects Windows computers.

"It's important to realise that the animation itself is not malicious - thousands of artists, like Bruno Bozzetto, have created funny movies whose only negative can be the hours that have been spent watching them," said Graham Cluley, senior technology consultant for Sophos. "But the Trojan horse which is playing the animation in this instance is dangerous. Troj/Agent-FWO is exploiting society's predilection for forwarding humorous animations on to friends and family in its attempt to infect as many people as possible."

• Read more about this Trojan horse on the SophosLabs blog

Sophos recommends companies automatically update their corporate virus protection, and defend their users with a consolidated solution to defend against the threats of viruses, spyware, hackers and spam.

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

Download now
Sophos Threat Report July 2008

• SQL injection attacks are the biggest threat
• 90% of malware on legitimate sites
• Hackers exploit Web 2.0

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also:

• Macromedia virus: a flash in the pan?
• Sign up now for free notification of new viruses found in the wild