|
By Stan Beer Thursday, 01 March 2007 In a case of a malware purveyor attacking pirate file-sharers, security vendor Sophos has warned of a bizarre Trojan horse which has been distributed on Japanese peer-to-peer file-sharing networks. The Troj/Pirlames-A Trojan horse has been distributed on the controversial Winny file-sharing network in Japan, posing as a screensaver. However, if P2P users download and run the program their files are overwritten by pictures of a popular comic book star who abuses them for using Winny and threatens to expose them to the police if they don't stop using the system. Programs, music files and email mailboxes are amongst the files targeted by the Trojan horse. EXE, BAT, CMD, INI, ASP, HTM, HTML, PHP, CLASS, JAVA, DBX, EML, MBX, TBB, WAB, HLP, TXT, MP3, XLS, LOG, BMP files are all overwritten by images contained inside the malicious code of comic book character Ayu Tsukimiya. "This is one of the most bizarre pieces of malware we have seen in our labs for quite some time, but its data-destroying payload is no laughing matter," said Graham Cluley, senior technology consultant for Sophos. "It acts as a timely reminder to companies that they may want to control users' access to P2P file-sharing software not just because they can eat up bandwidth, but also because they can present a security risk to your corporate data." Isamu Kaneko, the author of the Winny file-sharing program, was convicted by a Japanese court in December 2006 for assisting in copyright violation. The rights and wrongs of the case have been widely debated on the internet. The Pirlames Trojan horse is not the first piece of malware to take advantage of the Winny file-sharing network: * In May 2006, Sophos reported that a virus had leaked power plant secrets via Winny for the second time in four months. * The previous month, a Japanese anti-virus company admitted that internal documents and customer information had been leaked after one of its employees failed to install anti-virus software. * Earlier in 2006, Sophos described how information about Japanese sex victims was leaked by a virus after a police investigator's computer had been infected. * In June 2005, Sophos reported that nuclear power plant secrets had been leaked from a computer belonging to an employee of Mitsubishi Electric Plant Engineering. * The police force in Kyoto, Japan, were left with red faces after a virus spread information about their "most wanted" suspect list in April 2004. A survey conducted last year by Sophos reflects the serious concern that uncontrolled applications are causing system administrators. For example, 86.5% of respondents said they want the opportunity to block P2P applications, with 79% indicating that blocking is essential. Read About It Information about Uploader-AH is located on VIL at: http://vil.nai.com/vil/content/v_141567.htm Detection Uploader-AH was first discovered on February 26, 2007 and detection was added to the 4971 dat files (Release Date: February 26, 2007). To stay updated and protected download the latest dat files from http://www.mcafee.com/us/downloads/index.html If you suspect you have Uploader-AH, please submit a sample to <http://www.webimmune.net> Mike Grant Bytware, Inc. 775-851-2900 http://www.bytware.com CONFIDENTIALITY NOTICE: This e-mail message and any attachment to this e-mail message contain information that may be privileged and confidential. This e-mail and any attachments are intended solely for the use of the individual or entity named above (the recipient) and may not be forwarded to or shared with any third party. If you are not the intended recipient and have received this e-mail in error, please notify us by return e-mail or by telephone at 775-851-2900 and delete this message. This notice is automatically appended to each e-mail message leaving Bytware, Inc.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.