Japanese Trojan attacks P2P file-sharing pirates

Stan Beer
Thursday, 01 March 2007 13:12

Business IT - Security

In a case of a malware purveyor attacking pirate file-sharers, security vendor Sophos has warned of a bizarre Trojan horse which has been distributed on Japanese peer-to-peer file-sharing networks.

The Troj/Pirlames-A Trojan horse has been distributed on the controversial Winny file-sharing network in Japan, posing as a screensaver. However, if P2P users download and run the program their files are overwritten by pictures of a popular comic book star who abuses them for using Winny and threatens to expose them to the police if they don't stop using the system.

Programs, music files and email mailboxes are amongst the files targeted by the Trojan horse. EXE, BAT, CMD, INI, ASP, HTM, HTML, PHP, CLASS, JAVA, DBX, EML, MBX, TBB, WAB, HLP, TXT, MP3, XLS, LOG, BMP files are all overwritten by images contained inside the malicious code of comic book character Ayu Tsukimiya.

"This is one of the most bizarre pieces of malware we have seen in our labs for quite some time, but its data-destroying payload is no laughing matter," said Graham Cluley, senior technology consultant for Sophos. "It acts as a timely reminder to companies that they may want to control users' access to P2P file-sharing software not just because they can eat up bandwidth, but also because they can present a security risk to your corporate data."

Isamu Kaneko, the author of the Winny file-sharing program, was convicted by a Japanese court in December 2006 for assisting in copyright violation. The rights and wrongs of the case have been widely debated on the internet.

The Pirlames Trojan horse is not the first piece of malware to take advantage of the Winny file-sharing network:

* In May 2006, Sophos reported that a virus had leaked power plant secrets via Winny for the second time in four months.

* The previous month, a Japanese anti-virus company admitted that internal documents and customer information had been leaked after one of its employees failed to install anti-virus software.

* Earlier in 2006, Sophos described how information about Japanese sex victims was leaked by a virus after a police investigator's computer had been infected.

* In June 2005, Sophos reported that nuclear power plant secrets had been leaked from a computer belonging to an employee of Mitsubishi Electric Plant Engineering.

* The police force in Kyoto, Japan, were left with red faces after a virus spread information about their "most wanted" suspect list in April 2004.

A survey conducted last year by Sophos reflects the serious concern that uncontrolled applications are causing system administrators. For example, 86.5% of respondents said they want the opportunity to block P2P applications, with 79% indicating that blocking is essential.