An advisory from Sophos Labs informed on Tuesday that a malware writer has been infecting thousands of computers by hiding a new Trojan variant in a cartoon video, which has been spread around the world via e-mail.The malware, identified as Troi/Agent-FWO Trojan was hidden into “Yes & No” Shockwave video , a popular cartoon created by the Italian animator Bruno Bozzetto. According to Sophos, “The video only plays, though, after embedding itself on users' computers and downloading other pieces of malicious code.”
The video ironically shows the allowed and forbidden behaviours described in the highway code, and it was published on the internet by Mr. Bozzetto in 2001. From then on, hundreds of thousands of people are believed to have watched the video but it is not possible to guess how many of them have been infected by the Trojan, until researchers will understand exactly when the malware writer began to send out infected copies of the video. Such Trojan is playing the animation as a smokescreen as it silently infects Windows Computers.
Troj/Agent-FWO drops its malicious payload in the Windows System folder. Moreover, Sophos explains that it can create registry entries to run itself on startup, and it also has the functionality to inject code into system processes to stealth itself.
"It's important to realise that the animation itself is not malicious - thousands of artists, like Bruno Bozzetto, have created funny movies whose only negative can be the hours that have been spent watching them," said Graham Cluley, senior technology consultant for Sophos. "But the Trojan horse which is playing the animation in this instance is dangerous. Troj/Agent-FWO is exploiting society's predilection for forwarding humorous animations on to friends and family in its attempt to infect as many people as possible."
Written by Alberto Redi (halfmoon)
Friday, 29 June 2007
Source http://www.zone-h.org/content/view/14787/31/
No comments:
Post a Comment