Advertisement
Home arrow ITsec News arrow “Yes & NO” video may hide a Trojan
Saturday, 22 November 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  8778  71.58%
Win 2003  1950  15.90%
Win 2000  722  5.89%
Solaris 9/10  402  3.28%
FreeBSD  226  1.84%
Other  185  1.51%

Total attacks: 12263 of which 4619 single ip and 7644 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
“Yes & NO” video may hide a Trojan PDF Print E-mail
User Rating: / 10
PoorBest 
Friday, 29 June 2007

  An advisory from Sophos Labs informed on Tuesday that a malware writer has been infecting thousands of computers by hiding a new Trojan variant in a cartoon video, which has been spread around the world via e-mail.

The malware,  identified as Troi/Agent-FWO Trojan  was hidden into “Yes & No” Shockwave video , a popular cartoon created by the Italian animator Bruno Bozzetto. According to Sophos, “The video only plays, though, after embedding itself on users' computers and downloading other pieces of malicious code.”

The video ironically shows the allowed and forbidden behaviours described in  the highway code, and it  was published on the internet  by Mr. Bozzetto in 2001. From then on, hundreds of thousands of people are believed to have watched the video but it is not possible to guess how many of them have been infected by the Trojan, until researchers will understand exactly when the malware writer began to send out infected copies of the video. Such Trojan is playing the animation as a smokescreen as it silently infects Windows Computers.

Troj/Agent-FWO drops its malicious payload in the Windows System folder. Moreover,  Sophos explains that it can create registry entries to run itself on startup, and it also has the functionality to inject code into system processes to stealth itself.

 "It's important to realise that the animation itself is not malicious - thousands of artists, like Bruno Bozzetto, have created funny movies whose only negative can be the hours that have been spent watching them," said Graham Cluley, senior technology consultant for Sophos. "But the Trojan horse which is playing the animation in this instance is dangerous. Troj/Agent-FWO is exploiting society's predilection for forwarding humorous animations on to friends and family in its attempt to infect as many people as possible."


Comments Index (Total Messages: 2)
oh thx Written by Guest on 2007-07-30 13:43:49
PowerDream Written by Guest on 2007-08-01 23:43:51

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
Advertisement
 
Top!
© 2008 Zone-H.org - Unrestricted Information
Joomla! is Free Software released under the GNU/GPL License.
 Top!