Trojan Deletes Your Porn, Music & Warez

E. Vigilant writes "The new Trojan/Erazor-A has an interesting twist. In addition to deleting or disabling various security products and competing malware, it deletes any porn, warez and music in your P2P directories. While some opine that this trojan might have good intentions, remarkably few things infect the text files this trojan also deletes. No one yet knows who wrote this or why."

the first 'christian' virus?

[humuhumunukunukuapu']

is this the first shot on a new frontier in the war for morality?

Nice to see a destructive payload for once

[fatphil]

Without the pain of personal loss, lusers will not be so inclined to tighten up their system. So what if I'm part of a botnet? I'm not using the machine overnight anyway...

Happy LARTing,
FatPhil

Re:Altruism? I have my doubts...

[phyrebyrd]

I see an option 3 here.

3) A strike against the MPAA, RIAA and any other "law abiding" corporation (who manages to be capable of CREATING those very laws) by targeting the computers that seed the incomplete, misnamed and intentionally infected files and the files on computers that have downloaded from them by users stupid enough to download things under 1kb.

Any smart P2P user changes the default directories to customize their own bitspace so it's easier for the person using the software to find what they've downloaded, not to mention archive on another device or media those files they truly wish to retain.

Do note that I did say *smart*.

Add option #4

[WidescreenFreak]

Call me cynical, but add:

4) Write a trojan to wipe out what people apparently consider to be important so that they are more aware of virus scanners.

Hmmm... would the various anti-virus companies do something like this to advertise the need for their products on people who lose gigs and gigs of files to a trojan? Nahhh....

Re:Altruism? I have my doubts...

[Zeinfeld]

I think the chance that this is a distraction is much greater than any other motive suggested. It is very unlikely that someone whose moral compass is so broken that they spend their time writing viruses is that upset about other law breakers. I suspect that the author has huge amounts of stolen software and music. More likely this is just a nasty, vicious little perp who is thinking of a way to do something nasty and vicious. Maybe they think that this type of attack is less likely to be taken seriously by the authorities (wrong) or less likely to lead to criminal complaints (right, but there will be enough complaints). Another strong possibility is that the criminals calculate that creating security paranoia is useful for their business and this is a way to increase concern. They will probably follow up with a marketting campaign selling hijacked copies of anti-virus software. Regardless of what immediate damage is caused every trojan has to be treated as if it was intended to be used for phishing.

Re:So?

[Patrik_AKA_RedX]

If they're not smart enough to use some A/V correctly, why do you assume they'll manage to figure out what a "fileserver" is, let alone how to setup and use one?
How about we write a malware proof OS. That's orders of magnitudes easier that the above.

Re:Add option #4

[simpleparadox]

Once, I had some viruis or something on my computer. While it was popping up porn every two seconds, it was advertising viruis software with message boxes and a fullscreen window it took me a while to get off my desktop, also my desktop and start menu had icons that were made to look like windows security icons that lead to a site selling viruis and spyware protection software.

PC World couldn't read the Sophos article!

[flokemon]

The article on the Sophos website actually puts things as they are.
The PC World rehash just (deliberately?) misinterprets it.

Let's have a wee comparison:

Sophos: - "The Erazer Trojan targets internet users it believes are involved in piracy, but fails to discriminate between the true criminals and those who may have MP3 music files or home movies that they have created themselves. Malware is not the way to fight internet piracy."

PC World: - "A "vigilante" Trojan, that attempts to protect infected PCs from the effects of malware caught while using peer-to-peer file-sharing networks, has been discovered."

Now how they came up with that from the Sophos article is beyond my understanding.

Re:the first 'christian' virus?

[Anonymous Coward]

My bible doesn't say anything about downloading MP3s, particularly legal files [posamist.com].

The Bible specifically says NOT to do what this virus does.

bruce lee kills trojans.

[jasonevans]

maybe the person who wrote the trojan, wrote it to be an asshole with no other intentions in mind; besides to be annoying. Many people who are infected with trojans/other tyes of virus' are not that internet/computer savy. When they engage in illeagle file trading they typically use p2p networks such as lime wire, where it is much easier to download malware and what not. Lets face it, the most popular types of files to download are pretty much porn and music. So theres no better way to piss a ton of people off other than deleting what they value most on their computers. Just my thought.

#5. evolution theory.

[leuk_he]

Option 5: Delete all competing content from the p2p directories so the upload bandwidth is fully available to the virus and it does not have to share the upload bandthwith with other content (like p0rn).

It is called evolution theory, this virus kills of the weaker content to spread itself.

Note that is also stops process like "gator". this virus allows no competition.

Re:Slashspin

[Fallen Seraph]

I don't post on /. often but the end of this article forced my hand.

Or is Trojan/Erazer-A the ultimate social engineering Trojan, one which fools people into accepting its beneficial promise, only to cause major problems when in its next incarnation as Trojan/Erazer-B or C?

WTF?
"Accepting it's beneficial promise"? Are there poeple out there with Kazaa or Limewire downloading gigabyte upon gigabyte of porn, illegal music, and movies unwillingly? Are they too illiterate to use the delete key? Do they have some weird sleep disorder where they unwittingly download?

Last I checked, illegal or not, it's something people WANT. Is PC World trying to imply there's some fuckwit thinking "Oh wow! This virus deletes everything I download! This is great! I'm keeping this!" This virus isn't Charles Bronson "taking the law into its own hands." This virus is Jason Vorhees intruding upon a couple making out in their car.

The assumption is that because the Trojan is only deleting certain file types in specific download directories used by P2P programs -- one of the main sources of inadvertent malware infection -- it is attempting to protect those it manages to infect.

Have the writers of PC World ever even USED a computer? Because last I checked, disabling my antivirus software DOES NOT protect me. That's like someone telling you not to have sex and punching holes in your condoms.

Re:Finally!

[Mayhem178]

Sorry for the double post, I just wanted to add something.

Because going wrong is just something that computers do. I with you on this one. This kind of mentality is something that I try to quash anytime I'm fixing someone's computer. I always tell people that beyond taking a hammer, magnet, or cattle prod to a computer, it is remarkably difficult to truly harm it. As delicate as modern computers may seem, they are remarkably resilient. It's incredibly difficult to truly lose data (provided you're willing to pay the fee at a data recovery lab, in a worst-case scenario).

I always tell people to think of viruses, malware, and spyware as an annoyance, not a plague. The motivation for patching, updating, and scanning for these things should be to prevent their spread, not to protect your own ass. Once people get into a "every man for themselves" mentality, then the malware moves beyond being an annoyance, and the writers of such malware have won.

I remember when Blaster hit. I was working at a real estate office as their only IT guy (small office, about 25 computers total, including servers). Everyone was acting like it was Armageddon. I ended up spending half of my time trying to keep people calm. Time I could have spent solving the problem. Eventually I rounded up everyone (about 10 people) to explain the situation and a give them all a crash course in virus detection and prevention. Still, that particular day I ended up staying long after everyone had left the office so I could unplug every computer from the network, remove all the instances of Blaster (some had upwards of 2000 infected files), and patch the vulnerability.

I think the real problem is that a lot of people don't view computers as flexible, ever-changing tools. They want to see them as embedded devices. Something that performs a small, finite set of tasks, always performs them in the exact same way, does not require any maintenance to function, and will work the same way 10 years from now as it does today. This simply isn't the case. I don't know if this spawns from laziness, computer illiteracy, or some combination of both. I've known people who simply don't want to take the time to get a basic understanding of how their computer works. They don't know and don't care, they just want it to perform a very limited set of tasks, and to hell with everything else. Of course, these same people are likely to buy a car and end up seizing the engine by never having the oil changed.

Virtual machines

[macdaddy]

This also emphasizes why all P2P users should quarantine their P2P software inside a virtual machine. VMWare's recently renamed VMWare Server" [vmware.com] product is free and is a perfect way to isolate your P2P software from the rest of your machine. I actually employ this method myself. Much of the documentation I download is infected and this method prevents that infection from getting back to the host server. Plus it's quite easy to rollback changes to a time before the infection and start over.

Anyone told the Department of Homeland Security?

[Anonymous Coward]

In 'Cyberstorm' earlier this year, a nasty virus did the rounds at or around the same time as the government exercise was allegedly being held. That particular 'wild' virus just so happened to not infect .mil and .gov domains - who would have thought of that? That was a first, and at the same time as a government exercise - did I say fish, or was that 'E'?
  The government claimed that the exercise was held on some mythical private-exact-copy-of-the-web, however, the evidence of the time did not point that way - just don't ask anyone exposed to the 'Karma Sutra Worm'...
As well as normal users, businesses and special PC's (as in the sort used in hospitals) could not cope with the network overload. At the time nobody was putting two and two together, and the Department of Homeland Security were not put under scrutiny.
Given the form of The Department of Homeland Security (the people with the 2.5Tb RAM-drives for everyone's primary keys...) and the class of individual attracted to its ranks, one has to ask if they alone have the means, the motive and the opportunity to pull off such a stunt as the new fangled virus. Usually they gloat, so expect a few words about how well they have done wiping out tonnes of data direct from the hard-drives of tens of thousands of terrorist-training-camp grade al-qaeda operatives, from all over the globe in the mainstream media anytime soon.
With Cyberstorm, A/V vendors, operating system vendors, network equipment manufacturers and others that should know better, overstepped a line that they were not forced to, and took part in 'cyber-theater exercises' that were down-right rotten, costing lots of people lots of time and effort that could have been better directed elsewhere.
This new virus might be the same as the Cyber-storm malweaponry, with SECGEN Rumsfeld watching how the citizenry respond. Do you warn everyone in your mailbox that you could have emailed them a deadly virus? Do you write to the likes of Slashdot with help for others? I don't know, but SECGEN Rumsfeld will.
With Cyberstorm there was also 'Full Spectrum Dominance' propaganda/public diplomacy in the media as well as in blogs. This gave an operational capability to control a word-of-mouth internet campaign, whether that be word of crisis, political disaster, whatever.
'Cyberstorm' came with psychological payload - 'the sky is falling in' and the guys on the exercise were testing their abilities to control and contain a new 'digital Pearl Harbour'. The D.H.S. are suspiciously quiet when it comes to the 'real' threats, has anyone checked if any more government 'cyber' exercises are scheduled?

What about non porn files?

[LinuxRulz]

Last time I scanned my system for porn, all that was detected was LaTex [latex-project.org] (which isn't porn). I hope it doesn't delete tex files or I know a lot of people who will get frustrated.