February 28, 2007 By News Report
The Troj/Pirlames-A Trojan horse has been distributed on the controversial Winny file-sharing network in Japan, posing as a screensaver. However, if P2P users download and run the program their files are overwritten by pictures of a popular comic book star who chides them for using Winny.
Programs, music files and e-mail mailboxes are amongst the files targeted by the Trojan horse. EXE, BAT, CMD, INI, ASP, HTM, HTML, PHP, CLASS, JAVA, DBX, EML, MBX, TBB, WAB, HLP, TXT, MP3, XLS, LOG, BMP files are all overwritten by images of comic book character Ayu Tsukimiya contained inside the malicious code:
"This is one of the most bizarre pieces of malware we have seen in our labs for quite some time, but it's data-destroying payload is no laughing matter," said Graham Cluley, senior technology consultant for Sophos. "But it acts as a timely reminder to companies that they may want to control users' access to P2P file-sharing software not just because they can eat up bandwidth, but also because they can present a security risk to your corporate data."
Another variant of the Trojan, Troj/Pirlames-B, displays a different message:
Isamu Kaneko, the author of the Winny file-sharing program, was convicted by a Japanese court in December 2006 for assisting in copyright violation. The rights and wrongs of the case have been widely debated on the internet.
The Pirlames Trojan horse is not the first piece of malware to take advantage of the Winny file-sharing network:
You may use or reference this story with attribution and a link to