A warning has been issued about a bizarre Trojan horse that has been distributed on Japanese peer-to-peer (P2P) file-sharing networks.

The Troj/Pirlames-A Trojan horse has been distributed on the controversial Winny file-sharing network in Japan, posing as a screensaver. However, if P2P users download and run the program their files are overwritten by pictures of a popular comic book star who chides them for using Winny.

Programs, music files and e-mail mailboxes are amongst the files targeted by the Trojan horse. EXE, BAT, CMD, INI, ASP, HTM, HTML, PHP, CLASS, JAVA, DBX, EML, MBX, TBB, WAB, HLP, TXT, MP3, XLS, LOG, BMP files are all overwritten by images of comic book character Ayu Tsukimiya contained inside the malicious code:

One of the images (which sings a song about fish-shaped pancakes filled with bean jam) includes a phone number, although it is possible that this does not belong to the malware author.

"This is one of the most bizarre pieces of malware we have seen in our labs for quite some time, but it's data-destroying payload is no laughing matter," said Graham Cluley, senior technology consultant for Sophos. "But it acts as a timely reminder to companies that they may want to control users' access to P2P file-sharing software not just because they can eat up bandwidth, but also because they can present a security risk to your corporate data."

Another variant of the Trojan, Troj/Pirlames-B, displays a different message:

Isamu Kaneko, the author of the Winny file-sharing program, was convicted by a Japanese court in December 2006 for assisting in copyright violation. The rights and wrongs of the case have been widely debated on the internet.

The Pirlames Trojan horse is not the first piece of malware to take advantage of the Winny file-sharing network:

  • In May 2006, a virus had leaked power plant secrets via Winny for the second time in four months.
  • The previous month, a Japanese anti-virus company admitted that internal documents and customer information had been leaked after one of its employees failed to install anti-virus software.
  • Earlier in 2006, information about Japanese sex victims was leaked by a virus after a police investigator's computer had been infected.
  • In June 2005, nuclear power plant secrets had been leaked from a computer belonging to an employee of Mitsubishi Electric Plant Engineering.
  • In April 2004, a virus spread information about the "most wanted" suspect list of the Kyoto, Japan police force.