Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×

Trojan Deletes Your Porn, Music & Warez 400

E. Vigilant writes "The new Trojan/Erazor-A has an interesting twist. In addition to deleting or disabling various security products and competing malware, it deletes any porn, warez and music in your P2P directories. While some opine that this trojan might have good intentions, remarkably few things infect the text files this trojan also deletes. No one yet knows who wrote this or why."
This discussion has been archived. No new comments can be posted.

Trojan Deletes Your Porn, Music & Warez

Comments Filter:
  • by TripMaster Monkey ( 862126 ) * on Tuesday May 16, 2006 @07:30AM (#15341351)

    From TFA:
    The assumption is that because the Trojan is only deleting certain file types in specific download directories used by P2P programs -- one of the main sources of inadvertent malware infection -- it is attempting to protect those it manages to infect.
    Well, that's a remarkably stupid assumption.

    What's more likely?
    1. The Trojan was designed to protect users from malware by deleting contents of P2P directories,
        - or -
    2. The Trojan was designed to strike a blow against P2P file sharers deleting contents of P2P directories.


    Let's analyze who benefits from each scenario:
    1. No one benefits, since the 'benefits' of having files that might be infected with malware deleted is more than offset by the security problems introduced by the deactivation of antivirus software, as well as the inadvertent deletion of many innocent files. Also, the Trojan writer, (in this scenario, a "Robin Hood" type character), receives no benefit other than a warm fuzzy feeling.

    2. RIAA, MPAA, and various software companies all realize tangible financial benefits as illegal file sharing is dealt a serious blow. Also, the Trojan writer, (in this scenario, a mercenary for hire) takes home a nice fat paycheck for a job well done.


    I pick avarice over sloppily executed altruism any day. I find it intriguing that this alternate explanation apparently didn't even occur to PC World.
    • by Joebert ( 946227 ) on Tuesday May 16, 2006 @07:37AM (#15341384) Homepage
      What about the third scenario ?

      3) Virus writers stage this to make it look like the RIAA, MPAA, ect, are "pulling a Sony" in an attempt to pull a classic "Throw a rock at the bee hive the ranger is standing next to so BooBoo can grab the pic-a-nic basket".
      • Add option #4 (Score:5, Interesting)

        by WidescreenFreak ( 830043 ) on Tuesday May 16, 2006 @07:54AM (#15341512) Homepage Journal
        Call me cynical, but add:

        4) Write a trojan to wipe out what people apparently consider to be important so that they are more aware of virus scanners.

        Hmmm... would the various anti-virus companies do something like this to advertise the need for their products on people who lose gigs and gigs of files to a trojan? Nahhh....
        • Re:Add option #4 (Score:2, Insightful)

          by grub ( 11606 )

          Hmmm... would the various anti-virus companies do something like this to advertise the need for their products on people who lose gigs and gigs of files to a trojan?

          I was thinking the same thing, however, the bug actively kills a lot of AV processes. Advertising "Our Version X was killed by that bug, but Version Y is unbreakable!" doesn't instill confidence in the user.
          • Not in users like us, perhaps, but to the average Joe who just lost a few gigs of data, and is therefore still in "gullible, panicked buyer" mode, any virus scanner will likely be desireable. So, if an anti-virus vendor can claim to protects your gigs of fies once the new version come out, you can bet that the people who got smacked by this are going to buy it, if only under the ignorant assumption that it won't happen again.
        • Re:Add option #4 (Score:5, Insightful)

          by Chelloveck ( 14643 ) on Tuesday May 16, 2006 @08:23AM (#15341668)

          Even simpler:

          4) Write a trojan to wipe out what people apparently consider to be important just because the trojan writer is a prick.

          • by Sigg3.net ( 886486 ) on Tuesday May 16, 2006 @09:13AM (#15342068) Homepage
            Not even that:

            5) Trojan not only sentient, but self-sustainable and conventionally biased. Will take over the world.

            Proof of Intelligent Design? You be the judge.
          • sorry ;) (Score:5, Funny)

            by miruku ( 642921 ) on Tuesday May 16, 2006 @09:54AM (#15342407) Homepage
            6) profit!!
        • by Foobar of Borg ( 690622 ) on Tuesday May 16, 2006 @08:52AM (#15341914)
          5) Pat Robertson and Jerry Falwell want to wipe out pr0n from the internet, so they assemble a team of computer experts and tell them, "Pr0n is the 5ux0rs! We need 1337 h@x0r5 to pwn their warez, w00t, w00t!"

          Or, maybe not...

        • No Kidding. I need to pirate a fresh copy of Norton Anti-Virus off some P2P service before I fall victim to such a Trojan.
      • I think the chance that this is a distraction is much greater than any other motive suggested. It is very unlikely that someone whose moral compass is so broken that they spend their time writing viruses is that upset about other law breakers. I suspect that the author has huge amounts of stolen software and music. More likely this is just a nasty, vicious little perp who is thinking of a way to do something nasty and vicious. Maybe they think that this type of attack is less likely to be taken seriously
    • I agree with you very infrequently, but this is one of those infrequent times. Either someone who is good at coding is on a major "hoiler-than-thou", ethics spree or this is the result of a bigger source hiring this person. I completely agree with you on the latter.

      But on the other hand, this is not necessarily a bad thing for the rest of us. Most of the people who would be come infected by this - and consequently lose all of their P2P data - are probably Joe User types who don't know any better. So
      • Virtual machines (Score:5, Interesting)

        by macdaddy ( 38372 ) on Tuesday May 16, 2006 @10:22AM (#15342652) Homepage Journal
        This also emphasizes why all P2P users should quarantine their P2P software inside a virtual machine. VMWare's recently renamed VMWare Server" [vmware.com] product is free and is a perfect way to isolate your P2P software from the rest of your machine. I actually employ this method myself. Much of the documentation I download is infected and this method prevents that infection from getting back to the host server. Plus it's quite easy to rollback changes to a time before the infection and start over.
    • by phyrebyrd ( 631520 ) * on Tuesday May 16, 2006 @07:49AM (#15341464) Homepage
      I see an option 3 here.

      3) A strike against the MPAA, RIAA and any other "law abiding" corporation (who manages to be capable of CREATING those very laws) by targeting the computers that seed the incomplete, misnamed and intentionally infected files and the files on computers that have downloaded from them by users stupid enough to download things under 1kb.

      Any smart P2P user changes the default directories to customize their own bitspace so it's easier for the person using the software to find what they've downloaded, not to mention archive on another device or media those files they truly wish to retain.

      Do note that I did say *smart*.
    • Yea, like the RIAA and the MPAA are going to release a virus on the public, which could cost them billions, look how well that turned out for Sony...

      In actuality it was probably just some stupid kid who, and probably rightfully so, thought the only thing of any value to anyone on their computers are either text files, or have downloaded from some p2p or similar site.

      Honestly if you were looking to cause the most damage to anyones computer, it would be to strike at their heart, their downloaded music.
      • look how well that turned out for Sony...
         
        So what exactly happened to Sony - some bad press, that I only saw on the tv news once. Has anybody stopped buying sony gear? Has their share price dropped? Are they in court? No, no, no... so nothing has actually happened to Sony over this. Sure, we may hate them here and a few over places on the net, but most people don't care enough. I hated them before because of Atrac and their crappy software.
    • Avarice (Score:4, Insightful)

      by Mark_MF-WN ( 678030 ) on Tuesday May 16, 2006 @07:51AM (#15341487)
      Avarice isn't too bad a theory, but I have trouble believing that the RIAA/MPAA could be so dumb. Sony is still in hot water over a badly designed piece of supposedly legitimate software. This is the kind of thing that could land people in JAIL. Suppose the virus gets onto a government computer and erases some legitimate files? What about a military computer? The US military has demonstratibly poor computer security. This could cause them huge problems if it got loose.

      My theory is that this was made by someone who WANTS people to think that the RIAA made it, so that even more people will turn against them and take some heat off of P2P.

      • Re:Avarice (Score:2, Insightful)

        by Anonymous Coward
        I can't believe that you can't believe that they are so dumb!

        Sony is still in hot water over a badly designed piece of supposedly legitimate software.

        What hot water? They installed ROOTKITS on their music CDs, not "a badly designed piece of software." The software was well designed, it did exactly what Sony wanted it to. The rootkit was blatantly illegal, breaking several felony laws. You might want to see what happens to an American citizen who installs rootkits. [theregister.co.uk]

        I don't see any Sony executives in prison fo
      • Re:Avarice (Score:5, Insightful)

        by tbone1 ( 309237 ) on Tuesday May 16, 2006 @08:11AM (#15341604) Homepage
        I have trouble believing that the RIAA/MPAA could be so dumb.

        I don't. I've seen how dumb large organizations can be.

    • by Bogtha ( 906264 ) on Tuesday May 16, 2006 @07:53AM (#15341508)

      The first thing I thought was that it was well intentioned - in the long run.

      The general public have demonstrated time and time again that they really don't care about security. They'll put up with their computer slowing down and crashing, they'll put up with random popup ads, they'll put up with their computer being used to spam people...

      ...but take away their porn and music? The virus seems to be designed to piss the computer user off as much as possible without actually causing any real damage or impairing the computer's operation. It seems to me that the virus writer did it to get people to take notice of viruses in future.

      Removing virus vectors doesn't solve the problem in the long run. Ultimately, only education will do that. This is a form of education, a lesson that will actually sink in.

      • The general public have demonstrated time and time again that they really don't care about security. They'll put up with their computer slowing down and crashing, they'll put up with random popup ads, they'll put up with their computer being used to spam people...

        That is so true. I can't count the amount of people I've met that have weatherbug or whatever on their computer and I explain to them that it has spyware, then I remove it and the spyware. Then a day or so later, they're like, "WTF? You deleted

        • by Jeremi ( 14640 ) on Tuesday May 16, 2006 @09:50AM (#15342361) Homepage
          Then a day or so later, they're like, "WTF? You deleted weatherbug" and I find they've
          reinstalled it. People just don't care, and I don't expect to ever understand why


          People assume that anything that happens on their computer is visible in the GUI. Therefore if weatherbug doesn't pop up a requester saying "I'm spying on you now, please type something interesting", naive people will assume it's not doing that.


          I suspect this misapprehension will change only through hard experience.

        • Weatherbug is what I call "functional spyware" in that it does provide a real function in addition to it's spying functions. Most spyware now fits this profile, but the original spyware, Gator, did not.

          When removing functional spyware you must attempt to provide a replacement application that can do the same function. The user in your scenario can't be bothered to go to a website to get the weather, so you might want to try finding another weather tray tool. I don't know of any off the top of my head but t
      • ...without actually causing any real damage or impairing the computer's operation.

        Um, maybe it's just me, but I'd call disabling antivirus impairing the computer's operation. Yeah, sure, it's not installing a spam zombie client, but it is unlocking the door for someone who will...

    • I think this is simply someone who doesn't like P2P. Maybe they use newsgroups or have connections to warez sites -- from their perspective, P2P is looked down upon as a bunch of lamers. They expect their buddies won't fall for some stupid shit like this, so they figure why not create something that destroys all their P2P media? Piss off a bunch of lamers by destroying their P2P crap.
    • by SmallFurryCreature ( 593017 ) on Tuesday May 16, 2006 @08:24AM (#15341670) Journal
      I can only conclude that people at PC World ain't got a clue about PC's. Since when can .avi .mp3 etc etc contain virusses or malware?

      If it only deleted .exe .bat .com etc etc then I could understand the logic BUT deleting media files does not protect anyone.

      They almost touch on the simplest explenation. Vigilante. Believe it or not but there are some individuals who feel they have a need to stop others from downloading via p2p.

      They would be intrested in deleting any media files you downloaded via p2p. They would not be protecting you but making your (in their eyes illegal) activity worthless. So that explains why they delete harmless files.

      It also explains why they try to disable security programs, yet another punishment. That way you are far more at risk from using P2P by being infected. The logic being that pirates do not deserve to be safe.

      Vigilante seeking to punish p2p users. Not the RIAA and not some guardian angel. The RIAA would have to have some extremly bad lawyers to have allowed this and a guardian angel would only destroy files wich put you at risk and not disable security software.

      Vigilantes have done stuff like this before. It falls in the same field as those "jezus loves you" posts in porn usenet groups. Or so I been told. Not that I would know anything about that offcourse.

  • Slashspin (Score:5, Insightful)

    by eldavojohn ( 898314 ) * <eldavojohn@gSTRAWmail.com minus berry> on Tuesday May 16, 2006 @07:32AM (#15341356) Journal
    First off, this article is pure bullshit spin. They mention several points about a virus and the whole time they attempt to spin it the reader as a "good intentions" virus--even comparing it to Charles Bronson. The Slashdot title reads "Trojan Deletes Your Porn, Music & Warez" but it doesnt, if you RTFA:
    The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations.
    Gosh, I have plenty of MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files ... that aren't porn, illegal music & warez.

    What they fail to mention is that people who use P2P networks often want those files that they've collected. So this virus is destroying something they want.

    I mean, who installs eMule or Bit Torrent and then wishes that one day someone would come and save them from the files they've downloaded? The very idea is ludicrous.

    I use Bit Torrent. If a virus were to come and delete everything I've gotten from it (trailors, WoW patches, an odd assortment of legal videos and mp3s, etc), I don't know about you, but I would be right pissed. This isn't protection and it doesn't seem to discriminate from virile files and good files so it's pure and utter destruction.

    The only thing "beneficial" is seen from the eyes of the RIAA or MPAA.

    "I don't think this was written with good intentions because it attempts to turn off security," said Cluley. There would be nothing more dangerous than for people to become accustomed to the idea of "beneficial malware" because that might create a false sense of security.
    You "don't think" this was written with good intentions? A virus comes onto your machine, disables security & starts to delete files in directories with a certain naming convention. What more to do you need to say, "holy hell, I've got a freaking virus!"?
    • by Gumph ( 706694 ) on Tuesday May 16, 2006 @07:47AM (#15341452)
      Gosh, I have plenty of MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files ... that aren't porn, illegal music & warez.

      Excuse me Sir, we've had some complaints from the other clientele, could you hand in your /. ID on your way out.
  • is this the first shot on a new frontier in the war for morality?
  • Finally! (Score:5, Insightful)

    by Whiney Mac Fanboy ( 963289 ) * <whineymacfanboy@gmail.com> on Tuesday May 16, 2006 @07:33AM (#15341365) Homepage Journal
    *Applauds*

    Finally a threat that will make the average joe start to take computer security seriously! I look forward to a safe internet for everyone (I mean as soon as a few botnet node owner's loose their porn, peole will actually clean up their boxes!)

    On a more serious note, quoting the pcworld article:
    The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations.

    The assumption is that because the Trojan is only deleting certain file types in specific download directories used by P2P programs -- one of the main sources of inadvertent malware infection -- it is attempting to protect those it manages to infect. [emph mine]
    WTF? How could anyone think that it's to attempt to protect users when it doesn't delete executables from p2p folders? (for an interesting overview of real "white hat worms" see this vnunet article [vnunet.com] and the slashdot discussion on the blaster removal worm) [slashdot.org]

    This worm is clearly to scare people away from p2p - not protect them from other p2p malware.

    What's the bet that one of [riaa.com] the companies [mpaa.org] that make oodles of money [apple.com] from content [bpi.co.uk] are behind this?
    • Phishing trojans have been out and about for quite some time now. And they're responsible for QUITE some damage.

      Did it result in any change of the average Joe's security awareness. I mean, hey, it's not just some porn or movies you downloaded, it's your MONEY that's at stake!

      And? Nada.
    • Re:Finally! (Score:5, Funny)

      by hal2814 ( 725639 ) on Tuesday May 16, 2006 @07:55AM (#15341516)
      "Finally a threat that will make the average joe start to take computer security seriously!" Until a computer virus or trojan can come into your house, shave your eyebrows off while you're asleep, drink all your beer, and leave you with no toilet paper, the average joe will never take computer security seriously.
      • Re:Finally! (Score:4, Insightful)

        by Mayhem178 ( 920970 ) on Tuesday May 16, 2006 @08:08AM (#15341590)
        We can change that. All we need to do is modify this virus to delete *.doc, *.xls, and everything in the My Documents folder. Also, it should hijack IE, set his/her clock to January 1, 1900 (Y2K, anyone?), replace his/her desktop wallpaper with Goatse, and delete every link off his/her desktop and start menu.

        That should hit Average Joe User hard enough to make them feel like they got raped by a train.
        • and everything in the My Documents folder.

          Considering the people I know, I think you'd be better off deleting documents from the Desktop... :\
        • Re:Finally! (Score:4, Insightful)

          by ajs318 ( 655362 ) <.sd_resp2. .at. .earthshod.co.uk.> on Tuesday May 16, 2006 @09:10AM (#15342048)
          No. Your "Average Joe User", confronted with that scenario, will simply throw away his old, broken computer, go out and buy a new one, and then start filling that up with crap. And when that is thoroughly full of crap too, and slowing down and going to the wrong web site and crashing and files are going missing ..... rinse and repeat. Because going wrong is just something that computers do.

          Mind you, smart skip-divers probably will benefit from this.
          • Re:Finally! (Score:3, Interesting)

            by Mayhem178 ( 920970 )
            Sorry for the double post, I just wanted to add something.

            Because going wrong is just something that computers do. I with you on this one. This kind of mentality is something that I try to quash anytime I'm fixing someone's computer. I always tell people that beyond taking a hammer, magnet, or cattle prod to a computer, it is remarkably difficult to truly harm it. As delicate as modern computers may seem, they are remarkably resilient. It's incredibly difficult to truly lose data (provided you're wi
      • Thank goodness, it was just a virus. I though I had a drinking problem.
    • I agree completely, what a horrable thing to delete my porn
  • by Anonymous Coward on Tuesday May 16, 2006 @07:34AM (#15341371)
    All I know is that this is a very important problem we have to fix!! Destroying our financial records and stealing our identity is one thing. But touch a geek's pr0n collection ------- this means WAR!
    • No worries! I've hired, well, captured and enslaved, 150 people who go over all the code I download before letting it touch my porn-fileservers.
      This is just too important to leave to a program or people who do not have to fear for their lifes.
  • by Jerk City Troll ( 661616 ) on Tuesday May 16, 2006 @07:35AM (#15341379) Homepage

    Of course it would delete your porn! Trojan [trojancondoms.com] wants you to go out and have real sex.

  • by Noryungi ( 70322 ) on Tuesday May 16, 2006 @07:36AM (#15341381) Homepage Journal
    I feel a great disturbance in the Force... As if a millions Slashdot posters all cried out in anguish...
  • I don't care about the author's intentions. What happens on my computer is MY business. Nobody elses.

    On the other hand, if they find and try him, in what way is that different to many DRM implementations?
  • by Anonymous Coward on Tuesday May 16, 2006 @07:39AM (#15341398)
    The new Trojan/Erazor-A has an interesting twist. In addition to deleting or disabling various security products and competing malware, it deletes any porn, warez and music.


    This thing could delete the Internet

    As for the Who and the Why. I blame the RI/MP Ass's. of America.
  • by dimer0 ( 461593 ) on Tuesday May 16, 2006 @07:40AM (#15341399)
    ... and make a new commercial!

    [old guy is coughing, wheezing, ...]

    [young guy] On a mac, you don't have to worry about losing your pr0n and warez!

    [young asian chic to young guys right seductively takes leg and wraps it around young guys waist]

    [cut to pic of imac]
  • So why not just say it deletes everything in your P2P directories?
  • by TheOldSchooler ( 850678 ) on Tuesday May 16, 2006 @07:43AM (#15341418)
    Storage Space Mysteriously Triples on File Servers around the World.
  • by fatphil ( 181876 ) on Tuesday May 16, 2006 @07:44AM (#15341433) Homepage
    Without the pain of personal loss, lusers will not be so inclined to tighten up their system. So what if I'm part of a botnet? I'm not using the machine overnight anyway...

    Happy LARTing,
    FatPhil
  • by Progman3K ( 515744 ) on Tuesday May 16, 2006 @07:46AM (#15341445)
    First they came for my credit card data, since I did not have Visa, I said nothing.
    Then they came phishing for my bank account info, since I did not have a bank account, I said nothing.
    Then they came for my porn...
  • by iogan ( 943605 ) on Tuesday May 16, 2006 @07:48AM (#15341461) Homepage
    The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations.
    (...)
    "The Erazer Trojan is a vigilante worthy of a Charles Bronson movie, taking the law into its own hands. However, it's perfectly possible for the Trojan to aim poorly and wipe out innocent files too," commented Graham Cluley of Sophos.


    Aiming poorly? Yeah, if carpet bombing a country to hit a dart board is what you mean by aiming poorly...
  • by Opportunist ( 166417 ) on Tuesday May 16, 2006 @07:48AM (#15341462)
    The only "real" news is that it deletes the content of P2P folders (ok, not really "new" either but at least far from usual).

    That a trojan kills other trojans is hardly news. About a year ago two groups actually led a battle where one group tried to stab the other group's trojans (and vice versa) with their updates. Some trojans also use the names other trojans use to ensure those trojans can't install after they're already in. Makes detecting them correctly (i.e. as a different beast, not a new version) not really easier.

    Almost every trojan today has some anti-anti-trojan functions. Killing Kaspersky, McAfee and Norton AV is more or less a standard feature of most current Trojans, so I wouldn't really call that news either.

    The only outstanding feature that's hardly common is the deletion of incoming P2P objects. Which makes one wonder who ... well, cui bono?
  • by JamesTRexx ( 675890 ) on Tuesday May 16, 2006 @07:49AM (#15341471) Journal
    remarkably few things infect the text files this trojan also deletes.

    Ehmm... What?
  • Dear lord (Score:3, Funny)

    by Rendo ( 918276 ) on Tuesday May 16, 2006 @07:57AM (#15341534)
    I felt a great disturbance from the Net, as if millions of gigs of porn suddenly cried out in terror and were suddenly deleted.
  • by unity100 ( 970058 ) * on Tuesday May 16, 2006 @08:04AM (#15341564) Homepage Journal
    Next : RIAA fleet to plunder coastal towns whose citizens are known to indulgue in p2p.

    Planned : RIAA prison camps full of former p2p people to be used as slave labor in music industry.

    You wont be hiding ... You wont be escaping ... Its coming ... Its RIAA ...

    Coming to a theatre near you this summer ... The RIAA Strikes Back !!!

    Official site : www.riaastrikesbackwithfear.com
    • This made me laugh, it kind of reminded me of the issue of 2600 when the whole DeCSS thing broke and it was plastered with pictures of SWAT teams with their uniforms photoshopped to say "MPAA" storming a McDonalds. Funny stuff.
  • This is the last straw!!!! We have had it with you evil hax0rs!!!!!! Something must be done!!!!! THE PEOPLE WHO WROTE THIS SHOULD BE PUT TO DEATH!!!!
  • Not cool (Score:3, Funny)

    by Lord_Dweomer ( 648696 ) on Tuesday May 16, 2006 @08:05AM (#15341569) Homepage
    There is an unwritten law that you do not touch a man's pr0n. Period. He could have slept with your wife and added pictures of her to his collection, and still, you do not touch his pr0n.

    These people have gone too far. If I get infected by this I'm going straight to the FBI, this is too serious to joke about.

  • should be a better name for this malware. From TFA:

    "The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations."

    A real beneficial Trojan would apply all the latest Windows service packs, delete all other malware, Sony and other Phony rootkits etc.

    Why DO WE NEVER EVER HEAR of any Trojan that simply formats the hard disk? Intriguing, to say the least.
    -
    • Why DO WE NEVER EVER HEAR of any Trojan that simply formats the hard disk? Intriguing, to say the least.

      Because without a computer, how are any of the victims ever going to get onto the net to tell the tale? Game over, man! Game over!

  • ... it's best to make sure you have your porn, music and warez all burned to DVD!!
  • If this virus were to wipe out most peoples HDs, they would realize that a 20Gig HD is sufficient to handle their programs and non-media related data. Porn, music and warez is what drives harddrive sales!
  • The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations.

    The assumption is that because the Trojan is only deleting certain file types in specific download directories used by P2P programs -- one of the main sources of inadvertent malware infection -- it is attempting to protect those it manages to infect.

    Can somebody buy these people a clue? This is ma

  • by flokemon ( 578389 ) on Tuesday May 16, 2006 @08:17AM (#15341640) Homepage
    The article on the Sophos website actually puts things as they are.
    The PC World rehash just (deliberately?) misinterprets it.

    Let's have a wee comparison:

    Sophos: - "The Erazer Trojan targets internet users it believes are involved in piracy, but fails to discriminate between the true criminals and those who may have MP3 music files or home movies that they have created themselves. Malware is not the way to fight internet piracy."

    PC World: - "A "vigilante" Trojan, that attempts to protect infected PCs from the effects of malware caught while using peer-to-peer file-sharing networks, has been discovered."

    Now how they came up with that from the Sophos article is beyond my understanding.
  • New Service (Score:5, Funny)

    by MobileTatsu-NJG ( 946591 ) on Tuesday May 16, 2006 @08:18AM (#15341647)
    Greetings, all.

    I just wanted to offer my new backup service for all who of you who fear this trojan. Just contact me so we can arrange transfers. Please do not be wary of my generosity, for helping is its own reward.

  • Apparently they've been offline since last friday.

    AllofMp3 Shutdown. [theregister.co.uk]

    The IFPI has denied responsibility.

    Seriously though. I wonder whats up with them?
  • by Churla ( 936633 ) on Tuesday May 16, 2006 @08:23AM (#15341665)
    Never attest to malice what can be adequately attributed to stupidity.

    In this case I think it's stupidity to create a virus that deletes the files it would be most likely to be able to propogate itself through.

    Maybe some little hacker kiddie got caught wanking it by his mom and she deleted all his pr0n so he's on a "if I can't have it nobody can" rampage.
  • Once again, this is Windows only.

    Damn! Obviously, Linux isn't ready for the home user.
  • by Blakey Rat ( 99501 ) on Tuesday May 16, 2006 @10:33AM (#15342732)
    While some opine that this trojan might have good intentions, remarkably few things infect the text files this trojan also deletes.

    I've attempted to read that sentence about a dozen times, and I have no clue what the writer's trying to say.

Pascal is not a high-level language. -- Steven Feiner

Working...