Sophos reports that the trojan Troj/Pirlames-A and its variant Troj/Pirlames-B, are being circulated on the Winny file-sharing network. The trojans pose as screensavers, but when downloaded and executed, they overwrite various files with images from popular anime / Ero-game Kanon.
The images contain statements that warn the viewer to stop using peer-to-peer software like Winny.
The images contain statements that warn the viewer to stop using peer-to-peer software like Winny.
1. "Ah, I see you are using P2P again... if you don't stop within 0.5 seconds, I'm going to kill you."
2. "This is a visit from the prevalent Piro virus! Stop P2P! If you don't, I'll tell the police!"
3. "Ugu! It's me, Ayu Tsukimiya! I think I might start destroying downloaded files and P2P software now..."
4. "Taiyaki, taiyaki, oh I'd like to eat some... If you don't bring me some, I'll destroy your files... If you don't stop using Winny, I'll expose you to the police... "
more infos here and here
...creepy, for this to be a trojan. Uguu~
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Kagamin Virus
WORM_HARADONG.AL This worm arrives on a system as a file dropped by other malware. It can also be downloaded unknowingly by a user when visiting malicious Web sites. It can also arrive via network shares. Upon execution, it drops several copies of itself on a hardcoded path. This worm propagates by searching for files in all accessible network shares. If it finds files inside the shared folders, it replaces said files with copies of itself.
In addition, this worm displays an immovable window on the affected user’s screen with the following image:
This worm arrives on a system as a file dropped by other malware. It can also be downloaded unknowingly by a user when visiting malicious Web sites. It can also arrive via network shares.
Upon execution, this worm drops copies of itself as the following:
* C:\KAGAMI\explorer.exe
* C:\KAGAMI\JPG.exe
* C:\KAGAMI\taskmgr.exe
Note that C:\KAGAMI is hardcoded in the worm’s code.
more info here
.....tsundere attack!!!1
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
“I Dont hate Mozilla but use IE or Else” virus…
more info here and here and
cannot use firefox...?
In addition, this worm displays an immovable window on the affected user’s screen with the following image:
This worm arrives on a system as a file dropped by other malware. It can also be downloaded unknowingly by a user when visiting malicious Web sites. It can also arrive via network shares.
Upon execution, this worm drops copies of itself as the following:
* C:\KAGAMI\explorer.exe
* C:\KAGAMI\JPG.exe
* C:\KAGAMI\taskmgr.exe
Note that C:\KAGAMI is hardcoded in the worm’s code.
more info here
.....tsundere attack!!!1
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
“I Dont hate Mozilla but use IE or Else” virus…
more info here and here and
cannot use firefox...?
0 comments:
Post a Comment