Vigilante Trojan attacks

[cdanteek]

Vigilante Trojan attacks other malware

John E. Dunn, Techworld.com

http://www.pcworld.idg.com.au/index.php/id...739;fp;2;fpid;1

15/05/2006 12:43:54

 

A "vigilante" Trojan, that attempts to protect infected PCs from the effects of malware caught while using peer-to-peer file-sharing networks, has been discovered.

 

The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations.

 

The assumption is that because the Trojan is only deleting certain file types in specific download directories used by P2P programs -- one of the main sources of inadvertent malware infection -- it is attempting to protect those it manages to infect.

 

The catch is that the program also attempts to subvert certain security programs to aid its activities, which opens the user to a more general risk of infection or program instability. It also appears to steal information.

 

The company that first uncovered it spreading among its customers, Sophos, has dubbed it as a "vigilante" Trojan, making it an extremely rare type of malware that could have some beneficial effects.

 

"The Erazer Trojan is a vigilante worthy of a Charles Bronson movie, taking the law into its own hands. However, it's perfectly possible for the Trojan to aim poorly and wipe out innocent files too," commented Graham Cluley of Sophos.

 

Vigilante it might be, but the Trojan spreads in the same way as those pieces of malware it appears to be targeting -- via P2P file sharing. It can also, of course, be used for malicious purposes, so this is a beneficial program most users would probably not want help from.

 

"I don't think this was written with good intentions because it attempts to turn off security," said Cluley. There would be nothing more dangerous than for people to become accustomed to the idea of "beneficial malware" because that might create a false sense of security.

 

Or is Trojan/Erazer-A the ultimate social engineering Trojan, one which fools people into accepting its beneficial promise, only to cause major problems when in its next incarnation as Trojan/Erazer-B or C?

[Brendon]

Another attempt by the Big 4 to prevent P2P file sharing??

 

They're certainly not above infecting users' systems with rootkits and the like.

[peterg8]

Does this mean that it can wipe out tracks that I have copied from a CD that I have purchased and am converting to MP3 for my personal listening pleasure, and have no intention of sharing with anyone, although I reserve the right to listen to it in the company of one or more others for our mutual enjoyment?

[Beerman]

Does this mean that it can wipe out tracks that I have copied from a CD that I have purchased and am converting to MP3 for my personal listening pleasure, and have no intention of sharing with anyone, although I reserve the right to listen to it in the company of one or more others for our mutual enjoyment?

Are you a laywer?

I can't see how they could ever get away with doing what you worry about. That would be a sad day in our internet life if that were the case. But I understand your paranoia.

[Brendon]

Does this mean that it can wipe out tracks that I have copied from a CD that I have purchased and am converting to MP3 for my personal listening pleasure, and have no intention of sharing with anyone, although I reserve the right to listen to it in the company of one or more others for our mutual enjoyment?

YES

 

It's a trojan, a harmful program, and deletes files. Protect yourself wi from trojans with a good antivirus system and safe surfing habits.

[grandpabruce]

YES

 

It's a trojan, a harmful program, and deletes files. Protect yourself wi from trojans with a good antivirus system and safe surfing habits.

 

[REDWAGON]

YEP !!!

 

Frank.....