Indonesian Malware Authors Unleash Piracy-Fighting Trojan

Malware analysts at security firm Sophos issue alert about a new threat that damages all the MP3 files on hacked computer systems and asserts to fight against piracy. This file is known to have originated in Indonesia, and is spreading via file sharing networks.

Troj/Samson-A, as named by Sophos which categorizes this malware as a Trojan, is reportedly having a dangerous payload. At first, it gets install into Windows folder as winamp.dll.exe and establishes a start-up registry entry.

The Trojan then makes itself visible by flashing an alert every single time the PC reboots. The English translation of this alert message written in Indonesian reads, "Stop piracy Musician Affairs, Do not Use MP3 again (quasi quasi-an) huahahahahaha!," said Prashant Kumar, Security Researcher at Sophos, as reported by SOFTPEDIA on May 30, 2009.

Kumar further added that it appears to be the work of some Indonesian malware authors who believe that they can prevent piracy by infecting the computers of people.

Additionally, to evade manual attempts of removal, Troj/Samson-A inactivates the registry editor of Windows (regedit). The Trojan also disables the capability of Windows Explorer to protect system files.

Security experts said that the Trojan not just warns the user to avoid using MP3 files, but tries to compel him to copy itself on all files on his PC and to add the extension .exe to the real file names. It also prevents media player Winamp from operating, if found installed on the PC.

According to Kumar, the Trojan tries to use Indonesian band "Samsons" and the lyrics of their song "Naluri Lelaki" to lure unaware users to click open the file that itself bears a Winamp icon on it. Thus, it appears as a normal MP3 file to user.

So, it has become crystal clear that the entire format has been fabricated by the malware authors to infect the computer systems of the unsuspecting music lovers by enticing them to open a malicious file. In this way, cyber criminals have imparted yet another interesting face to their malicious campaigns.

Related article: Indian Financial Industry Facing Rising Online Fraud

» SPAMfighter News - 6/3/2009