Malware Attacks to Disable Screen-reader Programs
A malware item that targets partially-sighted and blind surfers has been found circulating in the wild. Quite a number of blind surfers had written messages on online forums telling about their PCs going inactive since the Christmas time of 2007, according to anti-virus vendor Sophos.
Researcher Vanja Svajcer at Sophos said that the computers went out of action when software applied to read the text on screen and transform it into speech all of a sudden halted. Interestingly, not all surfers had deployed the same software for screen reading, Svajcer said in a statement that Webuser published on January 18, 2008.
The miscreants offered a counterfeit 'crack' to run JAWS 9.0 screen-reader program but it was really a Trojan to attack the JAWS software and similar other screen-reader applications. Surfers had downloaded and executed a 'crack' program that allows the widely used JAWS screen-reader to run without requiring a license to validate it, but the program downloaded started to behave like a Trojan. Fortunately, affected users soon identified the fault.
The Trojan exploit running wild since December 26, 2007 hunts for process list containing names of popular screen-readers like JAWS, Microsoft Narrator, Windows Eyes, Kurzweil and HAL Screen Reader, after which the malware disables the software. Once that happens, computers of affected users become unusable.
There are more acts the malware performs like shielding its processes prior to shut down. This happens with two processes checking each other if they are active and starting a fresh instance if necessary. The malware also makes sure that its autostart keys are intact in the registry and retrieves them if they were changed or deleted. Just for this, Sophos recommends cleaning the Trojan using a virus scanner.
According to Sophos researchers, the programming process indicates the attacker possessed skill; could be even a professional software programmer. However, it seems the attack was not financially motivated, albeit its intention might seem to penalize people using pirated versions of JAWS software.
Related article: Malware Authors Turn More Insidious
» SPAMfighter News - 31-01-2008