Further down the road, the archive didn't include mp3 files. The downloader only gets a an executable named Setup.exe. Sophos has been playing around with the file and discovered the following:
“This was a Visual Basic program with some weakly encrypted strings.[...] It turns out that the sample is actually a worm, not a Trojan, that is fully capable of propagating itself over the Gnutella network by sharing itself. What’s more, it doesn’t actually target Grand Theft Auto at all. In fact, we also turned up samples of W32/Zipwire-A when searching for several other popular games, including Team Fortress 2 and Two Worlds. Again, these samples are the ones that are exactly 113.3kb in size.”
According to portalit It's worth noting that the writers didn't name the malware themselves, but actually programmed it to get the most popular name available at a certain time:
“the worm actually picks names it thinks will be popular downloads, not by using any hardcoded list but by downloading pages from sites that index BitTorrent trackers. This is a novel technique and we can assume the reason Grand Theft Auto IV turned up in that list was because of the prevalence of illegal pirate copies on the torrent networks around the time of its release.”
In other words, don't be amazed if you'll get the same malware at some point in the future, only it won't feature the GTA name, but something in the lines of Britney Spears or Timbaland.
0 comments:
Post a Comment