Attention: New P2P Worm Renames Itself into the Most Popular SoftwareAdded: Saturday, May 15th, 2010
Category: Recent Headlines Involving File Sharing > Current Events
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, 2010, www.extrattorrent.com
The kicker of the worm: it copies itself into peer-to-peer shared folders renaming itself into any file from The Pirate Bay’s top 100 games and software, published on the BitTorrent tracker website.
The TrendLabs’ security researchers have noticed a new worm getting spread via peer-to-peer programs right like the threat which displays false copyright infringing warnings. The difference of this worm from most known ones (which usually use the hard-coded file names trying to trick people by pretending to be a useful staff like actual software, cracks or key generators) is that this Worm_pipupi.K renames itself regularly, using for this the names of the files listed among the top 100 software and games titles on the Swedish Pirate Bay BitTorrent tracker website.
Why didn’t it choose the usual way? The problem is that when the malware uses the hard-coded method, it becomes obsolete when the software which name it wears becomes antiquated. Our Worm_pipupi.K passes this over by using the names of fresh released software. It does it by visiting The Pirate Bay website every time it executes in order to change the name into the new one. As such, the sly worm will never find itself unpopular among the users! After that it leaves the copies of itself at the peer-to-peer shared folders under the names of the top 100 games and software files. The malware uses the names from top 100 software and 100 games, loaded from the following links:
This way it can later drop up to 200 copies of itself into the network with every execution, and provided that it weighs 254,604 bytes each, the malware can occupy a significant part of your hard drive over time.
The malware is reported to be spread over most used P2P applications like the eMule, Kazaa, Ares, BitComet, FrostWire, Bearshare, Limewire, Shareaza, Lphant peer-to-peer networks, and also through removable drives.
What is worse, the copies of the worm’s source code are also reported to have been found easily available in some underground forums. This means that any malicious programmer will be able to add some other payloads to the malware, like backdoor capabilities or downloading routines, which won’t be very good at all.
May 15th, 2010Posted by:
Saturday, May 15th, 2010
|Thanks for the info SaM.|
Tricky little bastards.....
|wow! thanx for the super article, thanx SaM|
all types of malware is bad-crack but this worm changes name so it's difficult to see, as stated above.
thanx SaM nice post.
|posted by (2010-05-15 16:56:09)|
|Thanks for the Info.|
|Thanks sam for the info, hope the people find something to stop this thing. As always I'll keep my files up to date.|
|posted by (2010-05-15 17:07:22)|
|thanks sam nice share of info..|
|heh i'll just stick to downloading movies|
|lol good thinkin abt to d/l only the movies|
|thanks sam for the read also is there anything to fight it with|
|your articles rule sam.i've learned loads from em.sadly its nearly always bad news but its all appreciated.when will they learn that they'll hurt themselves just as badly in the long run?|
|posted by (2010-05-15 22:30:13)|
|I hope that whoever invented this gets worms. Mongolian death worms. And that they eat him from the inside out until he's nothing more than a pulpy mess.|
for this wonderful article
|posted by (2010-05-15 23:44:54)|
|thanks for the head up Sam! Very useful information!|
|posted by (2010-05-16 03:16:24)|
|whats some preventative measures to not get this... can it be extracted thru torrents??? or just direct downloads???|
|thank you for the info. Any suggestions for a good anti-malware program?|
|posted by (2010-05-16 09:48:59)|
|i think it's bs as it sounds like a publicly stunt so TrendLabs can sell more software just like|
PrevX did a year back but when it was found that PrevX was dumping rootkits and malware on peoples pc's on purpose to spy that's just my opinion don't hold me to that
|the early bird gets the worm..i like worms..i'm canadian and i love fishing..joking,|
thanks Sam..good info
|This "NEW" worm isn't really a new worm.|
Just another variant of what is out there in the wild.
If you kept you sfotware upto date - YOU DID?
Then you shouldn't worry that much.
I scan ALL FILES with different malware detectors and even if they all declare file is clean - well you make the choice in the end.
I also don't use malware detection software that uses name tables - old and also stupid if the company hasn't put out updates fast enough LIKE ALMOST EVERY DAY; then you could get infected.
What is really needed is some "white Hats" people to deconstruction this crap and find the makers signature then go after these people ourselves... YA know a little cyber justice...
I have had script KIDDES from a very well known ISP using three letters try to crack my system; yet they ALWAYS leave themselves open for payback.
So remember whne you act stupid and wonder why you partition is gone heheheh.
Malware detectors don't consider a simple bat file a threat when all it does is on reboot kill your partition using microcrap commands... Of course this is just a fantasy RIGHT?
The real problem is government sponsored malware and one really big threat is CHINA, North Korea,and others..
|@ menahunie: China? North Korea? Who taught those bitches to use a computer in the first place?|
|Yes malewarebytes is probably the best i've seen around in a while. I take care of over 300 grocery stores servers and when they get virus's its usually Malwarbytes that cleans them up. If that doesn't do it we use Combo fix.. bad thing with combo fix is... it takes the virus.. and anything attached to it.. no matter how important the system file.. sometimes its ok.. but alot of the time its not. Good article.|
WE did; they went to our universities and schools...
|malwarebytes is the best ive used|
|posted by (2010-05-19 17:09:45)|
|Great article. I'm sure everyone would agree we need more of these @ ET|
Wonderfull job SaM
Big support to menahunie
no one will help us if we don't help ourselves
sorry to note that I don't have WH skillz, but I atleast try not to be a carier of that crap along the way, multiple scans & fingers crossed
when it comes to prc and dprk, yeah, but there is a lot of scum everywhere, including big Co's racketeering us with their anti-stuff
Just hope that some day (better sooner than later) there will be a group of guys willing to hunt those sorry mf's down and cause them a proper damage they deserve
hope to see that day coming...
best 2 ya all! as they say - ET the place to be... :)
Most Popular Stories