CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 31st, 2009

Lame Malware Attempts To Stop Global Music Piracy

A new malware attempts to stop global music piracy, which incidentally seems to be on the rise lately because of the economic downturn.

It looks to have been written by some Indonesian script kiddies who seem to think that by infecting people’s computers they can stop piracy.

The malware  attempts to use the Indonesian band Samsons and their song Naluri Lelaki to entice users to click on the file. The file itself comes with a Winamp icon on it, so it looks like a regular mp3 file to the user. When the file is clicked it modifies some registry entries related to WinLogon, so the victim’s computer displays the following message box before they can log onto their computers: “Stop pembajakan Musisi Dalam Negeri, Jangan Gunakan MP3 lagi (sok sok an) huahahahahaha!!!”. It can be loosely translated to: “Stop piracy Musician Affairs, Do not Use MP3 again (quasi quasi-an) huahahahahaha!”

The Trojan will copy itself onto any mp3s found on the victim’s computer (with the same name as the mp3 file and an appended “.exe” at the end), thus destroying all mp3 files on the system.

The Trojan will also shutdown Winamp as well as copy itself to the Windows folder on the victim’s computer. The following registry entry is created to run winamp.dll.exe on startup:

HKCUSoftwareMicrosoftWindowsCurrentVersionRun
ServiceOptionMP3
<Windows>winamp.dll.exe

The following registry entry is set, disabling the registry editor (regedit):

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
DisableRegistryTools
1

Registry entries are set as follows:

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
DisableRegedit
1

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
NoFolderOptions
1

HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
LegalNoticeCaption
STOP PIRACY!!!!

HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
LegalNoticeText
Stop pembajakan Musisi Dalam Negeri, Jangan Gunakan MP3 lagi (sok sok an) huahahahahaha!!!

Credit: Prashant Kumar, SophosLabs

Share this item with others:

More on CyberInsecure:
  • BitTorrent Users Are The Targets In New Anti-Piracy Scam Emails Spam
  • Unsophisticated Old Malware Abuse Twitter To Build A Muslim DDoS Botnet
  • Arabian Anti-Piracy Alliance Website Defaced By Hackers
  • Hadopi Anti-Piracy Agency Website Turned Into The Pirate Bay Due To XSS Vulnerability
  • Online Music Service Spotify.com Breached By Hackers

    • Posted in Malware | Print This Post Print This Post

    This entry was posted on Sunday, May 31st, 2009 at 4:16 am and is filed under Malware. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Lame Malware Attempts To Stop Global Music Piracy

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »