Alex Kidman08 January 2009, 1:00 PM
A fake keygen for pirated software tries to stop you pirating anything at all by blocking out popular Torrent sites. Hollywood probably loves it. Perhaps they even programmed it.
Antivirus vendors will tell you that the modern virus writer isn't after mucking up your system at all; what they're after is your identity, your passwords, and, ultimately, your money. As such, most Trojans on infected systems tend to try to remain as unobtrusive as possible, given that there's no point in making users aware that they're revealing their inner secrets (or acting as a zombie PC, or both) to the bad guys.
The latest Trojan off the block, however, tries to take the "ethical" route -- if software that illicitly installs itself without your permission can ever be called ethical -- by taking only one specific action. Troj/Qhost-AC blocks access to popular Bittorrent search sites Mininova, Suprbay and ThePirateBay on Windows systems along with popups and audio warnings that "downloading is wrong".
That's it. No obvious attempts to siphon off credit cards, get your system serving pornography or Spam or anything of the sort. Although we can't help but feel that if the author was intending to be ethical, perhaps a sound file that said that
illegal downloading was wrong might be more accurate.
It's actually a very crude attack; all it does once downloaded (
this post at TorrentFreak indicates it is most likely to come packed as a fake key generator) is modify the Windows HOSTS file to point to 127.0.0.1 for those particular sites. Antivirus vendors appear to be on the case for this one; here's Sophos'
rather terse description file for Troj/Qhost-AC, which strangely enough doesn't mention popups or audio files as part of the problem. As always, and without condoning software piracy in any way, it pays to have up to date anti-virus and security software running on your Windows PC.