New Porn Virus

Gretchen Gallen
LYNNFIELD, Mass. -- Just after the release of peer-to-peer virus W32/SpyBot-W last week, the latest viral newcomer is posing under a variety of porn-related file names.

Sophos, an information and anti-virus software provider, released an official alert to the Internet community about the tricky worm that attempts to fool users into thinking they might be opening a file on the latest Jenna Jameson photo spread, when in fact they are opening a Pandora's Box of trouble for themselves and all other users on the Kazaa peer-to-peer network.

"Most worms and Trojans spread through email attachments," Chris Belthhoff, senior security analyst for Sophos, told XBiz. "Now increasingly virus writers are using peer-to-peer because more people are using them, and Kazaa tends to be the focus of these attacks because of the popularity of its platform."

According to Belthhoff, the W32/SpyBot-V copies itself into the Windows system folder with the name iexplore.exe, or with a random name. After its initial entry into the system, the worm creates the folder \kazaabackupfiles and copies itself into this folder as divx.exe, fdd.exe, fuck.exe, gay.exe, lesbiansex.exe, matrix.exe, pamela.exe, porn.exe, slsk.exe, torrent.exe, and xvid.exe.

The worm then sets registry entry points, terminates certain utility programs, and logs on to a predefined IRC server and waits for backdoor commands.

"In order for this virus to successfully infect the system it needs to find a system that includes the Kazaa end user application," said Belthhoff. "Then it fools the system into thinking that there is a new Kazaa shared file location and dumps files into it."

At that point, an unsuspecting Kazaa user looking for files on sex, lesbians, or porn, types in that keyword and the file pops up. They download it onto their system thinking it might be something fun, when instead the virus spreads and the cycle of propagation begins all over again.

Belthhoff told XBiz that so far they have not yet recorded a high level of activity with W32/SpyBot-V and that most anti-virus software programs seem to be doing a pretty steady job of preventing a widespread outbreak. Additionally, the virus will disseminate through the users private network as well.

"If this virus or any other virus is really infecting your network," he told XBiz. "Then you're not likely to know it at first. Whereas an anti-virus software program would inform you immediately if it was trying to get into your system."

According to Sophos, the very first computer virus was born in Pakistan in the mid-eighties when two brothers who ran a computer store became frustrated by computer piracy. To retaliate, they wrote the first-ever recorded computer virus named 'Brian.'

"From those simple beginnings, an entire counter-culture industry of virus creation and distribution emerged, leaving us today with several tens of thousands of viruses," states Sophos.

The viruses of the late eighties and early nineties were fairly primitive compared to the sophisticated Trojans of the 21st century, says Sophos. What started out as malicious code that could potentially re-formate hard drives, has become increasingly destructive and can target specific industries to wreak havoc and destroy personal and professional reputations.

Sophos currently protects against 85,357 viruses.

Security expert Symantec warned the Internet community this month that on the heels of the busiest Internet security year in history, the year 2004 promises to be twice as wrought with viruses and worms.

According to Symantec, the pattern of attacks in 2004 will follow the trend set in 2003, with a major attack every few months. And while mass-mailer attacks will still be the most common, hackers will be looking for more ways to attack, including instant messaging applications.

"From an IT point of view, IT managers are going to have to start watching all the protocols and all the avenues," Symantec said in a statement.

Last year a worm virus known as "Homepage" swept across Asia, Europe, and Australia. Once the worm was triggered in the system, it automatically opened a blizzard of porn web pages.

Even the infamous SoBigF virus got its start in porn. The FBI tracked the origins of SoBigF to a porn site in Phoenix, Arizona. The virus was first posted on the Internet under the disguise of an explicit photograph in an adult 'newsgroup.' When people clicked to download the picture, their computers became infected and spread the virus, which emailed copies of itself from their accounts.