Ethical Trojan blocks Bittorrent sites

Antivirus vendors will tell you that the modern virus writer isn’t after mucking up your system at all; what they’re after is your identity your passwords and ultimately your money. As such most Trojans on infected systems tend to try to remain as unobtrusive as possible given that there’s no point in making users aware that they’re revealing their inner secrets (or acting as a zombie PC or both) to the bad guys.

The latest Trojan off the block however tries to take the “ethical” route — if software that illicitly installs itself without your permission can ever be called ethical — by taking only one specific action. Troj/Qhost-AC blocks access to popular Bittorrent search sites Mininova Suprbay and ThePirateBay on Windows systems along with popups and audio warnings that “downloading is wrong”.

That’s it. No obvious attempts to siphon off credit cards get your system serving pornography or Spam or anything of the sort. Although we can’t help but feel that if the author was intending to be ethical perhaps a sound file that said that illegal downloading was wrong might be more accurate.

It’s actually a very crude attack; all it does once downloaded (this post at TorrentFreak indicates it is most likely to come packed as a fake key generator) is modify the Windows HOSTS file to point to for those particular sites. Antivirus vendors appear to be on the case for this one; here’s Sophos’ rather terse description file for Troj/Qhost-AC which strangely enough doesn’t mention popups or audio files as part of the problem. As always and without condoning software piracy in any way it pays to have up to date anti-virus and security software running on your Windows PC.