Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Koran-Spouting Trojan Is First Example of Moralityware



 By: Paul F. Roberts
2005-09-07
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Malicious software monitors IE title bar and displays religious warning and freezes system whenever user visits a porn-like site.

A new Trojan horse program that first appeared in Iran may be the start of a new malicious code trend that might be termed "moralityware," according to antivirus company Sophos PLC.

The malicious software, dubbed Yusufali.A, contains a feature that monitors which Web sites a user visits. The program springs to action when the browser loads Web sites with addresses that contain certain words, like "teen," "sex," or "exhibitionism," displaying a message from the Koran. The program is considered a low-level threat but may be the first example of malicious software acting as a "moral guardian" for Web surfers, said Greg Mastoras, a senior security analyst at Sophos in the U.S.

The new Trojan is distributed as an e-mail attachment and only affects Web surfers who use Microsofts Internet Explorer Web browser.

Resource Library:
The program works by monitoring the Internet Explorer title bar, which displays the name of Web sites that are displayed. When a Web surfer visits a page with a keyword in its title, the Trojan springs into action. It minimizes the current browser Window and displays a message in a number of languages, including Arabic and English, that reads, in part: "YUSUFALI: Know, therefore, that there is no god but Allah, and ask forgiveness for thy fault, and for the men and women who believe," the company said.

Symantec patches corporate anti-virus. Click here to read more.

The message is displayed as long as the IE window containing the offensive Web page is left open. Eventually, a second window appears that traps a users mouse curser, requiring the infected system to be rebooted, Sophos said.

Sophos first identified Yusufali on Sept. 4 after a customer in Iran submitted it to the companys virus researchers, Mastoras said.

The Trojan is not sophisticated and doesnt attempt to spread or install other malicious software on machines it infects, Sophos said. Other antivirus vendors, including F-Secure Corp. and Symantec Corp. did not list the Yusufali Trojan.

Sophos has issued a software update that allows its customers to stop the new Trojan, Mastoras said.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Koran-Spouting Trojan Is First Example of Moralityware
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Paul F. Roberts
 


x}ks۸jF'ϘCO[R-':-K'wKEI1Emev~ٺ /=hɏLf7NŖhݍFh"GI"g>4193<:pA,ΫWo|wП2-C;n-dȀ~w0تe򩛩WwGkN|Yb6rmO |l܇70>!خE&.2ؗCYև=m`E}y`T5X<*R͗ pPފ*www;wiX{2 ۛAyΙRR5MQ;~]o ж8U>풋_} g od}#5y`Z*iԺxt:&IDz|=!Cnyj ݔEdBX^Kj0Úy >!%9)" :2P;L|ڊNm҄C>rB”:̸eR49Vˠ蟉$Wm4@rDYSl؅ RRr@@Z\~nV )ESEE7#DH vx0r!DKI88쁉UTwsQ 90u1;ztw,/Uմ(!޾k[ixk}T1}JlZK DQ"|БdmxZ.&h`CZ];L_`#Nwi.[W L9_,\1$ƔzN-h$>6(Zl׃$ǖA ϛL-s%08w{ɭ5z90ݻ}{`y1&}դ; Tgg ,u]@y2{c 6GX[ S&x K%ޡF\IQ ' dRJ4G!-i]R@Az6S? -,rr4  #!bX["'9Xt{B#=X/΍fb!ab -d[b|l e&vO`bBd|#'dXr`Y \`+|h)lb ը6؛RմR>UiܛK9bi]yf9$ Xɉ&1# K8Y)0Akz?H6o)qa6Â0ӊYsƾ sҸF~KM'95,X0NWj->! 2i0}MYgu1 :̑w:L:%\[Ķ`漃d:Nk'`l7?>y@O \n\0ħ4<3_N#ku7M"߄T 9u \Ʉ r}͚X 4ؐ)|&Bw7Cnc^ʒtU.F(kJg*V3Q2[Gq=ћS7RZC+>q^i.;[@Tg˺r+fYWA^ӛA/- B[+ I RL% 㵇Zԕg:K_jihH*6y9bXJ.Gb&^fѢA܆8=T=X1m ,ߪ&UY97>2ei[ahhKx2ʸAJg[ e kuPC6ɧsq\'gsmO>X`3Q,C*"P*}a5)40ӹbp\ߓq |b0lFCۜOCݳa紹.lK {&jFd>j6 'L[AHz{$3͉V*a0&؋T s\ݙ-ZD_v` /FI?րH{A2,e,g6GiwA،[sEi8"97$]rɭ#©ѧj!| j x0A(#۝z{¨0Qк+ym kcXe[;pM2=H} [L l{lRIB<OR]'Xk5.=_)GpVRbZP2ofP&ͼ܈)T3Cc N_Ι8og kaA^Sz6gn-&qGש%XTXe17 axq+ #t8Ε TNjZahtWZ/YQS-fc~Hc +pDa\PO o0pW;PV8G& |!"GBg%ڗ!pwC(Z2Ի1ubxH}#C"L`w?!+ Oڬ̷Ow^o_P4+SkP@xAܚ:z,. HT0{oV1hPa:5U)T*~iZ'5^,߬C2Swa54f;OGw*O6h)לC06U{z@nb)Z'-ǗvhXrD噓>&7σ=OdЛiφ9rN7dZIp|avJrekH˷Bgf\so騙kccXhUM+0` hSIlp灟08#=[ ٔ|{*b 5:_=F`=Ѝt;Gf' ܲB-o#<@V1'`;7==%(4Q4rbl2~6P$lֳ>Aql\_rI*%fb΁MOJy0=+@"UAұg.3O}1\]~;:Ʊw{>JixG2cdAJhUm{\ c4w6N11Q;Ev}l;_&I|SeYȃ얯)+I+TP*u?7u}w`-W*j: L*"GgC/ PN+J[CN$}T>V H/e~Ur>k7xџЯhL,5p B0_\G.^JybenzI2/l-CXnU*9k]4x#x`&HN8k8dAN**$Yqp|hq\3 6MF<;bkC s#fDH[h!oI3 ^8;Xs! }1z Ai0Eq8aVﬨ T1 +JG:g{ntE$ bT1J/_RBMQ=#DI}Lw G)^(֯Kѷo)F߀>1KwxEh[(kp vrh縵vIib~2)}@gMN9˞xJ 7(Í7"HdSO+C21CjikN)<?m[ħ{~Y^#Ӿ; zt@It;{7lOآ F]vl}[NS c`AGJ脲fye5. eH5NRMLC]OC/~JI$v+hQقt.dž5>۴8 .iۺmDR0&l)ZA!| Nr :n`e>b!G[yPb}b%ŵh0%W:B|c7?9Gs`ce5|>*}N=r;WNՃĶSg.'-k7 kdq߉آ:Gw*b,_k@ݎpne1yjg;t =z;jw]GٵD}0!,5gS \g3m~ `76Ԫe8Gq\x-3e\Q*ՆvXg) QОꆅ(I\qm^{P +ƂG.#Qr^{aw.p]ʜ(=~!K5ƺo9q>qFxn=͞wZ^,d1[8s(eJٽdXviamǡ850zNt,4P$9UrZ-U $]td%^F&vZpA2&j%3 <ki^h w4l>mC]j^olfU]IwZI>.%~W)R-f7Yj-r"J]ZD܎qw5V {QN)xu%0ʪԀ<9d/Ah&v?KY;+!bi8V=T>w3ZyDziGp7z=X2gr}v3l8O2s&8<oġFeuw#S''Sc3HF#%wkxyS˰&lF@|Րg;a2*|b! \<e/&qFL|{|x|SqzH7V_O7TPGzԣSÂ5ir d]'Ǯ7+@9CR4`Halw" ,Ʃ{Hĵ$Lb!Ã٧x& cٝK/[>XB-X*_z*K];D#@^Fg.ՕZKiӹЏ 3vE\0Y[q9pdN@:|˴J03CDe;ij-^sct֪.PY6 N3gdxq]8jG^'zg6S=/ 72d@M[vlx3#>[}݋"fbR'+e{ x<fr3r{nR9G!ŕ 9nY B+F^+OAC`ssCzo!df1 '^l^k1}wu HTOiȮ g~4ꁲczH"l=S,zM? ԼwL.(Ojx<^ly0+H͋& C},6S[5?CMDD4AX$hM 4 2)2 ,cRd=gh9K*iϡ)9E43 0HAE|!*n=6Δ^!ej<*p׳&GE)i?Krh9KRÅ%(;[Y tI]M$ Wf#" imqeg)}i.x5,I9>:S7gxuUxAQp&b36e >KgIǺi2ruӾ4%Kč E,$E᰾5ٚly}*[UIR`R6ҳKS9-kĽšc-< mN(yo$Av׷*nRJ7V: ue0@TA?#$ =;ړcrl٪1s>VHJsVB>OD+lBVR֐bǯ@nCv-_,m&<{{,w MGrT)=ݑ''M+65p4EIvmQ`9g9=20\:#נ0K׶{`C3|c##863i97}gj_}jH]uC~{69 Hs;G$ξH \6.9 u|n,lY 0 ?'a};|uHXmkVc]z.relo&(7(?c$撈.V}'5u\f(<F "w*bUҶL+KX$>{ g="ZI[&G_d}dMsCܐϭIs5TJji k|G#sU~c*, jDy'_ݓwwwwdQQԃo?70~`FV\.z;x[b4K ?F=$a jVc_j{$rk1Nۤ3hW<µ~ܰV7\f7|<W̟4.:Rv";aE DO!oo7=D{S\뛖|yފ3WT<KMV7W]phHqLV7Y1+l-51;W՝P< #ЂZw=smdI&Z=AoHط8<J|m7Zt RP6.uQZDHp\7tX${:AX? 7oO? %GJ_S%Z Hͩcs (:3"3X;- [!M4:"X8oZ1ԩ?ZwZ%kvi݃_#wYԗygL{l{eU߭`_g'^ͬ^JyKkj{c;i)/h}K\"7Х'߂8]ͬzmM_aTym6Yû{c%d;6LHjfo?hV2{Ul(I#wۀچűU<+V*߹"Zzm,ҩ}KeZ_KGlp,ɉqIzc~u|P2{' ʬkwI3ƱTHXL`!L43+xDș @K=^"98\"O/`.yv?k[Y '<@VռҞ_F»G]ݷ(8Ux0od=VD &xw-r= T׫WOP5{H{!T6}^Y6T`tq"{wo~kʾVW,MY+ Zz^EHKw':AS 06${U"xq"fSh f0]QCu&[OD'? KD)PG%>#C~4xL;C3TTs}2A$ZD$ Q qI'{@=^t =z)w| Î81(A]sF9-0|e 5*2n?-G~_tbk`g$Pְj ۵'$e}YĆf('*4+a'|Z;|JeNsq=PV4 Ʈ(JbadW$ƽ%d9׾cL9iʊbI|7n@j PZC )p.8ޘEParC_qeQ!.CAy%e3.Nus d"ΉTh,V.Xkc.+ZY9PWK.dD9moFs!5¿L\ E5)$Sx/ L9" H!Ҭ$w#\}P |]Cwq+$_*JvN[/-'N8AnJaP&gr5+ Sp/;Ry_Պ{$Gop= Pm̼O4OG|S Cr+_\qx## k cUN||z['AU}H%H#OZ̄D!|^&? qyl~@~hEsvW"k`4Cߑ;œȀ>'죃B/7;L,xrX ]XV\A6=x״#l9e`bc4'VZw}\o|JC75|$rEC9Ҕ=$Ԛ.:ʁ?HE ןX3|U%?@9 dU M]/WnrlĄ[%&9a k(ExH75bۈ$1Q<3DDc^°͈1iqm@eB5i}ݺdbWo@$P`+wdcF.\|9OH"ib)u(bUd 7OT-,(OB5DubSJDin$|s 731dٔ,0@uv2"<.ӻS&+کi+6O C=%g;͂ o98tT++ʾ|{}ag;ĶnN?8J1)t/HDqg;X{x2{=1QobS{JBveX zb,Riӫft>uZV5x Zѷ`Kdԭs>|ܾ|ںh^^.Ldg&cR0,g?ehӋy)3C9Mj6C\pxgIx>+ah,.6qtk(w[ݳ(%lFyї51,o 0y/L 7NNNԆC~~ċxYj8h751-M/ 2eN+MoSHNy%fԼV(8vrzw} ङ O>)yw!L}k}~$SoCZ)CL"%JN??g)a99?O=O9<>y )yyŸ()_|O)!}J? ){2 ?)sw2~m;m?N/)q /S_\O;)w)Yc }Oiߧ>>SڿNi:s$CH%.NpRQ K/Aa uq)@~ JN,c/S\gL{ 9[?.'u CFWXuL,uDd'h3.ős_\\z[0MnO0t(G.vٸ)n/fpK{CG0V]*k*85Ϙ::S +FW`%I1zv;Oa45Ert5 H31X70 <@R#g֗JM+er)SaG;bo_O}ɪ"+w93mV+)B`"( D:QȀFuo*K0>rz!r1 4aԭxKQWp E ұ[Útbe *jf"ጽNۯH Dfǁgw;B/g}r{ ϛa<ܤUoa2iR ^Ėٵv":GoɘqFߞG ?n 3Dԛc!o 4@[4XbXC*wA 9A/|>N<&23Mť{!Pe)uLz[>*'(vYzf['lylb)mbrւ:!Veɑwؼ!ɷFb1SO}M~08w8[]^ȇ^ݪ /F tq n#aPW Z.H;c^2a5quIY^60`"']EL}t11-Xu1hOԺ$bx5$G2x[%059xmAfmr{^f$jA+_acӞ "Ky Ga,\~L tgK\۞@]3AK,HyGl;A>!'73L߳WˤsMd Y~2|e'WO:)3ЄBlKڝ_0g5g p7,t Oa)2!{ /]XRCR`xϡI”my6#4|O :S2U1ւ_jgз/ى{KV9S&M–5ȅ3RZ"z6~ː _X)ul|o|B,{kwl`VB`NZm=M"s<`"d԰tk /[vNU88ٶ2OA=p O+e[ kc'p'Frd{Ko˾3pL%^ϐ Wݜ햯 OXo| 8ho.t2~6g>(_ђk0sC/7^J D O.y(@OD07"6z.5imj/KEp*e;1MP`x3I|"#*Ю-^x9Na^q=Ӹ+Aю(Ym0g7 o%#m\$C`WH؂{ʐwXh[|r=S.u 7tle" @= mEaT %`GYU`Kr 8ǩ=`hq#1tԭ(??_CnC.jmnJQuFEmhT[ ! l+ {m';u{dC7* <9MA =[=܋;}#\81F`m˓ ɸ{%̅2 !ZxyU~ҥNpDq1vLb9;E"N%%6$`m5G0X1#(R9(t7]NaN*ϭ>_ڦ1s"p\mgLXUJrUyox[^٠#NylT$R#:ri|}gLohۄ&  ,&jxBi6e1w0s XBL IS slt*2X<>Ŭ"D0Nĵt&vж?6g8"ac#71L d[\?مt.C=#఼8j'³x ŧ$qNb‚ biy༥[x/|CޱmtWԣo+|r'5W?N^20l7/ceg^*-x̴|e~fu|ycDWfY=vs@1~`x8P2C^t]8:(1}#t;QwgP  O33Uy@ rnÉwQSy5r\h,gHݻ pq6]eV˒/ÀA@@crX{{Gj5n̵y  KfɈ0fzhhOUbf?1Dct=|G32鰺*Ї) 0՝/CUQ4H6TwoR&(C0+jF'ΎK^X.̃JJT@K}:؋cSÄ^K@n}oD/p%Z'w&_uxT`߂ jM8h+;՝ vHG\_=ȴ `f e$B^֢3sgV%OA,e4hun[0M$ Q M~Q8]?Hl Gf[¥[fίA{KjlMXGt/ 1FLGWXs LfٴO,5 ےZM.Y/@BDJ&&VI8īk>7/~>TNtg/OIJ?e|ea 5YP0~fݤ/KoԱu$; t2Wc\`(7n(-5H' v:W21jvl$^9fQeě^ ]}1v3<^apeqc@*7mL4!|{Vk|kB MČ.Pqh{ B>DǘWj[{=P+Z]?#яŹ};.l= bcv+Ҏ)bOLRppu`JE=MؼݤANЯxk)s*!bE.f˼JVˆ6]R 酫a6|WIxP-im z,Z~+*$ 7=auϸČC0Şv'BR+rQk|YYZ֎ n6E ش<^/Z#بMg?eI[4qIH RX)Xq`ԓ!wf^ĕWe]x5|]l]C0ƀ4TɌjkߐJwY.s|xV 02Fd1$UKTCWvUetJ0,J5w\&HD8~;6E&A5DKcachfg.Ӱi|1;dp\2wh2ڒGx\ٓ)Un@C' d dtϚ+\CFEW:m> Z} \ }׫~mF {%>(z{"}־:L;U]?^HAAytNqVi_4 'eu.^_A5Ffݯo=a,6=?J}G.