Porn site surfers beware: A new Trojan horse is on a moral crusade to block sexually-explicit Web sites and deliver a message from the Koran instead, according to Lynnfield, Mass.-based antivirus firm Sophos.
Yusufali-A examines the title bar of an active window to see which Web sites Windows users are visiting. If it finds a word it doesn't like -- "teen," "xx," "sex" or "penis," for example -- it minimizes the window so the user can't see its content. Then it displays a message from the Koran, an example of which can be seen on Sophos' Web site.
The Trojan will keep displaying messages as long as the offending page remains open. After awhile it will display a button labeled "For Exit Click Here." Once the button is clicked, that box will change to another with vertical bars and text that reads, "OH! NO i'm in the Cage." The box contains log off, shut down and restart buttons and the mouse pointer is locked within the box's confines. All the buttons will cause the computer to log out.
Cluley doesn't think the Trojan's crusade will have that wide a reach. "Unlike worms, it doesn't have a capability to replicate itself and so has to be manually spread by being spammed out deliberately, or people downloading it from a Web site."
He said the Trojan horse is written in visual basic and doesn't appear to be connected to any other well-known malware. "It's more of a quirky piece of malware than a significant threat," Cluley said. "Obviously, some people might construe it as a good Trojan because it blocks access to some adult sites and displays passages from the Koran. But from our point of view, no malware is good malware."
He said the Trojan horse was sent to Sophos by a customer in Iran. "It seems likely that it has a Middle Eastern connection, but is not obviously linked to anyone specifically," Cluley added.