Anti-virus vendor Sophos is reporting that a new trojan horse is attempting to block access to Mininova, the Pirate Bay and Suprbay. The trojan, named Troj/Qhost-AC by Sophos, is changing the hosts file on infected Windows machines to redirect users to the local IP address 127.0.0.1. It also adds the comment "FuckYou" to that file.

From the Sophoslab blog:

"While inserting the comments “Fuck You” into the HOSTS file is probably not a nice thing to say, it is definitely quite unusual to see a Trojan do nothing else except to deny the infected machine access to P2P websites."

Conspiracy theorists will probably argue that this might be a virus written by or on behalf of the entertainment industry, but I think it's much more likely that a user of a competing torrent site is behind this. Why else would the virus include Suprbay, but fail to mention other much more popular sites?

Still, one shouldn't dismiss this as a silly grudge against the Pirate Bay. Qhost-AC seems to be based on a similar trojan that blocks access to security websites, and Threatexpert.com is reporting that another incarnation of the virus is not only blocking access to torrent sites, but also opening pop-up windows for rogue security software and downloading further malicious code form the Internet.

Tags: , , , ,