A new Trojan horse program circulating around the Internet this week appears to be on a moral mission to stamp out adult Web sites, according to security research firm Sophos.
Instead of snooping for sensitive financial information or secretly taking control of an infected computer, the Trojan horse, called Yusufali-A, monitors Web surfing habits. When it spots an objectionable term such as "sex" or "exhibition" in the browser's title bar, it hides the Web site and instead pops up a message taken from the Koran, says Gregg Mastoras, a senior security analyst with Sophos.
"Allah knows how ye move about and how ye dwell in your homes," reads part of the message, Mastoras says.
If the user does not quit the offending Web site, the Trojan horse eventually displays a message reading "Oh! NO i'm in the Cage" and forces the computer to log out.
Don't Open Attachment
Trojan horse programs are similar to viruses in that both contain malicious software that is installed on the user's computer. But Trojan horses, unlike viruses, do not try to spread to other computers once installed.
Other than chastising adult Web site surfers, Yusufali-A appears to cause no serious harm to infected systems, Mastoras says. Users must be running the Windows operating system and must click on an e-mail attachment to become infected with the program, he adds.
While Yusufali-A is unremarkable from a technical perspective, its moral tone sets it apart from other malicious software, Mastoras says. "It's remarkable to me because it's not really trying to steal any money or confidential information."
Sophos has not received many reports of users being affected by Yusufali-A, which is blocked by up-to-date antivirus software, Mastoras says. Users of infected PCs can remove the Trojan horse by following steps posted on the Sophos site.
Mastoras says he has no idea why the Trojan horse was written, or what the "i'm in the Cage" reference might mean. "One thing I never do is try to imagine what's in a virus writer's head," he says.