In last Friday's blog titled Hello Screen Saver, Sayonara Files, we reported about Trojan.Pirlames, which can be obtained through peer-to-peer file-sharing networks.
Today, we found a couple of similar Japanese Trojans; Trojan.Haradong.B and Trojan.Pirlames.B.
Trojan.Haradong.B masquerades as a Windows screen saver file or .avi file with the following file names:
This Trojan claims itself as "Harada virus MK-II" and its presence is widely discussed in various Japanese BBS sites.
Upon execution, the Trojan will display an image that is similar to what Trojan.Pirlames displays; warning against the use of Winny. The message also includes a provocative message against security vendors saying Norton products are defenseless! However, contrary to its claim, we've detected both files as Trojan.Haradong since September 3, 2006.
Additionally the Trojan downloads its friend, Trojan.Pirlames.B, from a remote site and executes it. Trojan.Pirlames.B gathers information about the compromised computer and sends it to a predetermined FTP site. On top of that, the Trojan periodically takes a screenshot of the compromised computer.
Creating malware is certainly illegal and must be condemned. But this time, taking the warning seriously may not be a bad thing.