Trojan Deletes Your Porn, Music & Warez

E. Vigilant writes "The new Trojan/Erazor-A has an interesting twist. In addition to deleting or disabling various security products and competing malware, it deletes any porn, warez and music in your P2P directories. While some opine that this trojan might have good intentions, remarkably few things infect the text files this trojan also deletes. No one yet knows who wrote this or why."

Altruism? I have my doubts...

[TripMaster+Monkey]

From TFA:

The assumption is that because the Trojan is only deleting certain file types in specific download directories used by P2P programs -- one of the main sources of inadvertent malware infection -- it is attempting to protect those it manages to infect.

Well, that's a remarkably stupid assumption.

What's more likely?

1. The Trojan was designed to protect users from malware by deleting contents of P2P directories,
     - or -
   
2. The Trojan was designed to strike a blow against P2P file sharers deleting contents of P2P directories.
   

Let's analyze who benefits from each scenario:

1. No one benefits, since the 'benefits' of having files that might be infected with malware deleted is more than offset by the security problems introduced by the deactivation of antivirus software, as well as the inadvertent deletion of many innocent files. Also, the Trojan writer, (in this scenario, a "Robin Hood" type character), receives no benefit other than a warm fuzzy feeling.
   
   
2. RIAA, MPAA, and various software companies all realize tangible financial benefits as illegal file sharing is dealt a serious blow. Also, the Trojan writer, (in this scenario, a mercenary for hire) takes home a nice fat paycheck for a job well done.
   

I pick avarice over sloppily executed altruism any day. I find it intriguing that this alternate explanation apparently didn't even occur to PC World.

Finally!

[Whiney+Mac+Fanboy]

*Applauds*

Finally a threat that will make the average joe start to take computer security seriously! I look forward to a safe internet for everyone (I mean as soon as a few botnet node owner's loose their porn, peole will actually clean up their boxes!)

On a more serious note, quoting the pcworld article:

The Windows Trojan/Erazer-A Trojan looks at default folders for downloading MP3, AVI, MPEG, WMV, Gif, Zip graphic and video files, and wipes anything it finds with these extensions in the target locations.

The assumption is that because the Trojan is only deleting certain file types in specific download directories used by P2P programs -- one of the main sources of inadvertent malware infection -- it is attempting to protect those it manages to infect. [emph mine]

WTF? How could anyone think that it's to attempt to protect users when it doesn't delete executables from p2p folders? (for an interesting overview of real "white hat worms" see this vnunet article and the slashdot discussion on the blaster removal worm)

This worm is clearly to scare people away from p2p - not protect them from other p2p malware.

What's the bet that one of the companies that make oodles of money from content are behind this?

Re:Altruism? I have my doubts...

[Joebert]

What about the third scenario ?

3) Virus writers stage this to make it look like the RIAA, MPAA, ect, are "pulling a Sony" in an attempt to pull a classic "Throw a rock at the bee hive the ranger is standing next to so BooBoo can grab the pic-a-nic basket".

Re:Add option #4

[Chelloveck]

Even simpler:

4) Write a trojan to wipe out what people apparently consider to be important just because the trojan writer is a prick.