Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    While most threats limit file size (not only to evade easy detection, but to avoid possible problems in transmission), one Trojan spyware family has become (in)famous for arriving as big files. TSPY_DENUTARO’s use of big files is not a programming mistake. On the contrary, it has become a distinct technique, aiding DENUTARO’s pretense of being a media file.

    To complete the scam, most early variants use the Windows Media Player icon. They can be found in peer-to-peer networks and, with their attractive file names (notably in Japanese), are downloaded by unsuspecting users. DENUTARO is thus one of the growing number of threats that ride on the rising popularity of digital media and file sharing over the Internet, joining TROJ_ZLOB, among others.

    However, TSPY_DENUTARO, like any other persistent threat today, is changing. New variants discovered over the last few days now pretend to be screensaver files. One of these variants is TSPY_DENUTARO.DM. Notably, the file size is reduced considerably (though still much bigger than most threats), and they now use the WinZIP icon.

    Nevertheless, once executed on a system, these new variants perform the original family routine: they take a screenshot of the system and, along with the system’s hostname and IP address, upload it to a certain FTP site.

    New variants even continue a family tradition: they delete image, video, and archive files, and then, using the file names of deleted files, drop screenshots of Japanese anime with subtitles that seem to attack the illegal use of P2P sites, now matter how ironic that sounds. Images dropped by older variants have said “Are you enjoying committing illegal activities through P2P? If you don’t stop that, I will kill you.” The new variants’ images now say “So, you are still using Winny even after {the creator} lost in his case. I hate you guys.”

    This is in reference to the recent conviction of the creator of Winny, the most popular P2P application in Japan, for allegedly conspiring to commit copyright violation (arising from the earlier arrest of two Winny users who allegedly shared copyrighted material). The creator got overwhelming support from the computing community in Japan when he was arrested, calling the arrest wrongful.

    Apparently, the authors of TSPY_DENUTARO share the same sentiment. Whether this supports the Winny creator’s plea for innocence or further incriminates him, is not clear.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice