New trojan feeds on mp3s

By Justin Mann on August 3, 2007, 3:59 PM
We're getting a revisit from tactics of yesterday with a new trojan that is making its rounds. The W32.Deletemusic trojan (what a clever name, that) will search a PCs media, including local hard drives and removable media like flash drives or USB drives, and will trash any mp3s it finds. It simultaneously infects the media it encounters, promoting further destruction by attempting to infect other PCs the media is plugged into.

It makes no distinction between DRM or non-DRM'ed mp3s nor music that might be pirated versus music that might be legit:

Of course, these worms don't take into account the fact that many MP3 files may not be pirated at all—they could be legitimate downloads, ripped from CDs, or even recorded by users themselves. And while losing an entire music collection that you've dedicated so much time into ripping, labeling, and organizing can be devastating, there is no real payload for the worm's efforts.
Due to the tactics it employs, a statement from Sophos leads credence that the trojan is not the work of more sophisticated crime rings, but rather the work of someone just seeking to create mischief.

Of course, there's bound to be rumors of the trojan being sponsored by the RIAA, what with it specifically targeting music. Every once in a while we see a worm like this that targets specifics types of files, though as time goes on more and more malicious software is written with a financial goal in mind.

As far as protecting yourself, the worm only affects Windows (including Vista), and disabling the autorun function will help prevent it from spreading should infected media be plugged into your machine.




User Comments: 4

Got something to say? Post a comment
phantasm66 said:
[quote]Of course, there's bound to be rumors of the trojan being sponsored by the RIAA, what with it specifically targeting music.[/quote]That's exactly what I think it is.
jesse_hz said:
If it doesn't target vorbis or flac, then I don't give a sh*t.
kitty500cat said:
Detailed writeup by Symantec [url=http://www.symantec.com/enterprise/security_response/wr
teup.jsp?docid=2007-073010-4123-99]here[/url].
phantasm66 said:
If the RIAA or someone similar was behind this, then basically they are hoping that after your machine has been attacked and the mp3s deleted, you will give in to frustration when you can't download some song you liked, and you will instead buy it. Basically its a ploy to get you to buy all or some of your collection back.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.