April 25, 2005 12:08PM |
Digg It! Bookmark to del.icio.us |
“The hacker appears to be sympathetic to the entertainment industry and their legal strategies against people who illegally trade music and movies,” Sophos security analyst Graham Cluley said.
A new worm, W32/Nopir.B, is targeting the peer-to-peer networks that trade music and movies, usually illegally. Identified by antivirus and Internet security specialist Sophos, the worm destroys MP3 files on the hard drive when it is downloaded.Nopir appears to have originated in France, according to Sophos, and spreads via peer-to-peer file-sharing systems posing as a hacked utility to make copies of commercial DVDs. After it deletes the MP3 music files, it also disables various system utilities, and wipes programs on the infected PC. “The hacker appears to be sympathetic to the entertainment industry and their legal strategies against people who illegally trade music and movies,” Sophos security analyst Graham Cluley said. He added that it was highly unlikely that Nopir was part of the entertainment industry’s official response to the P2P sites. “They would have so much to lose, besides the fact that this is illegal activity — their very complaint against the P2P sites.”
The hacker may have been inspired by current events, Cluley said. “There have been high profile court cases and rulings lately supporting the entertainment industry’s stance on these P2P networks,” he said. Internet service provides have been ordered to reveal the identities of users suspected of trading music illegally in the United Kingdom. Also, last month in Canada, a man lost his job after it was found he had leaked the first episode of the BBC science fiction series “Doctor Who” onto the Internet three weeks before its official broadcast. However, Cluley also said that while Nopir.B worm targets people it believes might be involved in piracy, it fails to discriminate between the true criminals and those who might have MP3 files they have created themselves.
The rate at which the worm is spreading is relatively slow, Cluley said, and thus far has mostly infected home computer users. Corporate networks — at least those that have not curtailed their employees’ use of bandwidth for personal activities — are at risk as well. Nopir is a good wake up call for companies to tighten what is running on their network, he said. “There are still companies out there that do not monitor what their employees are doing online.” |