Trojan Horse Hidden In 'Yes & No' Animated Video - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Trojan Horse Hidden In 'Yes & No' Animated Video

Sophos reports that a malware writer is taking advantage of a popular animation that people have been e-mailing to friends for years.

Security researchers are warning users that a malware writer is infecting computers by hiding a Trojan horse inside an animated video that is being e-mailed around the world.

The Troj/Agent-FWO Trojan plays the popular "Yes & No" Shockwave video created by the Italian animator Bruno Bozzetto, according to an advisory from Sophos. The video only plays, though, after embedding itself on users' computers and downloading other pieces of malicious code.

The video has been making its way around the globe for the past several years with people forwarding it to friends and colleagues. Now, a malware writer has begun taking advantage of the trend, sending out a copy of the video that has the Trojan hidden inside.

The Trojan drops its malicious payload in the Windows System folder, according to Sophos, and is designed to create registry entries to run on startup. It also has the ability to inject code into system processes to hide itself.

"It's important to realize that the animation itself is not malicious. Thousands of artists like Bruno Bozzetto have created funny movies whose only negative can be the hours that have been spent watching them," said Graham Cluley, senior technology consultant for Sophos, in a statement. "But the Trojan horse which is playing the animation in this instance is dangerous. Troj/Agent-FWO is exploiting society's predilection for forwarding humorous animations on to friends and family in its attempt to infect as many people as possible."

The "Yes & No" animation was first posted on the Internet by Bozzetto in 2001. It's a funny take on how obeying the rules of the road can cause its own set of problems. According to Sophos, it's estimated that hundreds of thousands of people have watched the online video.

Sophos researchers reported that the Trojan plays the animation as a smokescreen to hide the fact that it's silently infecting Windows computers.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
IT Employment Trending Up; Data, Cybersecurity Skills in Demand
Jessica Davis, Senior Editor, Enterprise Apps,  11/11/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
How to Approach Your Mission-Critical Big Data Strategy
Mary E. Shacklett, Mary E. Shacklett,  11/17/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll