The virus has two variants Troj/Pirlames-A and Troj/Pirlames-B, masquerades as a screensaver and attacks files with these popular extensions – EXE, BAT, CMD, INI, ASP, HTM, HTML, PHP, CLASS, JAVA, DBX, EML, MBX, TBB, WAB, HLP, TXT, MP3, XLS, LOG, BMP – overwriting them with images of comic book character Ayu Tsukimiya.
It’s reported that one of the images, which includes a song about fish-shaped pancakes stuffed with jam, has a telephone number included although it’s unclear to whom the number belongs.
Another exclaims “This is a visit from the prevalent Piro virus! Stop P2P! If you don’t i’ll tell the police!” while another threatens “Ah, I see you are using P2P again……if you don’t stop within 0.5 seconds, i’m going to kill you!”
Graham Cluley, a consultant for Sophos said of the virus “This is one of the most bizarre pieces of malware we have seen in our labs for quite some time, but it’s data-destroying payload is no laughing matter. It acts as a timely reminder to companies that they may want to control users’ access to P2P file-sharing software not just because they can eat up bandwidth, but also because they can present a security risk to your corporate data.”
Winny is the most popular P2P application in Japan. In 2006 the developer of the Winny file-sharing software was found guilty and fined 1.5 million yen for assisting users in copyright violations.