TorrentFreak

The place where breaking news, BitTorrent and copyright collide

Windows Worm Uses BitTorrent to Propagate

A worm that infects Windows XP and, possibly, Vista is said to spread itself over IM applications, like AIM and Windows Live Messenger, and… BitTorrent. Security research firm Sophos says the worm uses “a social engineering scheme” to get people to unknowingly infect their computers with it.

Windows

The worm, W32/Impard-A, is a highly sophisticated program with multi-lingual support that can effectively spread itself, delete and send other, rival malware present on the computer back to its creator, and utilise BitTorrent in achieving its goal.

Like most such malware, W32/Impard-A is controlled over IRC. Richard Cohen, a security expert with Sophos, said:

It’s controlled by a remote user over IRC, and is capable of sending itself via AIM and MSN, storing itself as a file called IMG009.jpg-www.imagehosting.com inside a zip file called C:RECYCLERmyphoto.zip, and then sending this zip with a message that promises pictures, written in the same language as the infected computer. This sort of social engineering tries to maximize the chance that recipients will believe it to be legitimate and open the attachment, though this is shot in the foot somewhat by the fact that many of the the phrases have been cut off abruptly.

I have personally seen the messages generated by this worm, when a Yahoo! Messenger-using friend of mine asked me to visit some obscure URL to look at her photos. She uploads all her photographs to Facebook, so I became suspicious right away. It turns out, this worm is so versatile, it can hijack just about every popular IM client and use the signed in account to spread to its contacts. What’s very interesting, though, is how the worm utilises BitTorrent.

Once running on the host computer, the worm searches for the BitTorrent mainline client executable (bittorrent.exe). If it finds the file, it opens up a torrent and, after downloading a copy of itself to a specific location on your hard disk, starts seeding it.

This is the first reported instance of malware making use of BitTorrent to achieve its creators’ ends. If you think about it, it makes perfect sense. Why should the malware author waste bandwidth downloading his worm to thousands of Windows computers around the globe, when he can make his army of zombified ones redistribute it for him, free of cost?

Related Posts

Previous Post | Next Post

  • raptrex

    wat if im using utorrent and pidgen as my bittorent and AIM/MSN clients
    will i get infected?

  • nt

    The article says it only affects BitTorrent mainline.

  • CC

    I must be missing something but why would Bittorrent be of any benefit if it is already distributed in a peer-to-peer manner using IM in the first place. Is it simply to increase the chances of P2P downloaders picking it up even with no IM clients in place?

    Also doesn’t that increase the chances that the source gets traced down via the tracker?

  • anonymous

    [quote comment="124745"]Also doesn’t that increase the chances that the source gets traced down via the tracker?[/quote]

    They could be using ‘tracker-less’ torrents, which wouldn’t need a centralized tracker. http://en.wikipedia.org/wiki/BitTorrent_tracker

  • M

    I just recently installed it, and it put a “fearcombat” exe file on my desk top, that even in Safe mode I can’t delete?? Any ideas? I only use Xfire and Trillian…

  • good-ole-days

    [quote comment="125145"]I just recently installed it, and it put a “fearcombat” exe file on my desk top, that even in Safe mode I can’t delete?? Any ideas? I only use Xfire and Trillian…[/quote]

    In the good old dos days, there was a trick to delety files, that dont want to be deleted. I suppose it won’t work on XP but you could try:

    Start up your notepad and save an empty file, overwriting the nasty one. It has to have the exact same name, including the file extension. This empty file is more likely to be deletable. Don’t ask me why but it worked around ten years ago. Good luck.

  • Josh

    There is another way to delete any files off your computer in windows xp. If you have home edition you will have to boot into safe mode and then right click on the file and select properties. then click on the security tab and assign your self as the owner of that file. once that is done you can delete the file. if you have windows xp pro its easier as all you have to do is turn off simple file sharing an then you will have access to the security tab in the file properties window.

  • eBooksBay

    Using Ubuntu will make you fell like a King, try it.

    http://www.ebooksbay.org

  • cromttu

    Just another reason to use a more secure operating system. Linux is invulerable to this and ALL Microsoft virii. These problems and the dreaded “blue screen of death” are the reason Windows doesn’t have a place on my machine any more.

  • Steve

    “I just recently installed it, and it put a “fearcombat” exe file on my desk top, that even in Safe mode I can’t delete?? Any ideas?”

    Try Ubuntu, you’ll never look back.

  • BinaryG

    ok i agree alot of linux based os`s are far better than windows of any flavor but until people can play the latest games in a nix enviroment linux will always be behind bill and his bull. if you just want to surf the net and use your computer for server, office, and many more things then linux is for you. The thing is a badly configured linux system can leave you more open than having a windows system running.

    i personally have been running with a hardware firewall no av only running scans once a month the only virii i have found have been the ones i have installed for testing. what i belive is that people need more education on how to use and secure there os and not think that just having an off the self FW & AV will protect you 100%.

    feel free to flame me or agree i dont realy care. my final note is dont trust that spotty kid in your local pc shop that used to work in burger king to give you good advice they normally know nothing.

    “you can have the strongest lock on your door but if you have windows they can be broken its the person on the otherside that stops the burglars getting in”
    (binaryg 28/06/2007)

  • good-ole-days

    Windows for gaming, *buntu for everything else. Dualboot is the magic word.

  • Pingback: Windows Worm Uses BitTorrent to Propagate | Anti-Spyware and PC Security News

  • medigeek

    This could be an all-around infection, including msn/yahoo/irc and the rest.
    call me crazy but I bet the person that spreads this has something to do with some other msn messenger related worm:
    http://medigeek.blogspot.com/2007/06/warning-undetected-msn-worm-pic901com.html

  • Pingback: Andrew D Williams » Blog Archive » Windows Worm Uses BitTorrent to Propagate

  • graph

    Tried a program called Unlocker, and it seemed to work. It was associated with the Explorer…yikes!!

  • J_DiRT

    Newsgroups > Torrents

  • Gabriel

    I didn’t get the BitTorrent part. Could you please enlighten me?

    If BitTorrent needs a *.torrent file to allow leeching (and seeding), how does this worm infect Windows systems through this kind of distribution network? Who will leech the worm in the first place if all infected machines already seed it?

  • Pingback: Online and Offline Promotion

  • daexion

    Gabriel::

    I believe what it does is put a description that is sure to get someone to download it via torrent, and when it gets downloaded and run/opened it does it’s thing again. Rinse and Repeat.

  • Nikky

    Soo what the safest option ?

  • BTGuard - BitTorrent Anonymously

NewsBits

Even more news...

  • The Pirate Bay Isn’t Down Completely, Just Having a Few Issues

    Twitter and Facebook, not to mention the TorrentFreak inbox, are currently alive with complaints that The...

  • Pirate Bay Founder Gottfrid Svartholm on Freedom of Speech

    Freedom of speech is a highly valued commodity, but should people be allowed to say whatever...

  • Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

    An anti-piracy system present in all official Blu-ray players since 2012 has received a fresh update...

  • Foxtel Breeds Pirates by Locking Up Game of Thrones

    One of the main reasons why people turn to piracy is the lack of legal alternatives....

  • UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

    Last year an Internet user known as El Nomeo leaked version 3.70 of Sony’s Playstation3 SDK...

MostDiscussed

Below are TorrentFreak's most discussed articles of the past month. Join the discussion if you like.

CopyQuote

Left Quote

“The Pirate Bay has been one of the most important movements in Sweden for freedom of speech, working against corruption and censorship.

Peter Sunde Left Quote

PopularArticles

A selection of some TorrentFreak's classics dug up from our archives.