Trojan Horse Hidden In 'Yes & No' Animated Video - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Trojan Horse Hidden In 'Yes & No' Animated Video

Sophos reports that a malware writer is taking advantage of a popular animation that people have been e-mailing to friends for years.

Security researchers are warning users that a malware writer is infecting computers by hiding a Trojan horse inside an animated video that is being e-mailed around the world.

The Troj/Agent-FWO Trojan plays the popular "Yes & No" Shockwave video created by the Italian animator Bruno Bozzetto, according to an advisory from Sophos. The video only plays, though, after embedding itself on users' computers and downloading other pieces of malicious code.

The video has been making its way around the globe for the past several years with people forwarding it to friends and colleagues. Now, a malware writer has begun taking advantage of the trend, sending out a copy of the video that has the Trojan hidden inside.

The Trojan drops its malicious payload in the Windows System folder, according to Sophos, and is designed to create registry entries to run on startup. It also has the ability to inject code into system processes to hide itself.

"It's important to realize that the animation itself is not malicious. Thousands of artists like Bruno Bozzetto have created funny movies whose only negative can be the hours that have been spent watching them," said Graham Cluley, senior technology consultant for Sophos, in a statement. "But the Trojan horse which is playing the animation in this instance is dangerous. Troj/Agent-FWO is exploiting society's predilection for forwarding humorous animations on to friends and family in its attempt to infect as many people as possible."

The "Yes & No" animation was first posted on the Internet by Bozzetto in 2001. It's a funny take on how obeying the rules of the road can cause its own set of problems. According to Sophos, it's estimated that hundreds of thousands of people have watched the online video.

Sophos researchers reported that the Trojan plays the animation as a smokescreen to hide the fact that it's silently infecting Windows computers.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
White Papers
Register for InformationWeek Newsletters
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Flash Poll