This article was published on August 4, 2016

This Windows trojan wants to party like it’s 1993


This Windows trojan wants to party like it’s 1993

In the early 1990’s, malware was pretty simple. Unsophisticated, even. It was spread primarily through infected floppy drives (remember them?) and dodgy shareware sites. When a machine was infected, the damage that could be done was relatively limited.

That changed when criminals realized that they can make money out of malware. It stopped being an expression of academic curiosity and interest, and became something designed to extract the most profit. Think ransomware, or spambots.

Which is why this recently-discovered trojan for Windows is so strange, as it acts (and looks) like some of the digital nasties you might have seen in the early 90’s.

The method of infection is two compromised install files for the audio editing software Audacity, and the start menu replacement Classic Shell. These came from FossHub, which ironically has the slogan “No adware, no spyware, no bundles, no malware.”

These apps were chosen because of their popularity. At the time of writing, they’re the #1 and #2 most downloaded apps on FossHub respectively.

FossHubTop

Once installed, the malware set about overwriting the victim’s master boot record (MBR), just many early 1990’s viruses did. This prevents Windows from starting up properly.

Someone who claims to represent PeggleCrew – the creators of the trojan – emailed Softpedia to take credit for their attack, and to explain how they did it.

“In short, a network service with no authentication was exposed to the internet… We were able to grab data from this network service to obtain source code and passwords that led us further into the infrastructure of FOSSHub and eventually gain control of their production machines, backup and mirror locations, and FTP credentials for the caching service they use, as well as the Google Apps-hosted email.”

While still hugely irritating, it’s pretty easy to fix. You just need to run a single command on a Windows recovery CD. YouTuber danoct1 explains how:

This episode is representative of what we’ve come to expect from PeggleCrew, who are becoming increasingly known for their pranks.

Earlier this year, they hacked Ringo Starr’s Twitter account and used it to hurl abuse at One Direction member Harry Styles, among other high-profile celebrity targets. Their trolling also extends to Reddit. Last month, they started hacking into the accounts of those who moderate popular subreddits, using them to cause havoc with the CSS.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with