CYBERSPACE - Like a Trojan horse, PornPass Manager promises free access to online porn sites and ezines only to download malware instead. According to security analysts at anti-virus software manufacturer MicroWorld Technologies, PPM promises to give unsuspecting victims free access to a selection of adult websites and e-zines. It sounds too good to be true—and it is. In reality, the program drops spyware programs like SpywareQuake and VirusBurst—masquerading as securityware—into Windows-based computers. When the rogue programs run, they clash with explorer.exe and rundll32.exe, crashing both and disabling much of the system. PPM also drops a video codec and some additional scripts.
MacAfee Security Manager Dave Marcus called PPM “nasty” and “a valid bit of virus, Trojan horse, spyware, and adware.”
PPM is very similar to earlier pornographic password programs like X-Password Generator and MyPornMagPass. SpywareQuake and VirusBurst, the rogue security programs installed by PPM, also are identical to the ones installed by its predecessors.
Infected computers display fake virus alert messages such as “System is infected with malware like backdoors that allow the remote attacker to perform various malicious actions. Click on the balloon to download malware removal software.” Clicking the balloon or either of two desktop icons also installed by PPM—“Online Security Guide” and “Security Troubleshooting”—installs a browser hijacked called Smitfraud.
“Pornography as a bait is highly favored by email worms, Trojans, network worms, and—like in this case—spyware programs,” said MicroWorld Technologies Vice President of Global Sales and Marketing Sunil Kripalani. “When you consider the fact that X-rated websites are one of the most visited places on the Internet by surfers across the world, you know these programs can potentially endanger large numbers of computers in a short span of time. At times when you download a movie clip, it may tell you to download a ‘codec’ file that can work as a Trojan downloader, which in turn will bring in many a malware [program].”
Macintosh and Linux-based computers are not affected by the PornPass Manager program.