Security firm Malwarebytes has discovered a bizarre piece of ‘grudge’ malware that appears to have been crafted to do nothing more complicated than wantonly destroy data files on the PCs of its victims.
Apparently a variant of a common data-stealer, Trojan MSIL.st as it has been named by Malwarebytes is an oddity, combing the hard drive any machine it infects for common file types, including database files, Jpegs, text files, a variety of archive and compressed formats and even setup.exe and .bak files.
Once it finds them it erases their contents, replacing this with the string “because f*** you! That's why.” As well as destroying data this stops some programs from running correctly.
Fifteen years ago, before the era of commercial malware, Trojan MSIL.s‘s behaviour would have been the norm but malware that sets out to infect and disrupt computers as an end in itself is relatively rare these days. Prank malware surfaces from time to time but is usually swiftly detected and shows very low infection rates.
The few programs that have been bent on destruction (a good example would be the Shamoon attacks the Saudi oil industry in 2012) wield a degree of sophistication and co-ordination in order to achieve their purpose of infecting large number of systems in a short period of time. Attacks of this kind are always multi-faceted.
“It’s not as common to see malware that operates in this fashion, almost seeming to play pranks on the user,” said Malwarebytes’ researcher, Rich Matteo.
“Most of today’s modern malware tries to remain stealthy in order to avoid detection, unlike in this case where it starts trashing your computer, visibly disrupting your files and just causing headaches.”
Most likely, the program was the work of a programmer or programmers “with too much time on their hands,” he reasoned.
Alternatively, these programs still exist at low levels but are either not noticed due to very low infection rates or, with much more important malware to analyse, go unreported by security firms.
The few that do surface suggest the old-fashioned ‘virus’ mentality of loners who build nuisance or malevolent programs because they can is alive and well when the world cares to look. A good example was the
A good example was the 2010 Zimuse malware whose intended target was the hard drives of a Slovakian motorcycle club; the malware escaped and started trashing hard drives across the world.
Even commercial programs can be odd sometimes, such as the Krotten ransom Trojan that infected its victims PC in order to demand a payment of only $4. A more mysterious (an unconfirmed) example was the 2012 AC/DC malware that reportedly played the track Thunderstruck during attacks detected at nuclear facilities in Iran.
Perhaps the purest example was W32/Hoots-A worm from 2006 which set out to hijack numerous print queues in a single targeted organisation in order to print a large image of an owl.