The
trojan in question (Troj/Qhost-AC) identified by anti-virus company Sophos,
is a rather unusual one. It doesn't seem to install spyware or traditional
malware, but instead blocks access to the two most popular BitTorrent sites. It
turned out that the trojan originated from a keygen supplied with a copy of
pirated software. Instead of generating a key, it modified the hosts file of the
computer so that it redirects The Pirate Bay, Suprbay (The Pirate Bay forums)
and Mininova to 127.0.0.1, which means that the sites never load. Aside from
blocking the three sites in question, the trojan caused popups and even played a
sound file saying that 'downloading is wrong'. The question remains, who
is behind this? While some might argue that the MPAA, RIAA or other anti-piracy
advocates might be the source, I think it more likely that the attack originates
from a relatively innocent prankster targeting pirates. The good news is
that it is fairly easy to fix, manually removing the entries from the hosts file
solves the problem.