Trojan Horse Hidden In ‘Yes & No’ Animated Video

Security researchers are warning users that a malware writer is infecting computers by hiding a Trojan horse inside an animated video that is being e-mailed around the world.

According to an advisory from Sophos, the Troj/Agent-FWO Trojan plays the popular 'Yes & No' Shockwave video created by the Italian animator Bruno Bozzetto. The video only plays, though, after embedding itself on users' computers and downloading other pieces of malicious code.

The video has been making its way around the globe for the past several years with people forwarding it to friends and colleagues. Now, a malware writer has begun taking advantage of the trend, sending out a copy of the video that has the Trojan hidden inside.

Sophos also sad that the Trojan drops its malicious payload in the Windows System folder, and is designed to create registry entries to run on startup. It also has the ability to inject code into system processes to hide itself.

The 'Yes & No' animation was first posted on the Internet by Bozzetto in 2001. It's a funny take on how obeying the rules of the road can cause its own set of problems. According to Sophos, it's estimated that hundreds of thousands of people have watched the online video.

Sophos researchers reported that the Trojan plays the animation as a smokescreen to hide the fact that it's silently infecting Windows computers.