Do you like internet fads that are so far past their sell-by date they’re starting to whiff a bit? Do you consider 4chan to be the pinnacle of internet humour? Annoyed that your tastes aren’t reflected in the current crop of prevalent malware? Worry no more!
Today we received a sample of Troj/Giveup-A, a tiny Visual Basic program that does little more than open a new Internet Explorer window to the YouTube rickroll video every ten minutes. Often we’d let this kind of thing get away with a slightly less serious prefix of Joke/ rather than Troj/ but there were a few of things to consider with this particular program that swung the balance over in favour of calling it malware:
- The user’s startup folder is used as an autostart point. Depending on how user profiles are set up, this could actually be a network copy to a remote machine.
- It copies itself to the “All Users” startup folder on the local computer which causes it to run for every user on the system.
- I hate rickrolls. I hate Visual Basic. I hate the startup folder. I really hate 4chan. I have nothing but contempt for 99% of the internet and this program represents everything I despise. Each moment I wasted analyzing this Trojan was time I’d rather have spent boiling in a vat of angry bees.
So, you might ask, who is responsible for this creation? Who are these giants pushing the boundaries of humour in a way not seen since Andy Kaufman wrestled a woman to the ground on TV? Luckily for us, these heroes — no doubt soon to become cultural icons — have left us a clue in the program’s version information.
InternalName : roll
ProductName : RickRollProject
CompanyName : [college name deleted] College
ProductVersion : 1.00
FileVersion : 1.00
OriginalFilename : roll.exe
Mystery solved (for us at least; you’ll have to guess).