One only mysteriously prevents users from accessing BitTorrent tracker sites, while another also downloads malicious code and opens pop-up windows for rogue security software.
BitTorrent users have several new trojans to be on the outlook for when downloading content from public tracker sites.
The first is Troj/Qhost-AC, which has been identified by anti-virus company Sophos as having the sole purpose of preventing users from accessing public BitTorrent tracker sites Mininova, The Pirate Bay, and Suprbay.
"Rather than surreptitiously redirecting banking websites (as some banking Trojans are known to do), this Trojan attempts to stop the user from accessing popular P2P websites by modifying the HOSTS file," reads the Sophos Labs post.
It modifies the hosts file of infected PCs so that Mininova, The Pirate Bay, and Suprbay are all redirected to the local IP address 127.0.0.1, preventing the sites from ever properly loading. According to TF, a keygen is to blame.
It also inserts the comments "Fuck You" into the hosts file, further increasing the speculation of its creators.
"While inserting the comments “Fuck You” into the HOSTS file is probably not a nice thing to say, it is definitely quite unusual to see a Trojan do nothing else except to deny the infected machine access to P2P websites," continues Sophos Labs.
ThreatExpert is also reporting a new form of same trojan that in addition to blocking access to BitTorrent tracker sites also opens pop-up windows for rogue security software, and downloads further malicious code form the Internet.