Fake crack kills unlicenced screen reader software
Antivirus vendor Sophos has reported a virus that disables unlicensed screen reader software for the visually impaired. Screen readers convert text displayed on the monitor to speech output.
Affected users quickly identified the problem. They had downloaded and installed a crack for the popular JAWS screen reader that allows the software to run without a valid licence, but the download turned out to be a trojan.
The trojan's payload, active since 26 December last year, searches process list for names of well-known screen readers, including JAWS, Windows Eyes, Microsoft Narrator, HAL Screen Reader and Kurzweil, then kills them. Once this happens, affected users may no longer be able to use their computers.
The malware protects its processes before shut-down; two processes each check to see if the other is still active and start a new instance of it if necessary. It also ensures that its autostart keys in the registry is intact and restores it if it is altered or deleted. For that reason, Sophos recommends removing it with a virus scanner on a clean boot medium.
The trojan creator's motivation is still not clear but, since it does not contain a key logger, it is apparently not financial. Its author may be trying to penalise users of unlicensed software.
- Blind computer users struck by a very unusual Trojan attack, Sophos blog entry