Virus writers have created a Trojan that deletes illicit files from compromised Windows PCs in addition to harvesting data from infected machines.
Erazer-A is spreading (albeit modestly) across P2P networks, where it poses as useful program files, or through chat programs.
If executed, the malware scours folders used for P2P apps for AVI, MP3, MPEG, WMV, GIF, ZIP and other files. It then erases any porn, warez, music or any other matching file type found in P2P directories before dropping copies of itself (using names such as names such as game.exe, goporn.exe, nero7.exe and officexpcrack.exe) in the shared folders of peer-to-peer (P2P) applications.
Erazer-A also turns off security applications running on the compromised machine. More information on the malware, and how to defend against it, can be found in an analysis by UK-based anti-virus firm Sophos here. ®