File-swapping on the Internet hit a sour note Tuesday with the appearance of a virus that attacks users of the Gnutella file-sharing service and that several anti-virus vendors say is the first virus to affect peer-to-peer communications.
Named W32/Gnuman.worm, or by the alias Mandragore, the malicious file poses as an ordinary, requested media file. This masked file, however, is actually an EXE file that infects a user's computer once the program is run, according to statements from a variety of anti-virus software vendors.
After it infects a computer, the virus cloaks itself for other Gnutella users, leading them also to believe that it is actually an MP3 music file or an image file. Every time a Gnutella user searches for media files in the infected computer, the virus will always appear as an answer to the request. If, for example, a user looked for songs containing the word "happy," the infected computer would return "happy.exe" as a response to the query, vendors saidOfficials at McAfee -- a division of security specialist Network Associates Inc. -- discovered the virus Monday but have yet to identify its origin. McAfee said it is a low-risk threat at this point due to the fact that only users running Gnutella-compatible software will be affected. Computer Associates International, Sophos and Kaspersky Labs all issued information on the virus Tuesday.
The virus does little damage other than taking up extra system resources. Confidential information and crucial files should not be affected, vendors said.