The Web page distributing an emulator promising users they could play Microsoft's Xbox games on their PCs has been pulled offline after discovery that it contained a Trojan horse program designed to generate money based on online ad hits. Thousands of copies of the ersatz emulator may still be circulating on the Internet.
The emulator had been distributed from a free Web site account hosted by Angelfire, a company owned by Lycos. The site has been removed from the Web by Angelfire for violating the company's terms of service, according to a notice posted on the site.
Hidden in the fake emulator, which had a file name of EMU_xbox.exe, was a program called NetBUIE.exe, which appears to have sent "a massive burst of data to Web sites" designed to increase the hit totals of online ads, said Roger Thompson, director of malware research at TruSecure. Online ads make money by the number of people who view them and the number of people who click on them.
The Trojan was "probably generating click-throughs for someone," Thompson said. It's unclear whether the program did anything else to victim's PCs, he said.
"It's needle-in-a-haystack stuff to see what else it might be doing," he said, adding that it "didn't seem to drop any other programs."
Because nothing obvious happened when users launched the "emulator" program, they likely assumed that it had malfunctioned and forgot about it, he said. So the program could still be on many people's PCs and "may still be generating click-throughs," he said.
"The moral of the story," Thompson said, "is that people really do have to be wary."