Here's an interesting one - apparently from a Chinese Trojan bundle, "Coopen" places a media tool on your desktop, which rotates between desktop backgrounds and screensavers. At least your desktop hijack will be a visually striking multimedia experience!

That's not all, however - the Coopen media player is really only the introductory salvo. From the same bundle, your desktop will end up with a non-closable box on it, which you can only kill off using Task Manager:

The box itself mostly serves up an endless stream of high bandwidth adverts that seem to do nothing other than promote short movie clips and streamed video:

There also seems to be a lot of popups from what appears to be some sort of social networking / blogging site:

You can read more about Coopen here. Although Coopen itself is not particularly high risk - it's a media program rotating screensavers - it does illustrate how complicated things will be for researchers in the West as more of these programs start to appear, such as here where the researcher might not even know if the popup box is related to Coopen, or a different part of the same Trojan hijack. Is it Adware? Spyware? Malware? All one program, or different components doing different things (as is the case here). Is the intent behind it malicious, or is it supposed to serve some useful purpose? How do we track the money streams? Will we be able to penetrate the networks behind the scenes and work out who the key players are? Most importantly, what do we do when faced with a EULA containing six million Chinese characters?

Tough questions, and no easy answers in sight...

Research Summary Write-Up: Chris Boyd, Director of Malware Research
Technical Research: CC, and Chris Mannon, FSL Senior Threat Researchers