Malware found in counterfeit copies of Windows 7 RC

By on May 14, 2009, 6:06 PM
Been testing out the release candidate version of Windows 7? Well, if you grabbed yourself a copy of the operating system through BitTorrent rather than Microsoft’s official servers then you might be in for a surprise. Several news outlets are reporting that a new piece of malware embedded into counterfeit copies of Windows 7 is being used to build out a botnet of compromised PCs.

According to researchers at security firm Damballa, the infected software which is rigged with a Trojan downloader first appeared on April 24, and spread to thousands of zombie computers by the time they managed to shut down the network’s command and control server on May 10. At its peak, the malware was causing more than 550 new infections per hour, which are reportedly still occurring at a rate of about 1,600 per day with broad geographic distribution. However, since Damballa’s intervention, any new installs of this pirated Windows 7 RC distribution are outside the control of the botmaster hackers running the attack.

Needless to say, not all copies on torrent sites are necessarily infected but those interested in testing the release candidate are obviously advised to get it from Microsoft's official website here. This is not the first case of a botnet being built with pirated software distributed on the Internet. Earlier this year, researchers at Intego intercepted a Mac OS X malware threat circulating in pirated copies of Apple’s iWork 09 software.




User Comments: 9

Got something to say? Post a comment
phantasm66 said:
[url]http://www.darkreading.com/security/client/showArticle.j
tml?articleID=217400548[/url][quote]The rogue OS, which is rigged with a Trojan downloader, at one point had around 27,000 bots in its control as of May 10, when researchers took over the command and control (C&C) server that communicated with the bots and served them additional malware. At the height of the botnet buildup, the botmaster was recruiting more than 200 machines an hour, says Tripp Cox, vice president of engineering for Damballa. The victims initially downloaded the pirated OS via popular bootlegged software sites and online forums.[/quote]
gobbybobby said:
Y do people feel they have to download the RC Vis torrents when they can get it FREE and legal from Microsoft? It makes no sence to me.
skitzo_zac said:
I dunno about torrents, but in some circumstances it doesn make sense to download it from another location other than Microsofts own website. I myself have a very crappy internet plan (512Kb with only 12GBs of downloads a month) so something like a 3GB iso is a fair chunk of my monthly allowance.Luckily, my ISP hosted the RC on their file mirror and I downloaded it from there, and it was not counted towards my monthly download limit.
hamsteyr said:
Same here. I'm running Windows 7 RC myself, which i got from microsoft's official site. Really defies logic as to why some fools choose to get it off torrents when you can get it for free. The only thing i can think of is... well that they wanted to get the 7106 or something (the build for RC is 7100). I don't think it makes that big of a difference so... congrats idiotas : D
Valensi101 said:
Lol just get it from Microsoft's official servers..
nunjabusiness said:
The "official" download wasn't available until a number of days after it was available as a torrent. Also, when it WAS put up there, the MS servers were slammed and you couldn't get respectable d/l speeds for a while. Some people just didn't want to have to wait. That is why some chose to get it via torrent. However, the correct MD5 checksum/hash WAS posted in a number of places so it was easy to tell if you got the clean one.
windmill007 said:
Microsoft should have there own official torrent from there website. It would take a load off there servers and sometimes people just perfer torrents for whatever reason. Get with the times Microsoft!
captain828 said:
As I always say... double check your source!I torrented (@ ~2.2MB/s) and installed RC1 some 1 week (if not more) before the official release date from a private and highly reputable tracker. My iso is untouched and the MD5 is the same as the official RC1, build 7100.I'm not saying that this is BS, but people should be more mindful from where they DL... and what they say.
gflo said:
You have to respect the guy that planted the Trojan. A botnet of several thousand computers could pretty much control the internet. I almost wish i would have though of it.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.