Been testing out the release candidate version of Windows 7? Well, if you grabbed yourself a copy of the operating system through BitTorrent rather than Microsoft’s official servers then you might be in for a surprise. Several news outlets are reporting that a new piece of malware embedded into counterfeit copies of Windows 7 is being used to build out a botnet of compromised PCs.
According to researchers at security firm Damballa, the infected software which is rigged with a Trojan downloader first appeared on April 24, and spread to thousands of zombie computers by the time they managed to shut down the network’s command and control server on May 10. At its peak, the malware was causing more than 550 new infections per hour, which are reportedly still occurring at a rate of about 1,600 per day with broad geographic distribution. However, since Damballa’s intervention, any new installs of this pirated Windows 7 RC distribution are outside the control of the botmaster hackers running the attack.
Needless to say, not all copies on torrent sites are necessarily infected but those interested in testing the release candidate are obviously advised to get it from Microsoft's official website here. This is not the first case of a botnet being built with pirated software distributed on the Internet. Earlier this year, researchers at Intego intercepted a Mac OS X malware threat circulating in pirated copies of Apple’s iWork 09 software.