On mySimon: Bare Escentuals Sweet Obsession

BNET Business Network:: BNET; TechRepublic; ZDNet

Zero Day

Ryan Naraine and Dancho Danchev

Get Zero Day via:: Mobile; RSS; Email Alerts
Bios:: Ryan’s Bio; Dancho’s Bio

May 12th, 2009

Pirated Windows 7 leads to malware, botnet

Posted by Ryan Naraine @ 2:26 pm

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Malware, Microsoft, Pen testing, Vulnerability research, Windows Vista

Tags: Researcher, Microsoft Windows 7, Malware, WaPo, Microsoft Windows, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Operating Systems

Several news outlets (including eWEEK and Washington Post) are reporting on a new piece of malware embedded into pirated copies of Microsoft’s Windows 7 for the express purpose of building a botnet.

According to researchers at Damballa, the bootleg copies of the new operating system have been posted on torrent sites and was infecting downloaders at a rate of 552 users per hour.

WaPo’s Brian Krebs writes:

Damballa managed to grab control over the server that’s contacted by the pirated Windows 7 versions — codecs.systes.net — which is how it knows how many new, compromised installations are requesting the malware. As of Monday afternoon, the company had tracked 3,452 compromised systems hitting the site, with a peak of more than 550 new infections per hour on Sunday.

There is evidence that the pirated packages of Windows 7 were released on torrent sites on April 24 and was live for at least 16 days before Damballa killed the command-and-control. That puts estimates at about 27,000 installs, eWEEK reports.

[ SEE: iBotnet: Researchers find signs of zombie Macs ]

This is the second documented case of a botnet being built with pirated software distributed on the Internet. Earlier this year, researchers at Symantec discovered a direct link between a malicious file embedded in pirated copies of Apple’s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks.

Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.

Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Talkback
Most Recent of 63 Talkback(s)

Thread View
Flat View

You could have seen this coming...: Dissatisfaction with the current OS
+ luddite users swayed by social engineering spam
+ fine-tuned botnet process
= massive mal-OS adoption.
... (Read the rest); Posted by: 3dguru Posted on: 05/16/09 You are currently: a Guest | Log in | Terms of Use

Idiots.... JoeMama_z | 05/12/09

You've gotta laugh at the stupidity of some people. Custard_over_2x_Pie | 05/12/09

Scorpion and Frog for the geeks Scrat | 05/13/09

Given away for free... Wolfie2K3 | 05/13/09

I think that the question should be... RealAusTech | 05/14/09

Who are they...? You ask.. Wolfie2K3 | 05/15/09

Security an after thought with Windows wink

wink

Christian_<>< | 05/12/09

Kinda like your negativity? MGP2 | 05/13/09

So, no idea of what your talking about? happy

happy

Pliny the Elder | 05/13/09

Wow djmik | 05/13/09

Typical nonsense Cayble | 05/13/09

You dev-null | 05/13/09

thought challenged thinking someone else has an after thought JABBER_WOLF | 05/13/09

Security an after thought with Windows Col Mustard | 05/13/09

At least one. (nt) roaming | 05/13/09

Free Windows 7 kozmcrae | 05/12/09

Even so... friedcow | 05/13/09

RE: Pirated Windows 7 leads to malware, botnet scouser73 | 05/12/09

dumb people xicanonaztlanca | 05/12/09

What I'd like to know... Earthling2 | 05/12/09

Download it from tyhe MS website for god`s sake.. Soulstorm | 05/12/09

How can you be so sure that speeds are great? InAction Man | 05/13/09

Re: How can you be so sure that speeds are great? Francis K. | 05/13/09

You're right tikigawd | 05/13/09

LOL eternal949 | 05/13/09

RE; How can you be so sure that speeds are great? Col Mustard | 05/13/09

Why? InAction Man | 05/14/09

What about Linux dev-null | 05/13/09

linux is safe... shawnvega | 05/14/09

Hashes eMJayy | 05/13/09

Hashes... jjesusfreak01 | 05/13/09

Download Manager Checks the File friedcow | 05/13/09

re: What I'd like to know... none none | 05/13/09

MD5 for Ubuntu halj | 05/13/09

@ Earthling2: It's NOT the RC they're talking about... Wolfie2K3 | 05/15/09

The problem is tikigawd | 05/13/09

Please explain payton@... | 05/13/09

Windows 7 isn't a botnet... dnoakes@... | 05/13/09

just as dumb emenau | 05/14/09

Huh? Chrissd | 05/13/09

C&C swattz101 | 05/13/09

Chrissd??? Half Moron??? You decide.... i8thecat | 05/13/09

RE: Pirated Windows 7 leads to malware, botnet gertruded | 05/13/09

Caveat Emptor LarryPTL | 05/13/09

Umm your point? friedcow | 05/13/09

Not Easy To Distribute Using A Torrent DaveAtFraud | 05/13/09

Not so hard considering... edwards.wb | 05/13/09

torrent win 7 infected halj | 05/13/09

Free download from MS or Grab from Torrent simon.jackson@... | 05/13/09

RE: Pirated Windows 7 leads to malware, botnet syhprum1@... | 05/13/09

Size doesnt matter very much dev-null | 05/13/09

YES! You should set up with the offical version Breetai | 05/13/09

RE: Pirated Windows 7 leads to malware, botnet syhprum1@... | 05/13/09

RE: Pirated Windows 7 leads to malware, botnet edwards.wb | 05/13/09

RE: Pirated Windows 7 leads to malware, botnet srmgr@... | 05/13/09

RE: Pirated Windows 7 leads to malware, botnet neverhome | 05/13/09

RE: Pirated Windows 7 leads to malware, botnet wtfnix | 05/13/09

RE: Pirated Windows 7 leads to malware, botnet rdhalsteatzd | 05/13/09

Just goes to show that people's greed is the weak link... konkreet | 05/13/09

RE; konkreet Col Mustard | 05/13/09

Jeez... James T. Kirk | 05/14/09

RE: Pirated Windows 7 leads to malware, botnet raymond.doctor@... | 05/13/09

You could have seen this coming... 3dguru | 05/16/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now

Recent Entries

Blogs From Our Sponsors

Top Rated

Facebook password-reset spam is Bredolab botnet attack+46 votes
Thousands of web sites compromised, redirect to scareware+43 votes
Microsoft confirms 'detailed' Windows 7 exploit+43 votes
Firefox hit by multiple drive-by download flaws+41 votes
Which antivirus is best at removing malware?+39 votes
iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
New LoroBot ransomware encrypts files, demands $100 for decryption+28 votes
Mac OS X mega patch covers 58 security vulnerabilities+26 votes

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
Finally, an easier way for Small and Mid-Sized Companies to Run Their Business Applications: IBM Smart Business IBM From the PC to the Internet to every piece of hardware and software in ... Download Now
Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now

Popular Sanity Saver Videos

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More