Must Read: Mint 15: Today's best Linux desktop (Review)

Topic: Windows

Pirated Windows 7 leads to malware, botnet

Summary: Several news outlets (including eWEEK and Washington Post) are reporting on a new piece of malware embedded into pirated copies of Microsoft's Windows 7 for the express purpose of building a botnet.According to researchers at Damballa, the bootleg copies of the new operating system have been posted on torrent sites and was infecting downloaders at a rate of 552 users per hour.

Ryan Naraine

By for Zero Day |

Several news outlets (including eWEEK and Washington Post) are reporting on a new piece of malware embedded into pirated copies of Microsoft's Windows 7 for the express purpose of building a botnet.

According to researchers at Damballa, the bootleg copies of the new operating system have been posted on torrent sites and was infecting downloaders at a rate of 552 users per hour.

WaPo's Brian Krebs writes:

Damballa managed to grab control over the server that's contacted by the pirated Windows 7 versions -- codecs.systes.net -- which is how it knows how many new, compromised installations are requesting the malware. As of Monday afternoon, the company had tracked 3,452 compromised systems hitting the site, with a peak of more than 550 new infections per hour on Sunday.

There is evidence that the pirated packages of Windows 7 were released on torrent sites on April 24 and was live for at least 16 days before Damballa killed the command-and-control.   That puts estimates at about 27,000 installs, eWEEK reports.

[ SEE: iBotnet: Researchers find signs of zombie Macs ]

This is the second documented case of a botnet being built with pirated software distributed on the Internet.  Earlier this year, researchers at Symantec discovered a direct link between a malicious file embedded in pirated copies of Apple’s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks.

Topics: Windows, Malware, Microsoft, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

64 comments
Log in or register to join the discussion

  • Idiots....

    Who are the morons pirating something given away for free?
    JoeMama_z
    Reply Vote

    • You've gotta laugh at the stupidity of some people.

      nt
      Custard_over_2x_Pie
      Reply Vote

    • Scorpion and Frog for the geeks

      http://en.wikipedia.org/wiki/The_Scorpion_and_the_Frog
      Scrat
      Reply Vote

    • Given away for free...

      But only two builds have been made officially available - 7000 (the Beta in January) and 7100 (the RC in May). There were a number of builds - 7022, 7048, 7057, 7068 and 7077 that WEREN'T made publically available. There are always those who can't leave well enough alone and stick with the official beta/RC builds but have to be on the bleeding edge.

      I kinda figured those 'leaked' builds would be trouble...
      Wolfie2K3
      Reply Vote

    • I think that the question should be...

      who are the idiots who went and downloaded the infected versions from the dodgy site, and then went and installed it on their computer?

      As has been said, it was, and still is, FREE. What more could anyone want?
      RealAusTech
      Reply Vote

      • Who are they...? You ask..

        Well... Let's see.. We can start with a couple of our own intrepid ZDNet bloggers...

        And then there's all the guys out there who think that it's cool to be on the bleeding edge with the LATEST release - never mind it wasn't set up for broad public consumption. Most of those interim builds were designed to test specific fixes for specific issues.

        And then there the control freaks... They report a bug in build 7000 and get completely bent into a pretzle because Microsoft hasn't sent them an email acknowledging the bug report, the weekly progress report on how the coding is going with regards to his pet bug, and hasn't shown him that they've dealt with the issue. They go positively mental over the lack of response - even though they were told they would NOT be getting any.

        So, yes, there are people out there who think they know best. They're likley the ones being bit in the backside... DOH!
        Wolfie2K3
        Reply Vote

  • Security an after thought with Windows ;)

    Super secure Windows where malware is a feature not an option!
    Christian_<><
    Reply Vote

    • Kinda like your negativity?

      Never an option...but not a feature anyone would want, either!
      MGP2
      Reply Vote

    • So, no idea of what your talking about? :)

      Like the iLife (or whatecer) botnet for OSX is acceptable, right? Same tactic to get it in the software then out in the wild.

      But then if you purposelly brought a thief into you home then locked the doors, you'd probally blame the lock company for his ability to get in?
      AllKnowingAllSeeing
      Reply Vote

    • Wow

      Ignorant. This is not a vulnerability in the OS. Someone repackaged the installation to serve up the malware to pirates. Happens all the time to downloads of all types.
      djmik
      Reply Vote

    • Typical nonsense

      I guess we have to chalk up your comment to one more member of the "We Hate Windows Gang" who just cant seem to help themselves from spouting off about how bad Windows is even when the problem has nothing to do with a flaw in Windows.

      Lets recompile OSX or a Linux distribution with a trojan in it and have some moron download and install it from a bit torrent site. I'm betting the same problem would arise, except for the exceptional number of downloads Windows 7 had due to its popularity.
      Cayble
      Reply Vote

    • You

      Pitiful
      dev-null
      Reply Vote

    • thought challenged thinking someone else has an after thought

      If you have an OS
      That's yours, you have access to do with it what you like, including adding malware/ a BOT to it, then distributing it online.

      In fact, because MS didnt have a registry key to prevent BETA copies from being circulated on the net, this was allowed to happen.

      Had MS put registration on its Beta copies you'd be bitching and complaining about this instead!
      JABBER_WOLF
      Reply Vote

    • Security an after thought with Windows

      Did your mother have any kids that lived?
      Col Mustard
      Reply Vote

      • At least one. (nt)

        (nt)
        roaming
        Reply Vote

  • Free Windows 7

    I would suppose the attraction to this free Windows 7 over what Microsoft has on their servers is that the "kill switch" in this one has been disabled. If that's not the case then these people are truly not ready to join the Human Race.
    kozmcrae
    Reply Vote

    • Even so...

      wouldn't it be slightly less foolish to wait and try your luck with the final RTM release?

      :-)
      friedcow
      Reply Vote

  • RE: Pirated Windows 7 leads to malware, botnet

    Serves people right if they choose to download the beta or the RC from torrent sites.
    scouser73
    Reply Vote

  • dumb people

    some people are so stupid. why the hell would they download windows 7 from a torrent site when microsoft is giving it away for free for trial.

    serves them right
    blackhawk556
    Reply Vote

    • What I'd like to know...

      Am I going to be vulnerable still if I reinstall the system from a good ISO? Did anyone publish the correct hash for the RC ISO? Where can I get a program to check the hash?

      Is it necessary to check the hash for a Linux ISO? If it is, where do I find hashes for Ubuntu? Does everybody always check?
      Earthling2
      Reply Vote
CNET Join | Log In | Privacy | Cookies Close