According to researchers at Damballa, the bootleg copies of the new operating system have been posted on torrent sites and was infecting downloaders at a rate of 552 users per hour.
WaPo's Brian Krebs writes:
Damballa managed to grab control over the server that's contacted by the pirated Windows 7 versions -- codecs.systes.net -- which is how it knows how many new, compromised installations are requesting the malware. As of Monday afternoon, the company had tracked 3,452 compromised systems hitting the site, with a peak of more than 550 new infections per hour on Sunday.
There is evidence that the pirated packages of Windows 7 were released on torrent sites on April 24 and was live for at least 16 days before Damballa killed the command-and-control. That puts estimates at about 27,000 installs, eWEEK reports.
This is the second documented case of a botnet being built with pirated software distributed on the Internet. Earlier this year, researchers at Symantec discovered a direct link between a malicious file embedded in pirated copies of Apple’s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks.