Feeds

Pirate Win 7 ruse used to build botnet

Zombie torrent

3 Big data security analytics techniques

A Trojan buried within counterfeit copies of Windows 7 RC was used to build a botnet of compromised PCs.

The tactic emerged after researchers from security firm Damballa shut down the command and control servers used to control the system, reckoned to have drafted thousands of Windows PCs into its compromised ranks. Damballa reckons malicious hackers distributed the malware by hiding it within counterfeit copies of pre-release versions of Microsoft's next operating system on offer through BitTorrent.

Damballa reckons that the pirated package was released around 24 April. By 10 May, when security researchers effectively curtailed the operation, as many as 552 new users were becoming infected per hour as a result of the attack.

"Since the pirated package was released on 24 April, my best guess is that this botnet probably had at least 27,000 successful installs prior to our takedown of its CnC [command and control] on 10 May," Tripp Cox, vice president of engineering at Damballa, told eWeek.

Since Damballa's intervention, users installing the pirated version of Windows 7 RC are outside the control of the botmaster hackers running the attack. However, users who were compromised prior to 10 May remain within the ranks of the zombie drones controlled by the unidentified hackers.

Trend Micro identifies the Trojan featured in the attack as DROPPER-SPX.

Burying backdoors in counterfeit code is a popular tactic among crackers witnessed many times over the years with pirated copies of Microsoft applications and, more recently, with pirated versions of iWork '09 for Apple Mac machines. In the case of the latest attack, prospective Windows 7 RC users get infected before they have a chance to install anti-virus tools, many of which are yet to support Windows 7 anyway.

Those keen to get their mitts on windows 7 RC would do far better to go directly to Microsoft's official website here. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.