Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Friday, March 19, 2010

Pirated Version of Windows 7

Has Malware Built-in
Security researchers are warning that Internet users who install pirated versions of Microsoft's latest Windows 7 operating system may also be installing malicious software, too.
Experts at Atlanta-based security firm Damballa say they first noticed
hacked versions of the Windows 7 release candidate available on peer-to-peer file-sharing networks and newsgroups last week, shortly after the OS was released to developers.
Damballa found that computers with the tainted versions of Windows 7 were programmed to silently reach out to an Internet server to check for further updates, which in this case is a piece of malware that Kaspersky Antivirus calls Win32.Banload.cdk.
"The first thing this does is phone home and get a list of additional malware to install," said Tripp Cox, vice president of engineering at Damballa.
Damballa managed to grab control over the server that's contacted by the pirated Windows 7 versions -- codecs.sytes.net. -- which is how it knows how many new, compromised installations are requesting the malware. As of Monday afternoon, the company had tracked 3,452 compromised systems hitting the site, with a peak of more than 550 new infections per hour on Sunday.
It's a good idea to avoid installing software of any kind -- operating systems in particular -- downloaded from P2P networks. Bundling malware with executable and installer files is an old trick that is still quite useful and effective today. In fact, there are no shortage of shadowy pay-per-install programs that revolve around this concept, granting tiny commissions to affiliates who spread the poisoned files on P2P networks like BitTorrent. The screen shot below shows a popular pay-per-install forum where affiliates of different programs compare methods for making their poisoned installer files more attractive on P2P networks.

No comments: