blog.brentb.com

It doesn’t take long for software to appear on the torrents ready for downloading.  As people are ready to move away from Vista to something new and better without going to the Mac side – downloads of Microsoft Windows 7 has skyrocketed.  Although beta version were available to download, when the release candidate was leaked a lot of people jumped on BitTorrent to get themselves a copy.  Altough, the person who leaked this copy to the public had more to share than just the copy of windows 7.

According to a eWeek article the pirate also included their own software with this package:

According to researchers at Damballa, attackers hid a Trojan inside of pirated copies of the operating system and began circulating them on BitTorrent sites. Damballa reported that it shut down the botnet’s command and control server May 10, but by that time infection rates had risen as high as 552 users per hour.

….

In the case of Windows 7 RC, pirated copies were leaked on BitTorrent sites with a Trojan horse that, once downloaded, attempts to install a bundle of other malware on the infected machine. Blocking infections is tricky, as many anti-virus tools do not yet support Windows 7 and the operating system is infected before the tools can even be installed, according to Damballa. 

To have preinfected software in pirated software is not new, but having it on the OS installation is something I haven’t heard of before.  Antivirus is not usually the first thing people install when trying out a new operating system, especially when Windows 7 is not very antivirus software friendly currently.

So, for those that are looking for that cheap (free) software online – remember you get what you pay for.  =)  How about just using the public beta directly from Microsoft?

Brent Microsoft, TechNews Piracy, Spyware, Windows

I’ve had a lot of people ask me, “So, conficker wasn’t as big a deal as they thought?”.  I too expected to see something happen on April 1st once these bots got their instruction.  But when we didn’t see any big actions by the instruction, that wasn’t a good sign.   I thought the Gizmodo blog did a great post on this:

What the April 1 update did was simple: It provided instructions for linking up with the thousands, perhaps tens of thousands of new nodes registered by Conficker.c over the last few weeks, effectively growing the size of the p2p botnet to a point where it can not be stopped.

“It’s not about ownage, it’s about continued ownage,” says Kaminsky, citing a favorite quotation of one of his hacker buddies. “It’s not about how you get into the network, it’s about, ‘How do you be [there] a year from now?’” And the answer is: “You do a lot of the things the Conficker developers are doing.”

“This is not something where the guys wrote it, it’s out, then they’re going to go out and play Nintendo. They’re frankly trying to build something that is a sustainable network for months or years to come,” Kaminsky says.

Kevin Haley, director of Symantec Security Response, raises another good point: “The first [of April] would have been a pretty bad day to choose [to do something with Conficker], because everyone was watching to see what was going to happen. Whoever’s behind this is as lot more patient than we are.”

So, I agree – I think the creator(s) are doing this very well.  They are going to use this worm for something a little more than a prank.  So, please people – update your windows & run the cleaner utility to make sure you don’t have this on your system.

Brent Microsoft, TechNews Conficker, Microsoft, Windows