Pirated Windows 7 software part of criminal botnet
- 13 May, 2009 07:38
Microsoft Windows 7 pirated versions have been found with hard-to-detect trojans intended for cybercrime purposes, according to a security firm.
Microsoft Windows 7 release candidate, made available to developers last week, almost immediately was pirated through various channels, including Torrents and news groups, according to security company Damballa. A pirated version Damballa has seen had a malware Trojan packed into it that would give an attacker the ability to take control of a computer and download whatever additional malware they wanted.
Tripp Cox, vice president of engineering at Damballa, says the pirated version basically becomes part of a criminal botnet.The Trojan in this pirated version of Microsoft Windows 7 recently made use of the domain name "codecs.sytes.net" for its command-and-control, but Damballa worked with industry partners it declined to name to nullify its effective use.
Damballa then was able to observe the rate of piracy for the Windows 7 release and noted that cybercrime organizations appear to be ready to exploit it. Cox says Damballa has witnessed a few thousand downloads of the pirated version of Windows 7.
There's a "collusion" between "software pirates and cybercrime organizations," says Cox, who adds the pirated Windows 7 distribution that Damballa uncovered through its collection methods may be just one of several pirated versions with different malware characteristics.
Damballa contends that traditional signature-based antimalware detection methods will not likely be able to spot the Trojan embedded in the Microsoft Windows 7 pirated version. Damballa's products detect by monitoring botnet behavior, such as the ability of botnets to communicate via infected computers to command-and-control points.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- Credit Union Australia signs Good Technology to secure 400 devices
- Taxi startup ingogo hails $3.4 million in latest funding round
- Updated: Federal Court dismisses Aust Post trade mark appeal
- Ruyton Girls’ School to swap paper books for tablets
- Training critical to Australia tapping broadband potential: CSIRO
Training critical to Australia tapping broadband potential: CSIRO
US faces major Internet image problem, former gov't official says
Why CIOs stick with cloud computing despite NSA snooping scandal
Telstra hits 300 Mbps in LTE-A trial
TPG buys AAPT