Pirated Windows 7 leads to malware, botnet


Recommended Posts

For those of you who downloaded the RC from unofficial sources, might want to consider this. This was just posted today.

Several news outlets (including eWEEK and Washington Post) are reporting on a new piece of malware embedded into pirated copies of Microsoft?s Windows 7 for the express purpose of building a botnet.

According to researchers at Damballa, the bootleg copies of the new operating system have been posted on torrent sites and was infecting downloaders at a rate of 552 users per hour.

WaPo?s Brian Krebs writes:

Damballa managed to grab control over the server that?s contacted by the pirated Windows 7 versions ? codecs.systes.net ? which is how it knows how many new, compromised installations are requesting the malware. As of Monday afternoon, the company had tracked 3,452 compromised systems hitting the site, with a peak of more than 550 new infections per hour on Sunday.

There is evidence that the pirated packages of Windows 7 were released on torrent sites on April 24 and was live for at least 16 days before Damballa killed the command-and-control. That puts estimates at about 27,000 installs, eWEEK reports.

This is the second documented case of a botnet being built with pirated software distributed on the Internet. Earlier this year, researchers at Symantec discovered a direct link between a malicious file embedded in pirated copies of Apple?s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks.

Source: Pirated Windows 7 leads to malwa/url]

Link to comment
Share on other sites

It was only a TPB torrent which was deleted.

Use a Hash program to check that your ISO is/isn't infected, use the following hashes:

x86: 8867C13330F56A93944BCD46DCD73590

x64: 98341AF35655137966E382C4FEAA282D

Just load up Hash, browse for your ISO, wait for it to finish, check to make sure that Hash's MD5 hash matches the corresponding hash above. If it doesn't then you got a modified ISO and it could be the infected one. Either way if it's modified or infected or both, I would still install a legit copy from Microsoft's website.

Link to comment
Share on other sites

And it's suddenly news worthy when the subject is Windows 7 ...

The amount of illegal torrents loaded with malware, spyware, dialers and other malicious code is staggering.

Link to comment
Share on other sites

Good thing I re-installed with the Microsoft downloaded one, the one I previously had (build 7100) the Hash didn't match.

Link to comment
Share on other sites

late news if it had malware on it it would've been caught ALOT earlier by the early downloaders, who usually comment if there is something wrong it, unless this is recently uploaded or changed

Link to comment
Share on other sites

And it's suddenly news worthy when the subject is Windows 7 ...

The amount of illegal torrents loaded with malware, spyware, dialers and other malicious code is staggering.

qft

download from somewhere where you know theres no malware

How can you pirate a free RC version of something? :huh:

because it was released a week before the RC went public, and also its not just about it being pirated people torrent it because you could easily achieve greater speeds than those from M$ when everyone was rushing to download it.

Link to comment
Share on other sites

According to researchers at Damballa, the bootleg copies of the new operating system have been posted on torrent sites and was infecting downloaders at a rate of 552 users per hour.

And some people still have trouble understanding why Microsoft wants users to download from their official website rather than "rely" on torrents. Yeah, that sure is a hard mystery to crack isn't it?

Link to comment
Share on other sites

That's the price you pay for downloading from torrents. ;)

Actually there are plenty of legit torrents out there, don't blame a medium just because some jerk off nerd wants to play super-villain with people's PCs.

Edited by Gibletz
Link to comment
Share on other sites

This is why those who downloaded the leaked Windows 7 RC should have checked if the MD5 hash matched the official hash.

Link to comment
Share on other sites

Who's to guarantee that leaked builds are virus-free, anyway?

If you stumble across some odd quirk on your Windows 7 installation, you'd immediately

chalk it up to immature code. You have no idea how many computers the code goes through

from leak-source to you. There would d never be a way to validate the code as being from an

authentic source, as, let's face it, if that authentic source were identified, (s)he'd be

no longer in the employ of Microsoft.

Link to comment
Share on other sites

It was only a TPB torrent which was deleted.

Use a Hash program to check that your ISO is/isn't infected, use the following hashes:

x86: 8867C13330F56A93944BCD46DCD73590

x64: 98341AF35655137966E382C4FEAA282D

Just load up Hash, browse for your ISO, wait for it to finish, check to make sure that Hash's MD5 hash matches the corresponding hash above. If it doesn't then you got a modified ISO and it could be the infected one. Either way if it's modified or infected or both, I would still install a legit copy from Microsoft's website.

I got mine from the connect site using Microsofts own downloading tool and the MD5 on both 64 and 86 version don't match yours

Link to comment
Share on other sites

I got mine from the connect site using Microsofts own downloading tool and the MD5 on both 64 and 86 version don't match yours

I've seen a fair number of posters and legitimate news sites claiming they downloaded direct from MS and those hashes are correct.

many included a sha1 to be extra specially doubly sure.

7100.0.090421-1700_x64fre_client_en-us_retail_ultimate-grc1culxfrer_en_dvd.iso

md5: 98341af35655137966e382c4feaa282d

sha1: fc867fe1ab2e0a9796f9e4d155b44ea6998f4874

I will get round to re-checking the x64 version myself shortly

Link to comment
Share on other sites

Remember that you can always go here to check official hashes for a lot of Microsoft iso's

Thank you boogerjones, from that page :

File Name: en_windows_7_ultimate_rc_x64_dvd_347803.iso Date Posted (UTC): 4/30/2009 6:00:41 AM

SHA1: FC867FE1AB2E0A9796F9E4D155B44EA6998F4874 ISO/CRC: 58FB2BE0

Available to Levels: TechNet Plus SA Media; TechNet Plus (Retail); TechNet Direct (Retail); TechNet Plus (VL); TechNet Plus Direct (VL); TechNet Cert Partner; TechNet Gold Cert Partner; TechNet Plus Consumer Service Professional Pilot;

Windows 7 Ultimate RC (x86) - DVD (English)

Includes: Release Candidate; 04-30-2009

Details

Keys

Download

File Name: en_windows_7_ultimate_rc_x86_dvd_349010.iso Date Posted (UTC): 4/30/2009 6:00:41 AM

SHA1: 7D1F486CA569EFFFFB719CFB48355BB7BF499712 ISO/CRC: E8A1C394

Available to Levels: TechNet Plus SA Media; TechNet Plus (Retail); TechNet Direct (Retail); TechNet Plus (VL); TechNet Plus Direct (VL); TechNet Cert Partner; TechNet Gold Cert Partner; TechNet Plus Consumer Service Professional Pilot;

thus the sha1 values i'd seen posted all over the place on news sites I actually trusted are correct.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.