DSLJay Posted May 12, 2009 Share Posted May 12, 2009 For those of you who downloaded the RC from unofficial sources, might want to consider this. This was just posted today. Several news outlets (including eWEEK and Washington Post) are reporting on a new piece of malware embedded into pirated copies of Microsoft?s Windows 7 for the express purpose of building a botnet. According to researchers at Damballa, the bootleg copies of the new operating system have been posted on torrent sites and was infecting downloaders at a rate of 552 users per hour. WaPo?s Brian Krebs writes: Damballa managed to grab control over the server that?s contacted by the pirated Windows 7 versions ? codecs.systes.net ? which is how it knows how many new, compromised installations are requesting the malware. As of Monday afternoon, the company had tracked 3,452 compromised systems hitting the site, with a peak of more than 550 new infections per hour on Sunday. There is evidence that the pirated packages of Windows 7 were released on torrent sites on April 24 and was live for at least 16 days before Damballa killed the command-and-control. That puts estimates at about 27,000 installs, eWEEK reports. This is the second documented case of a botnet being built with pirated software distributed on the Internet. Earlier this year, researchers at Symantec discovered a direct link between a malicious file embedded in pirated copies of Apple?s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks. Source: Pirated Windows 7 leads to malwa/url] Link to comment Share on other sites More sharing options...
jakem1 Posted May 12, 2009 Share Posted May 12, 2009 Hardly surprising. Link to comment Share on other sites More sharing options...
xJakex Posted May 12, 2009 Share Posted May 12, 2009 It was only a TPB torrent which was deleted. Use a Hash program to check that your ISO is/isn't infected, use the following hashes: x86: 8867C13330F56A93944BCD46DCD73590 x64: 98341AF35655137966E382C4FEAA282D Just load up Hash, browse for your ISO, wait for it to finish, check to make sure that Hash's MD5 hash matches the corresponding hash above. If it doesn't then you got a modified ISO and it could be the infected one. Either way if it's modified or infected or both, I would still install a legit copy from Microsoft's website. Link to comment Share on other sites More sharing options...
Sethos Posted May 12, 2009 Share Posted May 12, 2009 And it's suddenly news worthy when the subject is Windows 7 ... The amount of illegal torrents loaded with malware, spyware, dialers and other malicious code is staggering. Link to comment Share on other sites More sharing options...
+Tyranade Subscriber² Posted May 12, 2009 Subscriber² Share Posted May 12, 2009 Good thing I re-installed with the Microsoft downloaded one, the one I previously had (build 7100) the Hash didn't match. Link to comment Share on other sites More sharing options...
lalalawawawa Posted May 12, 2009 Share Posted May 12, 2009 How can you pirate a free RC version of something? :huh: Link to comment Share on other sites More sharing options...
jonhapimp Posted May 12, 2009 Share Posted May 12, 2009 late news if it had malware on it it would've been caught ALOT earlier by the early downloaders, who usually comment if there is something wrong it, unless this is recently uploaded or changed Link to comment Share on other sites More sharing options...
jjrambo Posted May 12, 2009 Share Posted May 12, 2009 It's bull****, NEXT. Link to comment Share on other sites More sharing options...
addc182 Posted May 12, 2009 Share Posted May 12, 2009 And it's suddenly news worthy when the subject is Windows 7 ...The amount of illegal torrents loaded with malware, spyware, dialers and other malicious code is staggering. qft download from somewhere where you know theres no malware How can you pirate a free RC version of something? :huh: because it was released a week before the RC went public, and also its not just about it being pirated people torrent it because you could easily achieve greater speeds than those from M$ when everyone was rushing to download it. Link to comment Share on other sites More sharing options...
Island Dog Posted May 13, 2009 Share Posted May 13, 2009 That's the price you pay for downloading from torrents. ;) Link to comment Share on other sites More sharing options...
C_Guy Posted May 13, 2009 Share Posted May 13, 2009 According to researchers at Damballa, the bootleg copies of the new operating system have been posted on torrent sites and was infecting downloaders at a rate of 552 users per hour. And some people still have trouble understanding why Microsoft wants users to download from their official website rather than "rely" on torrents. Yeah, that sure is a hard mystery to crack isn't it? Link to comment Share on other sites More sharing options...
Gibletz Posted May 13, 2009 Share Posted May 13, 2009 (edited) That's the price you pay for downloading from torrents. ;) Actually there are plenty of legit torrents out there, don't blame a medium just because some jerk off nerd wants to play super-villain with people's PCs. Edited May 13, 2009 by Gibletz Link to comment Share on other sites More sharing options...
Lee G. Veteran Posted May 13, 2009 Veteran Share Posted May 13, 2009 This is why those who downloaded the leaked Windows 7 RC should have checked if the MD5 hash matched the official hash. Link to comment Share on other sites More sharing options...
sweetsam Posted May 13, 2009 Share Posted May 13, 2009 There was a report of the same issue with a copy of windows XP on torrents not too long ago. Link to comment Share on other sites More sharing options...
Eric Veteran Posted May 13, 2009 Veteran Share Posted May 13, 2009 How can you pirate a free RC version of something? :huh: Download it from somewhere besides Microsoft before it's released? Link to comment Share on other sites More sharing options...
ootput Posted May 13, 2009 Share Posted May 13, 2009 Who's to guarantee that leaked builds are virus-free, anyway? If you stumble across some odd quirk on your Windows 7 installation, you'd immediately chalk it up to immature code. You have no idea how many computers the code goes through from leak-source to you. There would d never be a way to validate the code as being from an authentic source, as, let's face it, if that authentic source were identified, (s)he'd be no longer in the employ of Microsoft. Link to comment Share on other sites More sharing options...
Shaun N. Posted May 14, 2009 Share Posted May 14, 2009 It was only a TPB torrent which was deleted. Use a Hash program to check that your ISO is/isn't infected, use the following hashes: x86: 8867C13330F56A93944BCD46DCD73590 x64: 98341AF35655137966E382C4FEAA282D Just load up Hash, browse for your ISO, wait for it to finish, check to make sure that Hash's MD5 hash matches the corresponding hash above. If it doesn't then you got a modified ISO and it could be the infected one. Either way if it's modified or infected or both, I would still install a legit copy from Microsoft's website. I got mine from the connect site using Microsofts own downloading tool and the MD5 on both 64 and 86 version don't match yours Link to comment Share on other sites More sharing options...
yakumo Posted May 14, 2009 Share Posted May 14, 2009 I got mine from the connect site using Microsofts own downloading tool and the MD5 on both 64 and 86 version don't match yours I've seen a fair number of posters and legitimate news sites claiming they downloaded direct from MS and those hashes are correct. many included a sha1 to be extra specially doubly sure. 7100.0.090421-1700_x64fre_client_en-us_retail_ultimate-grc1culxfrer_en_dvd.iso md5: 98341af35655137966e382c4feaa282d sha1: fc867fe1ab2e0a9796f9e4d155b44ea6998f4874 I will get round to re-checking the x64 version myself shortly Link to comment Share on other sites More sharing options...
Zelete Posted May 14, 2009 Share Posted May 14, 2009 Luckily my MD5 is the same it seems :) Link to comment Share on other sites More sharing options...
(Spork) Posted May 14, 2009 Share Posted May 14, 2009 That's the price you pay for downloading from torrents. ;) :rolleyes: Link to comment Share on other sites More sharing options...
ahhell Posted May 14, 2009 Share Posted May 14, 2009 Why not just download the damn thing from Microsoft??? Link to comment Share on other sites More sharing options...
boogerjones Posted May 14, 2009 Share Posted May 14, 2009 Remember that you can always go here to check official hashes for a lot of Microsoft iso's Link to comment Share on other sites More sharing options...
yakumo Posted May 14, 2009 Share Posted May 14, 2009 Remember that you can always go here to check official hashes for a lot of Microsoft iso's Thank you boogerjones, from that page : File Name: en_windows_7_ultimate_rc_x64_dvd_347803.iso Date Posted (UTC): 4/30/2009 6:00:41 AMSHA1: FC867FE1AB2E0A9796F9E4D155B44EA6998F4874 ISO/CRC: 58FB2BE0 Available to Levels: TechNet Plus SA Media; TechNet Plus (Retail); TechNet Direct (Retail); TechNet Plus (VL); TechNet Plus Direct (VL); TechNet Cert Partner; TechNet Gold Cert Partner; TechNet Plus Consumer Service Professional Pilot; Windows 7 Ultimate RC (x86) - DVD (English) Includes: Release Candidate; 04-30-2009 Details Keys Download File Name: en_windows_7_ultimate_rc_x86_dvd_349010.iso Date Posted (UTC): 4/30/2009 6:00:41 AM SHA1: 7D1F486CA569EFFFFB719CFB48355BB7BF499712 ISO/CRC: E8A1C394 Available to Levels: TechNet Plus SA Media; TechNet Plus (Retail); TechNet Direct (Retail); TechNet Plus (VL); TechNet Plus Direct (VL); TechNet Cert Partner; TechNet Gold Cert Partner; TechNet Plus Consumer Service Professional Pilot; thus the sha1 values i'd seen posted all over the place on news sites I actually trusted are correct. Link to comment Share on other sites More sharing options...
Recommended Posts