Pirate copies of Windows 7 have been found with hard-to-detect trojans intended for cybercrime purposes, according to a security firm.
Dodgy copies being peddled by cybercriminals
Microsoft's Windows 7 release candidate, made available last week, almost immediately was pirated through various channels, including Torrents and news groups, according to security company Damballa. A pirated version Damballa has seen had a malware Trojan packed into it that would give an attacker the ability to take control of a computer and download whatever additional malware they wanted.
Tripp Cox, vice president of engineering at Damballa, says the pirated version basically becomes part of a criminal botnet.
The Trojan in this pirated version of Microsoft Windows 7 recently made use of the domain name 'codecs.sytes.net' for its command-and-control, but Damballa worked with industry partners it declined to name to nullify its effective use.
Damballa then was able to observe the rate of piracy for the Windows 7 release and noted that cybercrime organisations appear to be ready to exploit it. Cox says Damballa has witnessed a few thousand downloads of the pirated version of Windows 7.
There's a "collusion" between "software pirates and cybercrime organisations," says Cox, who adds the pirated Windows 7 distribution that Damballa uncovered through its collection methods may be just one of several pirated versions with different malware characteristics.
Damballa contends that traditional signature-based antimalware detection methods will not likely be able to spot the Trojan embedded in the Microsoft Windows 7 pirated version. Damballa's products detect by monitoring botnet behaviour, such as the ability of botnets to communicate via infected computers to command-and-control points.
See also:
