[Infowarrior] - Pirated Windows 7 RC builds botnet

Richard Forno rforno at infowarrior.org
Thu May 14 13:58:37 UTC 2009 

  May 14, 2009 5:58 AM PDT
Pirated Windows 7 RC builds botnet
by Matthew Broersma

http://news.cnet.com/8301-1009_3-10240643-83.html?part=rss&subj=news&tag=2547-1_3-0-20

A pirated version of Windows 7 Release Candidate infected with a  
Trojan horse has created a botnet with tens of thousands of bots under  
its control, according to researchers at security firm Damballa.

The software, which first appeared on April 24, spread as quickly as  
several hundred new bots per hour, and controlled roughly 27,000 bots  
by the time Damballa took over the network's command and control  
server on May 10, the firm said Tuesday.

The pirated software was spread via popular piracy sites and online  
forums, Damballa said.

The software is primarily designed to download and install other  
malicious packages under a "pay-per-install" scheme, under which the  
botmasters are paid based on the number of other pieces of malware  
they cause to be installed, Damballa said.

Infected installations are continuing to appear at a rapid rate,  
according to the company.

"We continue to see new installs happening at a rate of about 1,600  
per day with broad geographic distribution," Tripp Cox, Damballa's  
vice president of engineering, said in a statement. "Since our  
takedown (of the command and control server), any new installs of this  
pirated distribution of Windows 7 RC are inaccessible by the botmaster."

However, the botmaster still controls the existing installations,  
Damballa said. The infected systems are mainly concentrated in the  
U.S., with 10 percent, and the Netherlands and Italy, with 7 percent  
each.

Windows 7 RC has been used as a lure by other malware distributors  
since its launch on May 5, according to security experts. On Monday,  
Trend Micro said it found the Trojan horse TROJ_DROPPER.SPX  
masquerading as a copy of the release candidate.

Botnets are one of the most serious threats on the Internet, according  
to security experts, and are typically used to carry out denial-of- 
service attacks or phishing schemes or to send junk mail. Last month,  
SecureWorks researcher Joe Stewart suggested that technology was not  
enough to stop botnets, arguing that the IT industry should look to  
new law-enforcement measures.

The legitimate version of Windows 7 RC is available from Microsoft's  
Web site.

More information about the Infowarrior mailing list