Pirated Windows 7 RC builds botnet

A pirated version of Windows 7 Release Candidate infected with a Trojan horse has created a botnet with tens of thousands of bots under its control, according to researchers at security firm Damballa.

The software, which first appeared on April 24, spread as quickly as several hundred new bots per hour, and controlled roughly 27,000 bots by the time Damballa took over the network's command and control server on May 10, the firm said Tuesday.

The pirated software was spread via popular piracy sites and online forums, Damballa said.

The software is primarily designed to download and install other malicious packages under a "pay-per-install" scheme, under which the botmasters are paid based on the number of other pieces of malware they cause to be installed, Damballa said.

Infected installations are continuing to appear at a rapid rate, according to the company.

"We continue to see new installs happening at a rate of about 1,600 per day with broad geographic distribution," Tripp Cox, Damballa's vice president of engineering, said in a statement. "Since our takedown (of the command and control server), any new installs of this pirated distribution of Windows 7 RC are inaccessible by the botmaster."

However, the botmaster still controls the existing installations, Damballa said. The infected systems are mainly concentrated in the U.S., with 10 percent, and the Netherlands and Italy, with 7 percent each.

Windows 7 RC has been used as a lure by other malware distributors since its launch on May 5, according to security experts. On Monday, Trend Micro said it found the Trojan horse TROJ_DROPPER.SPX masquerading as a copy of the release candidate.

Botnets are one of the most serious threats on the Internet, according to security experts, and are typically used to carry out denial-of-service attacks or phishing schemes or to send junk mail. Last month, SecureWorks researcher Joe Stewart suggested that technology was not enough to stop botnets, arguing that the IT industry should look to new law-enforcement measures.

The legitimate version of Windows 7 RC is available from Microsoft's Web site.

Matthew Broersma of ZDNet UK reported from London.

Images: A peek at Windows 7 release candidate

[babystars_13]

Your ignorant if you download something pirated and think that there's nothing wrong with it.

[dhavleak]

The most perplexing part -- it's available for free from MS! Why would somebody take a risk and download it from any other source?? People are really daft sometimes...

[Random_Walk]

Almost agreed. I wouldn't say "ignorant", but would skip straight to "stupid".

[sharmajunior]

Exactly, why would anyone download Windows 7 from file sharing sites when you can do it for free driectly from Microsoft where you don't risk anything like this atleast.

[jake3373]

All completely true.

[screamapillar]

I'm not sure why anyone would D/L Windows 7 period but I dare say people that pirated it trusted the randomness of the pirate version to the very definitie evil of Microsoft. "Free" from M$ means the cost is probably very high indeed and that you have to consent to having your privacy invaded in some form (much like the P4s forced). I'm speculating of course on the consequence of trusting M$ but am merely trying to give perspective as to why someone would rather trust a pirate copy than M$s copy.

[Mr.Californian]

Haha I'm one of those retards. I thought that the MS direct link was not a P2P and therefore slower, so I just went to TPB. I then downloaded the 64-bit copy, and I tried MS (by accident actually), and found it was a P2P, so it was actually faster! Wow did I feel stupid. Uh, so does anyone know how to check if my first copy is legit? I activated it fine enough, but I don't much feel like reinstalling (unless it's bad, of course). *Hits forehead*. Could'a had a V8! Oh wait I did. And I'm using Chrome.

[tektaktyks]

WELL,IF THEY GET IT FROM ILLEGAL FILE SHARING SITES...SOMEBODY SHOULD BE HAPPY ABOUT IT...

[UpajOs]

Please, STOP SHOUTING. I'm trying to take a nap.

[ducttape36]

why would you pirate something that is free?

[protagonistic]

Just goes to prove there is no lack of idiots using computers.

[Sam Papelbon]

i've used bittorrent to download plenty of software that's available free elsewhere because oftentimes it's faster. things like various linux distros and F2P mmo games. it's especially useful for large files so you can easily resume them if your connection is interrupted. it's really irresponsible reporting to label this as a pirated copy.

[dhavleak]

@ Sam Papelbon

It was modified (to include a trojan) and then made available via torrents.

Perhaps 'pirating' isn't the correct word, technically speaking, but that's just arguing semantics. It's basically malware, and anyone downloading it from these alternate channels is pretty dumb, considering it's freely available from MS.

[Michichael]

@Sam

Yeah, except MS's download uses a download manager that lets you resume as well...

[Magicland]

First, this isn't a "pirated" version of Windows 7 RC. It's the same version that's being freely distributed by Microsoft, with the addition of the botnet software. Re-distributing freely available software doesn't make it "pirated". I really wish Cnet would actually learn to REPORT, their current crop of so-called "reporters" are just a half-step up from idiots. Apparently there's no such thing as editorial oversight there either.

Second, anyone who installs this instead of the clean original from Microsoft is an idiot, and deserves whatever they get.

[rapier1]

Of course its pirated. Just because the application is free doesn't mean it can't be distributed in violation of its copyright - which it was. Hence, it's pirated. Copyright violation is *not* dependent on the financial impact but on the terms of the license.

[Universal_Indie_Records]

"Second, anyone who installs this instead of the clean original from Microsoft is an idiot, and deserves whatever they get."


Co-sign!

[Vegaman_Dan]

It was pirated because it was from a prerelased build. The official build was only release a week ago here in May. The pirated version was out there in April. The people who downloaded and isntalled this were doing so with an illegal copy.

[Aaron Kempf]

it _IS_ a piracted copy, sorry!

[gggg sssss]

So where did you read that MS allows you or the bot masters to redistribute windows 7? The somalians arent pirates either, just redistributing the money thatthey get from the shipping companies?

[pentest]

Are you seriously comparing software copyright infringers to the somalia pirates?

A new low!

[ReVeLaTeD]

My question is why there is a focus on the botnet maker, and not the companies that are paying to have their malware loaded. I understand the Trojan loader deserves punishment, but to me, the incentive wouldn't be there if there weren't companies paying money to infect systems with junk. That's what got Bonzo Buddy in trouble; but I haven't seen any further prosecutions of these companies. Just another example of the duplicitous nature of our legal system.

[yacahuma]

The funny thing is that all the idios that install the software will keep using it for years(if the pirates disable checking) and they will be so happy because it cost them nothing. JAJAJA

[gggg sssss]

naw, they are stupid enough that they will install WGA 7 and have MS shut them down.

[jake3373]

Actually, in Win7, its not WGA anymore - they gave it a new name.
Windows Genuine Advantage is now a name that everyone knows and hates, so in Win7 they are giving it a new name.

[rootbooter]

Thank you rapier1, you took the words right from my mouth. Sometimes I marvel at the amount of rubbish spewn from the mouth of babes.

[ducttape36]

the 'mouths of babes' expression is used to convey surprise at the insight and wisdom that can come from a child. i dont mean to be a jerk about this, but i think you meant to say something different.

[shootfirst]

Yep there are a bunch of morons out there that use pirated operating systems. Why go through all the trouble of using Windows, just get a legit copy of Linux and use it instead. Most of the idiots that pirate this crap don't even really need Windows. However you are going to be on a botnet with any version of Windows one way or the other so whats the harm at least you know what botnet you will be on hehe.

[rapier1]

Of course, using the same distribution methods it wouldn't be all that hard to get a distro of linux that is also laden with malware. Unless you actually go to the hassle of checking the hashes against the canonical source you're asking for a world of hurt.

[goodspeed8701]

What is linux?

[kcotham]

I agree shootfirst, just download Linux, Solaris, or BSD and be done with it.

[bananaphonerules]

@kcotham

So you're saying its not possible to create a Linux distribution with malicious content?
The reality was if there was a demand and consumers used it: a malicious version would exist.

Unfortunately Linux is fragmented currently (too many distrubtions) and too confusing for mum and dad consumers.

[kcotham]

@bananaphonerules

No, that's not what I was saying. I was basically saying that Linux, Solaris, and BSD are viable alternatives to Windows and negate the necessity of buying a Macintosh. I agree that they are not nearly as easy to install as Windows or Mac OS X, but how many moms and dads will do that anyway. Most would pay someone to work on a Windows machine with problems, so why not just pay someone to install Linux or one of the other alternatives instead? Or when buying a new computer, buy one with Linux or Solaris or BSD pre-installed. Either way, you would be done with Windows.

[gggg sssss]

@ kcotham

well no. None of those things run Word for instance, or Photoshop, or World of Warcraft. A bit pointless then dont you think? Unless all you are doing is surfing pron.

[kcotham]

@gggg sssss

Since is Word the only reason to use a computer? There are other word processors out there, some arguably easier to use and just as capable. And who owns a $699 copy of Photoshop? Really, the average computer owner doesn't. There are open source, free pieces of software and commercial software out there that is just as capable as anything from Adobe or Microsoft. I cite, as an example, Open Office and Abiword as alternatives to Microsoft Office and Word. And I cite GIMP as an alternative to Photoshop. These are just a couple of examples. There are many, many others.

[santuccie]

@kcotham:

Open Office is indeed an "alternative" to MS Office, but not as capable.

That said, a lot of people choose Windows over the alternatives because they want to know they have growing room. As you learn to do more with your computer, your needs grow. I suppose there COULD be a Linux equivalent to NCH Debut, but I'm not aware of one. And also, I run a lot of apps off a flashdrive. No Linux distro can handle that kind of strain on USB (don't know for sure, but I'm told that the Mac can't either). And then there's the problem of getting a distro to boot on my AMD64 laptop, get online with my Broadcom wireless chip, and utilize the flatbed scanner on my PSC unit (not just the printer).

No Linux distro is even close to being a full replacement for Windows, which is why a lot of Linux users dual-boot Windows. Macs can do just about anything Windows can do, but I actually find Windows to be more stable in the hands of a savvy user. It's also cheaper.

[kcotham]

@santuccie

Most people don't "choose Windows", they have it thrust upon them.

The majority of people will only use a minority of Microsoft Office's features a minority of the time. Those features are fully covered by just about every word processing and desktop publishing program out there.

Why would you regularly use a flash drive to run programs? Are you administering a lot of different machines, one at a time? Are you using other people's computers and carrying your apps with you? Regardless, I see no problem with doing that on Mac OS X, I have run programs straight from the USB drive before. And I see no problem with doing that from Linux either. In fact, you can (and I have) have Ubuntu 9 on a flash drive. Whenever I have to use a strange machine, I simply reboot the machine with my copy of Ubuntu in the USB port. When I'm done, I reboot the machine and take my OS and my files with me.

You say you can't get a "distro" to boot on your AMD64 computer? Try Ubuntu/Kubuntu/Xubuntu 9.04. I'd be willing to bet that your Broadcom Wifi will work. You might have to use the Updater, but it's completely automated. With Ubuntu 9 on my computer, I use the features of my Epson all in one all the time. No problem. LInux has a few rough edges, but it is just as capable as Windows, if not more so. Hell, Windows can't even read HFS disks without a commercial product. And WIndows is nowhere near as stable as Linux or Mac OS X, no matter who the user is, and that's a fact. Cheaper? How is Windows, a commercial product cheaper than Linux? Linux, Solaris, OpenSolaris, BSD, etc., are all FREE. It doesn't get any cheaper than that.

[pentest]

"So you're saying its not possible to create a Linux distribution with malicious content?
The reality was if there was a demand and consumers used it: a malicious version would exist.

Unfortunately Linux is fragmented currently (too many distrubtions) and too confusing for mum and dad consumers."

Linux is infinitely easier to install and use than Windows is.

There are not too many distributions, there is some overlap but each fills a niche. You are just accustomed to MS telling you what you need.

[baconstang]

Where's Mr. Dee and Angmarr on this?

[kcotham]

They aren't out of school yet ;-)

[Dalkorian]

LOL!

Really! This is one article where they could get away with defending winblows (it's not an OS flaw, it a hacked distro!), yet they're nowhere to be found.

[Angmarr]

awwww did you guys miss me <tear> I feel the love <fells warm and fuzzy>
My kindergarten teacher couldn't finish class on time because her Mac was one of those botnet macs reported earlier = ) jkk

What do you guys want me to say, so they pirated it and got ... zombiefied. Never said Windows was the greatest thing in the world you know. In fact I've said multiple times that I would prefer an alternative ... just that Apple is far from that alternative.

Still <3 that you guys care = P

[globalist_agenda]

This is a national security risk. These botnets can be used to attack U.S. sites. Homeland Security should seize and destroy these infected computers. We need a Whitehouse Botnet Czar.

[Dalkorian]

Same thing could be said for any computer that's a part of a botnet, though seize and destroy seems a little over the top to me. Just bar them from the internet until the owner can prove the infection is gone - cutting them off from the world should castrate them pretty effectively.

[santuccie]

Not a bad idea.

I am very much disappointed with the ignoring of Ubuntu OS. When myWxp had bcomd corrupted I tried to run the restore disk which failed.Rather being forced to buy a new disk I installed Ubunt8.10. I found that I did have to wait on patches at Ms convenience . Patches and or upgrades were available within hours.An upgrade was available when released.I now ry Ubuntu 9.110 without hvaing to pay a tribute to Ms. Yes I did lose the ability to run some MS programs that did not respond to the MS simulator;but this also happened when upgrading to a new window os. personally I prefer Ubuntu over MS and I assure you that I am not a programmer nor connected with Ubuntu except asd an user.

[Seaspray0]

Glad you liked it, but this story had nothing to do with ubuntu, so it wasn't being ignored... And it's a pretty lame excuse to use so you can plug ubuntu.

[goodspeed8701]

Ubuntu {linux} is useless. i use the Os and i found out its not even better than my HTC diamond. stupid op system.

[kcotham]

Well, there IS a complete lack of stories on CNET about Ubuntu (or any other LInux). It'd be nice to see some reviews and informational pieces done on Linux, Solaris, BSD, etc.

[gggg sssss]

like the twits touting LInux and solaris, Ubuntu is useless as an operating system in the real world. Nothing useful runs on it. Even windows media player kiddie pron wont run on it so what is the point?

[kcotham]

There are thousands of very useful software packages, both free and commercial that run on Linux and *NIX, all of which are quite useful.
[CNET editor's note: Personal attack deleted.]

[pentest]

"Nothing useful runs on it. Even windows media player kiddie pron wont run on it so what is the point?"

What a stupid comment!

From small embedded devices to supercomputers Linux owns the market share for many useful things. On the desktop, I watch movies, write technical documents, play windows games, write lots of code, polish presentations, so some graphical editing, and much more.

Do you have an Nvidia card? If so, you are probably running Linux as many of their cards run an internal custom Linux.

WMP files runs just fine in Linux.

[jake3373]

I use Ubuntu also sometimes off my flashdrive (not Live version - actually saves files and OS on flash drive), way faster than Windows and you can carry around an entire OS in your pocket. Sometimes, I have to use windows for certain programs, etc.

[ballmerisanape]

Troll Alert ;)

So windows 7 will allow the malicious program to download and install programs without user knowledge or interaction? Interesting.

I guess Windows can't even use "security through obscurity"... no matter what you do.. swiss cheese is swiss cheese.

[rapier1]

The malicious program doesn't have to be downloaded as its already in these pirated copies of Win 7. The assumption is that these corrupted copies are pre-configured and modified to either ignore or hide the actions of the malware package. Once you are on the inside its very difficult for *any* OS to automatically recognize anomalous behaviour. It's as true of linux as it is of Windows or OS X.

[ballmerisanape]

I warned you about the post being for trolling purposes only. I'm just playing my role ;)

[Vegaman_Dan]

The Apple Macintosh botnet was created by people downloading compromised versiosn of Apple software in bittorrents.

Your comemnts would need to be applied to Apple as well if you want to be taken seriously.

[Seaspray0]

@balmerisanape. "I warned you about the post being for trolling purposes only. I'm just playing my role ;)"

And I'm sure almost everyone will agree on what a magnificent troll you are!

[Vepar_S]

I agree with you all, in some aspect. If you can't afford a MS OS use linux. Pirated software is dangerous and if you use them then pay what you owe, they should be lucky that they are not jailed for it. It is free so using a pirated copy is lazy and dumb. as for this bot, is there any other Anti-virus software that detects it? besides trend-micro?

Death to Warez!! LOL

[enidesigns]

Things like this are an embarrassment to any PC user with even a slight amount of common sense. The RC was FREE - and the number of keys are unlimited (per Microsoft)!

There's NO reason these people couldn't wait the little extra time by downloading via Microsoft's provided servers.

[lennie22]

this is one avenue viruses spread because of stupid users. because of their stupidity the rest of us has to suffer.

[nutzareus]

This won't be an issue on March 1, 2010 when it begins to shut itself down. On June 1, 2010 the RC will expire. So at least this botnet has a definitive expiration date.

[enidesigns]

Unfortunately, this may not be the case. I haven't researched this so called "prated" version, but it could be possible that the expiration code was hacked.

On the other hand, these users could be SOL when it comes to any sort of WindowsUpdate stuff - which in my opinion, would be kind of stupid to miss out on.

In the end, the smart ones will purchase a legit version of the OS. Some will revert back to whatever they were running and others well, will more than likely find a hacked version of the retail once available.

[gggg sssss]

Click here to see the many advantages of Windows Genuine Advantage

[Seaspray0]

@gggg ssss. Very witty! LOL

[queticomn]

@ kcotham totally agree, Cnet/CBS is totally bias. My knew preferred source for technology news is softpedia. an yep I'm trolling. kthnx.

[queticomn]

As for windows being secure, what a joke, i give some of the latest headlines from c-net news.

Hackers broke into the University of California at Berkeley's health services center computer and potentially stole the personal information of more than 160,000 students, alumni, and others, the university announced Friday.

A pirated version of Windows 7 Release Candidate infected with a Trojan horse has created a botnet with tens of thousands of bots under its control, according to researchers at security firm Damballa.

Need i say more?

[lennie22]

well for one, this sort of thing can happen to anyone, same happend to Mac users who torrented the iLife suite, same can happen Linux users, same happens to windows users. so please take an axe to your superiority complex.

[derilium]

Why oh why would somebody torrent something illegally when its not official, and it's free online!

I understand why people torrent Ubuntu -- The official build is faster and less stressful on the servers.. but why an unofficial version of Win7?

- Written from Windows 7 :-)

[queticomn]

@lennie22 roflmf@o

I'm trying to remember the last hole Linux had.... Or for that matter, Bsd, or Solaris...

[richto]

@lennie22 roflmf@o You might want to note that the worst internet worm attack ever, that took out much of the Internet for days was UNIX based.

And that it is a fact that current Linux versions have far more security holes and vulnerabilities than current Windows versions and on average Linux takes far longer to get a patch released for...

[hladikraft]

WINDOWS 7, WINDOWS VISTA, WINDOWS XP; JUST A NEW P.O.S. OPERATING SYSTEM TO **** UP AND **** OFF SEVERAL HUNDRED, IF NOT THOUSANDS OF PEOPLE. TO DATE THERE HAVE ONLY BEEN TWO "PERFECT" OPERATING SYSTEMS OUT THERE; MICTOSOFT XP, PC USERS, AND OSX 10.3 PANTHER, MAC'S OS. I HAVE BOTH OS AND THEY BOTH RULE. BUT NOW I HAVE A VISTA PC. WHAT A PIECE OF ****. MY OLDER IMAC 8.6 BOOTS UP FASTER AND WITH NO PROBLEMS. IF ANYTHING MICROSOFT SHOULD REFUND EVERYONE WHO PURCHASED A VISTA PC ( BECAUSE THERE WAS NOTHING ELSE OUT THERE) AND DOWNGRADE BACK TO XP. OR CREATE A DISC THAT GIVES YOU THE OPTION TO DOWNGRADE BACK. LETS FACE IT; EVERYONE IN THE WORLD "HATES" VISTA. ITS TOO SLOW, TAKES FOREVER TO BOOT UP, SHUTS DOWN WHEN IT FEELS LIKE IT, LOCKS UP FOR NO REASON, XP NEVER HAD THESE PROBLEMS. DOWNDRADE BACK TO XP FOR A MORE SIMPLE LIFE......

[jake3373]

Don't use all caps. It is annoying, rude, and makes it harder to read what your writing.

In fact, I haven't even read your comment yet :)

[jake3373]

Don't use all caps. It is annoying, rude, and makes it harder to read what your writing.

In fact, I haven't even read your comment yet :)

[jake3373]

OK, I just read your comment, and although I am anti-vista, i completely disagree. Mostly.
Most people had the option to but a computer with XP if they really wanted

[Icedshot]

erm, i dont know where you got your information from, but vista doesnt take forever to boot, its never ever rebooted without telling me, if it locks up, its because you are running too much crap on it, and xp had lots of problems. the only major problem with vista is that its slow, and windows 7 is much better. vista may not be good, and xp may be much better, but its not complete crap.

[Seaspray0]

@jake3373. I can't beleive you read his comment. I didn't.

[Lumiseon]

If someone is actually going to download a NEW Microsoft OS product from a site that ISN'T Microsoft...well...then they deserve to get viruses/whatever.