Hi malware fighters,
Reports are out of a new piece of malware embedded into pirated copies of Microsoft’s Windows 7 for the express purpose of building a botnet.
According to researchers at Damballa, the bootleg copies of the new operating system have been posted on torrent sites and was infecting downloaders at a rate of 552 users per hour.
WaPo’s Brian Krebs writes:
Damballa managed to grab control over the server that’s contacted by the pirated Windows 7 versions — codecs.systes.net — which is how it knows how many new, compromised installations are requesting the malware. As of Monday afternoon, the company had tracked 3,452 compromised systems hitting the site, with a peak of more than 550 new infections per hour on Sunday.
There is evidence that the pirated packages of Windows 7 were released on torrent sites on April 24 and was live for at least 16 days before Damballa killed the command-and-control. That puts estimates at about 27,000 installs
Last Sunday the number of infections rose to a total of 552 an hour. “New installations are being found all over the world, some 1600 per day”, according to Tripp Cox.
Blocking the malware is a problem because many av solutions do not support Windows 7 yet, so this OS has been infected already before av for it is being launched, a situation like counterfeit money comes to the market before the issue of the real currency,
polonus
