English Deutsch Español Français Italiano Portuguese Čeština Ελληνικά 中文(简体) 中文 (繁體) Tiếng Việt 日本語 ภาษาไทย Русский Български Nederlands Polski Svenska Norsk Dansk Suomi

McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

Compatible with Windows 7

Works with Windows Vista

SPAMfighter is

Microsoft Gold Certified Partner

Hackers Using Trojan-laced Fake Windows 7 OS to Build a Botnet

Researchers at Damballa, an online security company, warn that a counterfeit edition of the latest 'Windows 7 operating system RC (release candidate)' that has been making the rounds in the wild for long time is now building a botnet.

The fake OS that contains a Trojan controlled around 27,000 bot-infected PCs as of May 10, 2009. On this date, researchers acquired control over the C&C (command-and-control) server, which used to give instructions to the bots.

Tripp Cox, Vice-President of Engineering, Damballa, states that when the assembling of the botnet reached its peak, the bot-herder happened to be recruiting over 200 systems every hour, as reported by DarkReading on May 12, 2009. Users whose systems were compromised at first downloaded the counterfeit OS through frequently visited bootlegged software websites as well as online forums, Cox said.

Besides, the Trojan embedded in the counterfeit OS is designed to download additional malware on the compromised systems under a "pay-per-install" arrangement. The ring of people behind the software piracy earns revenue from online criminal gangs who hire them for effectively planting the extra malicious programs, said the security company.

Cox says that initially, the counterfeit software acts as a social lure and then comes the stage of downloading additional malware.

He further said, the company is still observing new installs of 1,600 malicious programs occurring daily and on a wide geographic distribution. However, since the company's takedown, the bot-herder has not been able to access any fresh installs of the counterfeit Windows 7 RC, but the previous installs remained accessible. The countries, according to Cox, which have the highest rate of installs, include the US (10%), Italy (7%) and the Netherlands (7%).

Meanwhile, Damballa claims that anti-malware based on traditional signatures will not be able to detect the Trojan tucked inside the Microsoft Windows 7 counterfeit edition; therefore, users need to adopt more advanced security software.

In a similar instance of botnet-building with counterfeit software, Damballa experts said, in 2008, bot-herders tried to assemble a Mac botnet with PCs that contained pirated editions of iWork'09 plus the Adobe Photoshop CS4 of Mac.

» SPAMfighter News - 22-05-2009

Bookmark and Share
Twitter Facebook RSS

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail and Thunderbird

Optimize Slow PC

Optimize your Slow PC for better performance. Try FREE scan now

Exchange spam filter

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial

 

Spyware remover

Remove Spyware with SPYWAREfighter - Free 30 days trial


anti virus

Antivirus software for your Windows PC - Free 30 days trial

<<<>>>