back to article Pirate Win 7 ruse used to build botnet

A Trojan buried within counterfeit copies of Windows 7 RC was used to build a botnet of compromised PCs. The tactic emerged after researchers from security firm Damballa shut down the command and control servers used to control the system, reckoned to have drafted thousands of Windows PCs into its compromised ranks. Damballa …


This topic is closed for new posts.
  1. Anonymous Coward

    Avira Works

    Avira Works on Win 7 if anyone wants free AV

  2. Jason Rivers


    I repeat.... HAHAHAHAHA...

    serves themselves right for A) using it in the first place, and B) copying the damn thing...

    all hail the penguin (or as I've just been reminded: Taz for now...)


  3. Anonymous Coward
    Anonymous Coward

    Torrents or ms's slow slow site

    can we find out which version of this are effected? It was impossible to get the rc off the web site and so I'm sure that many people with legit keys and interest have got it off torrents.

    And also a fix for those that are screwed.

  4. Anonymous Coward
    Anonymous Coward

    Comment on ‘Pirate Win 7 ruse used to build botnet’

    Thing is those who frequent torrent sites are more likely to download win7 from there. Always use an official source where possible kids!

  5. Lionel Baden

    would this be why

    so many people keep on complaining the RC is slow :D

  6. Rippy


    "Those keen to get their mitts on windows 7 RC would do far better to go directly to" -- a clinician trained in treating self-destructive mental disorders.

  7. Jon Brunson

    Microsoft Torrents

    I wish Microsoft would have an official torrent tracker, it took me eight hours to download Win 7 RC1 from the MSDN on launch day, only to find when it finished the CRC check failed. I was sooo happy. Not.

  8. Anonymous Coward
    Anonymous Coward


    I've pirated loads of M$ and not caught nowt. THIS IS BOLLOX SPREAD BY FEAR MONGERS.

    Who in their right mind is going to download this from piratebay/isohunt whatever when M$ are giving it away, you'd have to be incredibly cretinous not to know how to get this from M$ in a 2-3 hr download say as opposed to a 2-3 day download by torrent.



  9. EdwardP


    ...some pirate software downloaded illegally from BitTorrent has a virus in?

    I am astounded.

  10. Charles King

    Show a little sense and check what you download

    If you DL build 7100 through a torrent, check the md5 of the ISO against the widely-published hashes of the originals. Very easy to do.


    MD5: 8867C13330F56A93944BCD46DCD73590

    SHA1: 7D1F486CA569EFFFFB719CFB48355BB7BF499712


    MD5: 98341AF35655137966E382C4FEAA282D

    SHA1: FC867FE1AB2E0A9796F9E4D155B44EA6998F4874

  11. Graham Jordan


    I'll be one of them then.

    Well, not a torrent downloader but a pre M$ official downloader. Hmmmm. I tend to find if my download comes with an nfo file its clean. Looks like i'll be scanning the hell out of my laptop tonight. Dam. I planned to have sex tonight too. Woe is me.

  12. dave

    Windows IS a trojan

    Seems to me that if you got rid of Windows, all botnets would be gone too!

  13. Major N


    MS are giving it away, what possible reason would anyone have for using the non-official sources in the first place? I played with the beta a little bit and found it to be rather good. I got the RC and am awaiting an evening free to install and play. I'll end up sticking with XP however, since it works for everything I need, is stable, and won't cost me anything to keep.

  14. Dave Escobar


    wait.. wait.. I checked the ISO for viruses before I installed it!! hash what!? Do I get corned beef with that!??

    ROFL @ Fail / 0

  15. Anonymous Coward


    This was started. Before the launch date. Remember the IS got leaked?

    They had the infected files in the leaked ISO.

  16. Anonymous Coward
    Anonymous Coward

    Oh well

    Anyone pirating a beta version of Windows is a bit of a numpty to begin with.

  17. Teoh Han Hui


    @Major N: It was leaked even before the MSDN/Technet release. Many of the torrents were modified, but one could only tell by hash-checking after downloading.

  18. The Fuzzy Wotnot

    WTF?! Morons!

    I will never understand this! Company X gives it away for "trial" and yutz decides to pull it off a torrent server at half the speed the company will give it you him?!!?!

    I work with Oracle software and the number of times I see people putting Oracle software up on torrent sites for download with 3 seeders! "You know you can download almost all Oracle's stuff for nothing, direct from Oracle Corp? No, contrary to the torrent description, this is not cracked, as Oracle software is never copy-protected and yes the freebie from them is the full, unlimited version!"


  19. captain kangaroo


    As has been said already, anyone downloading a hooky copy when MS where freely ditributing it anyway it an idiot of the highest order.

  20. Kwac

    MS torrents

    Beats me why they don't torrent it, too.

    Downloaded Ubuntu 32 & 64-bit when released a few weeks back - took about 4 hours.

    With MS's market share it would likely be a lot quicker, this is exactly the situation Cohen designed it for.

    But then when people still think 'you download it from bittorrent' & recognise they're Windows users you've got an answer.

  21. JC

    @ WTF?! Morons! & LOL

    Connections to MS' server were sporadic and slow. Getting a torrent was maxing out the internet connection. Apparently you don't realize how well P2P works when you have a large swarm.

    @ LOL, I really didn't care what was hokey, who runs a beta for more than a glimpse at the OS anyway? If it installs and runs the network monitoring would've caught any bot-like activity and neutered it. For the few hours "trial" it was better to just get it quick, it's not like there was any substantial risk, no new MS OS would ever be granted access to stored data, the local network, or anything else of consequence regardless of whether it came from MS or 3rd party <cough>WHS</cough>. The situation is the same, the relevant issues are not present if someone is diligent in their awareness of what is going on with the system (or as another person smartly suggested, that's what checksums are for, to verify integrity).

  22. Moss Icely Spaceport

    Pirate Win 7 contains a nasty?

    How can they tell the difference?

  23. lennie

    I won'der.....

    well how ever it goes, up untill the RC1 I've been using the beta and pre-rc releases. don't think I was in this botnet, my network showed nothing out of the ordinary. thats not MS's fault for all the botnets. its users who think everything is peaches when they download it from shady sources.

  24. Dr Patrick J R Harkin

    @Jon Brunson

    My understanding is that an "official" Torrent would, by it's very nature, be corruptable. Black Hat hacks Torrent client, d/l's offical code, seeds infected code, and thereafter "official" Torrent clients spread infection.

  25. Anonymous Coward
    Anonymous Coward


    Yes I know P2P can work faster, but this notion that it is faster by default regardless, is wrong. If the limited seeders at the top get saturated by too many leechers, the speed slows down as all the leechers have almost all the parts. The torrent slows to a trickle as limited new parts fall from the seeders and are quickly digested by the leechers, so all leechers quickly reach the same point around the 60-70% mark, then crawl up to 100% very slowly as none have anything to give that the other leechers don't already have. A new release of anything worthwhile will show this immediately with only one seeder for thousands of leechers, the leachers keep up with seeder but can only download at 0.5 k/s, as they are waiting for the next part to come just one leecher.

    I started the Win7 download on a 8MB connection ( ADSL, UK, just ouside London ) at 9pm last Thursday eveningand it finished in about 70 mins! So I don't know what you lot are doing, downloading it at peak times mid afternoon or early evening?

  26. Rob Welsh

    Microsoft Windows 7...

    ...awesome! The O FUCK starts now!

  27. F Seiler

    @Dr Patrick J R Harkin

    torrents have checksums over individual chunks, so if anyone tried to poison all this did was uploading some bad chunks to leecher X, leecher X drops these chunks as bad and bans rat.

    All it does is reducing network efficiency but you can't inject bad data into a torrent you did not create yourself.

    Condition to this is of course you downloaded the win7RC.torrent file from MS (or other actual source of data in other cases) and not

    (disclaimer: i'm not a security expert, but seeing my client sometimes ban peers leads me believe this protection actually works)

This topic is closed for new posts.

Other stories you might like