Samker's Computer Forum -

World TOP Headlines: => Latest Security News & Alerts => Topic started by: Samker on 28. September 2014., 13:23:11

Title: TrojanDropper:Win32/Maener infects pirated Video games via torrent
Post by: Samker on 28. September 2014., 13:23:11

Hundreds of video game pirates have generously, if inadvertently, donated their compute resources to virus writers by downloading Bitcoin miner-infected torrent listings.

Dozens of game torrent files identified by Microsoft threat researchers as malicious have been downloaded thousands of times and were continuing to be seeded (or uploaded) by attackers, victims or seedbox servers.
Donna Sibangan, of Redmond's Malware Protection Centre's, said the infected torrent listings (to which the .torrent files relate) were listed as 'repacks' - pirate vernacular for a torrent upload that corrected errors in a previous listing.

"These files can be easily acquired by anyone who downloads games from a torrent website," Sibangan said:

"The games are repacked to further lure gamers to download the compressed files for free."

Infected torrent listings included the deluxe edition of WatchDogs, Don't Starve, and the premium edition of King's Bounty: Dark Side, all released under the name 'Deception', and two versions of Tom Clancy's Ghost Recon: Future Soldier.

The torrents marked as 'good' or trusted on some torrent sites by anonymous community members affected mainly Russian users but were offered in English too.

Eight-four percent of victims picked up by Redmond were located in Poland while 2.9 percent were in the US.

The dropper detected as TrojanDropper:Win32/Maener.A was executed when the setup.exe installer was run and fetched the Bitcoin miner.

Infected pirates could cautiously search for the Bitcoin miner running under Windows processes named connost.exe, minerd.exe, svchost.exe or winhost.exe.

Downloading torrents or any third-party software from untrusted or insecure sources placed users at risk from either the inadvertent downloading of malware or by the introduction of vulnerabilities and newly-opened networking services.