SCF Advanced Search

  • Total Members: 14062
  • Latest: jagwire
  • Total Posts: 41442
  • Total Topics: 14945
  • Online Today: 614
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: TrojanDropper:Win32/Maener infects pirated Video games via torrent  (Read 2269 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum

Hundreds of video game pirates have generously, if inadvertently, donated their compute resources to virus writers by downloading Bitcoin miner-infected torrent listings.

Dozens of game torrent files identified by Microsoft threat researchers as malicious have been downloaded thousands of times and were continuing to be seeded (or uploaded) by attackers, victims or seedbox servers.
Donna Sibangan, of Redmond's Malware Protection Centre's, said the infected torrent listings (to which the .torrent files relate) were listed as 'repacks' - pirate vernacular for a torrent upload that corrected errors in a previous listing.

"These files can be easily acquired by anyone who downloads games from a torrent website," Sibangan said:

"The games are repacked to further lure gamers to download the compressed files for free."

Infected torrent listings included the deluxe edition of WatchDogs, Don't Starve, and the premium edition of King's Bounty: Dark Side, all released under the name 'Deception', and two versions of Tom Clancy's Ghost Recon: Future Soldier.

The torrents marked as 'good' or trusted on some torrent sites by anonymous community members affected mainly Russian users but were offered in English too.

Eight-four percent of victims picked up by Redmond were located in Poland while 2.9 percent were in the US.

The dropper detected as TrojanDropper:Win32/Maener.A was executed when the setup.exe installer was run and fetched the Bitcoin miner.

Infected pirates could cautiously search for the Bitcoin miner running under Windows processes named connost.exe, minerd.exe, svchost.exe or winhost.exe.

Downloading torrents or any third-party software from untrusted or insecure sources placed users at risk from either the inadvertent downloading of malware or by the introduction of vulnerabilities and newly-opened networking services.


Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising