Researchers at security firm Damballa said that an infected, torrented version of Windows 7 Release Candidate created a botnet spanning around 27,000 controlled bots. The firm said that the hidden Trojan infected thousands of users when the software first began to circulate BitTorrent sites on April 24, spreading at a rate of "several hundred" new bots per hour, maxing out (so far) with as many as 552 users per hour. However, Damballa managed to knock out the devious botnet's command and control server on May 10.
According to the firm, the clever little Trojan performed its magic immediately after users downloaded the Windows 7 RC. Once situated on the hard drive, it locally installed a bundle of malware. The Trojan was virtually immune to anti-virus tools because many solutions still do not support the new operating system, thus leaving end users wide open for infection. With that said, the computer was infected before the consumer could locate and install compatible tools. Unfortunately, the problem hasn't been solved on a permanent basis.
“We continue to see new installs happening at a rate of about 1,600 per day with broad geographic distribution,” said Tripp Cox, Damballa's vice president of engineering, in a statement. “Since our takedown, any new installs of this pirated distribution of Windows 7 RC are inaccessible by the botmaster. The old installs are accessible. The countries with the largest percentage of installs are the U.S. (10%), Netherlands (7%), and Italy (7%).”
The firm didn't specify as to what the botmaster plans to do with the current network, if anything at all. However, botnets are typically used to distribute spam email, phishing schemes, retrieve personal information via spyware, or carry out denial-of-service attacks. Conficker is probably one of the more popular botnet names as of late, with an estimated 10 million bots currently in its network, and a spam capacity of 10 billion per day. Another botnet attempted to build a kingdom earlier this year through pirated versions of Adobe Photoshop CS4 (Mac version) and iWork '09, although that attempt was eventually thwarted as well.
Ultimately, users interested in obtaining the Windows 7 Release Candidate need to steer clear of BitTorrent websites or other P2P distribution applications. Instead, consumers can obtain the OS safely by heading to Microsoft's website. The RC is free to download, and will stay active until early next year.