BetaArchive Logo
Navigation Home Screenshots Image Uploader Server Info FTP Servers Wiki Forum RSS Feed Rules Please Donate
UP: 22d, 6h, 8m | CPU: 13% | MEM: 5497MB of 12227MB used
{The community for beta collectors}

Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 10 posts ] 
Author Message
 PostPost subject: Windows 7 - Botnet Edition        Posted: Sun May 17, 2009 5:35 pm 
Staff
User avatar
Offline

Joined
Sun Apr 12, 2009 11:22 pm

Posts
703

Location
/dev/urandom

Favourite OS
W7x64, OSX
I wanted to warn BA about this. If you haven't downloaded Win7 from the BA FTP, then you should un-install immediately.

I'm very sorry that I could not link to the story, I only have a picture of the article. (Taken from /g/. Sorry.)

Image

If anyone finds the link, I'll edit it into this post.

Edit: Thanks to Igor for the link. http://www.darkreading.com/security/client/showArticle.jhtml?articleID=217400548

Edit2: Taken from theportalguy's post about this topic before it was locked...
theportalguy wrote:
A file being hosted in popular torrent sites posing as a copy of the Windows 7 RC was found to be a Trojan by security researchers. The file which arrives with the file name setup.exe is detected as TROJ_DROPPER.SPX. TROJ_DROPPER.SPX drops TROJ_AGENT.NICE. Both files are detected by the Smart Protection Network.

Windows 7 Release Candidate was leaked a couple of weeks prior to the official release, and was also hosted by and downloaded from popular torrent sites. This was followed by a reported downtime in the download page for the Windows 7 Beta, which was attributed to too many download requests.

With Windows 7 showing much promise as early as now, it isn’t really surprising that cybercriminals are using the operating system to distribute malware not necessarily as a platform, but as a social engineering technique.

Those interested in obtaining a copy of the release candidate are advised to get it from the Microsoft Windows 7 website.

To re-iterate, the BetaArchive copies of Win7 are all entirely safe.

_________________
Web developer, part-time moderator, full-time CSS wizard.


Last edited by Alpha-Critik on Tue May 26, 2009 3:42 pm, edited 2 times in total.

Top  Profile
 PostPost subject: Re: Windows 7 - Botnet Edition        Posted: Sun May 17, 2009 5:59 pm 
FTP Access
Offline

Joined
Fri Nov 14, 2008 3:16 pm

Posts
41

Location
Niš, Serbia

Favourite OS
Windows 7 x86 Ultimate
Little of Googling...

http://www.darkreading.com/security/cli ... =217400548

It is not the same page, but the text is same.


Top  Profile  WWW
 PostPost subject: Re: Windows 7 - Botnet Edition        Posted: Sun May 17, 2009 6:25 pm 
Donator
User avatar
Offline

Joined
Thu Oct 30, 2008 3:07 am

Posts
1252

Location
Los Angeles, California

Favourite OS
Windows 7 x64
I have heard this before. Make sure the setup.exe in the dvd has a digital signature on it. From what I've heard, you can open the fake setup.exe with 7-zip and there's a real setup.exe inside.

_________________
Never leave home without PeerBlock, or you might not return at all.


Top  Profile
 PostPost subject: Re: Windows 7 - Botnet Edition        Posted: Sun May 17, 2009 6:44 pm 
FTP Access
Offline

Joined
Mon Jan 28, 2008 4:53 am

Posts
428
So, the one from the FTP server here is fine and safe? That's the one I'm using right now on my laptop.


Top  Profile
 PostPost subject: Re: Windows 7 - Botnet Edition        Posted: Sun May 17, 2009 7:55 pm 
Donator
Offline

Joined
Sat Oct 04, 2008 5:43 pm

Posts
1237

Location
Milky Way Galaxy

Favourite OS
Windows Server 2012 Dtc
The one on the FTP is safe. It matches with the one on TechNet.

_________________
See my profile for my website link.


Top  Profile  WWW
 PostPost subject: Re: Windows 7 - Botnet Edition        Posted: Sun May 17, 2009 9:17 pm 
Staff
User avatar
Offline

Joined
Sun Apr 12, 2009 11:22 pm

Posts
703

Location
/dev/urandom

Favourite OS
W7x64, OSX
motherboardlove wrote:
The one on the FTP is safe. It matches with the one on TechNet.


Confirmed. Technet SHA-1's and CRC's follow.

The SHA-1 for the (x86) candidate is 7D1F486CA569EFFFFB719CFB48355BB7BF499712. The CRC is E8A1C394.

The SHA-1 for the (x64) candidate is FC867FE1AB2E0A9796F9E4D155B44EA6998F4874. The CRC is 58FB2BE0.

If you can't get a copy from anywhere else, for some obscure reason, see Day2Die's post.

_________________
Web developer, part-time moderator, full-time CSS wizard.


Top  Profile
 PostPost subject: Re: Windows 7 - Botnet Edition        Posted: Sun May 17, 2009 10:16 pm 
FTP Access
Offline

Joined
Mon Jan 28, 2008 4:53 am

Posts
428
Thank you. :D


Top  Profile
 PostPost subject: Re: Windows 7 - Botnet Edition        Posted: Sun May 17, 2009 10:27 pm 
Donator
Offline

Joined
Sat Feb 24, 2007 4:14 pm

Posts
6612

Location
United Kingdom

Favourite OS
Server 2012 R2
A fake like this would not have got onto any of the main servers of BA. Even my level of testing would have caught this virused copy, I do check Digital signatures for authenticity on everything I download (among other things) and mrpijey does a huge amount of testing on builds before they reach the BA server.

_________________
BuildFeed - the ultimate collaborative NT build list - Windows Longhorn - a look at a defining Microsoft project


Top  Profile  WWW
 PostPost subject: Re: Windows 7 - Botnet Edition        Posted: Mon May 18, 2009 7:47 am 
Administrator
User avatar
Offline

Joined
Tue Feb 12, 2008 5:28 pm

Posts
7355
Yeah, naturally we do check each ISO before it's packed up and sent to BA. It's quite easy to detect a modified ISO, best way of course by checking the digital signature as Hounsell says. But since these "modders" are usually quite incompetent they most often also trash the ISO header, or they mess up some file. Most of the warez groups also inject their own trash into the ISO (such as cracks, nfo etc) which is easily detected.

And I always cross-check the MD5 with the one on technet, and if it mismatches I trash the ISO until the "next" leak comes out. So don't worry, the BA releases are safe :).

Usually only those grabbing their stuff from The Pirate Bay or something will get these infected versions. And even if your main source is TPB (get a new source!) reading the comments is always useful before downloading.

_________________
Image
Official guidelines: The Definitive Guide to BetaArchive :: Abandonware
Tools: Alcohol120% (Portable)
Listings: BetaArchive Database (beta)
Channels: Discord :: Twitter


Top  Profile  WWW
 PostPost subject: Re: Windows 7 - Botnet Edition        Posted: Tue May 19, 2009 10:06 am 
FTP Access
User avatar
Offline

Joined
Wed Jun 11, 2008 3:45 am

Posts
628

Location
UK
PPI is adware/spyware, has nothing to do with botnets, and is easliy cleaned. I think a lot of these stories are spread just to scare people into not downloading. I've seen a few of these stories floating around, and unlike real malware problems, these don't actually seem to inform the user of what to look for or mention any solution for cleaning. That said, PPI malware is rife on bittorrent and antivirus can be useless to detect it due to the way the malware is user generated, just don't always believe the hype. This is probably the same story that was circulating about the 7100 from The Pirate Bay a few weeks back.

_________________
Sign my pointless petition; http://www.ipetitions.com/petition/skeptic/


Top  Profile
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 10 posts ] 




Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

All views expressed in these forums are those of the author and do not necessarily represent the views of the BetaArchive site owner.

Powered by phpBB® Forum Software © phpBB Group

Copyright © 2006-2018

 

Sitemap | XML | RSS