A pirated version of the new Windows 7 operating system release candidate that has been circulating around the Internet is contain a Trojan downloader, and also building out a botnet. Up to May 10, when researchers took over the command and control (C&C) server that communicated with the bots and served them additional malware, it had around 27,000 bots. According to report of Damballa organization, the botmaster was recruiting more than 200 machines per hour at the height of the botnet buildup. The main goal of the Trojan tucked into the pirated OS is to add additional malware packages to the victims' machines because of cybercrime groups who pay to successfully install the malware ("pay-per-install" scheme). Windows 7 operating system has, indeed, become the newest lure - Trend Micro researchers have reported a Trojan downloader posing as a copy of the Windows 7 Release Candidate on popular torrent sites. The Trojan appears as a file called "setup.exe" (it is called "TROJ DROPPER.SPX" by Trend Micro) and downloads Trojan “TROJ AGENT.NICE”. Both of malware can be detected by Trend Micro's Smart Protection Network. Software piracy is on the rise, especially in the U.S. (losses of about $9.1 billion) where one-fifth of all PC software is pirated, according to Business Software Alliance and IDC report. Also, most of pirated Windows 7 OS are in the U.S. (about 10 percent), followed by Netherlands and Italy (both around 7 percent). Most traditional antivirus software is unable to detect the pirated Windows 7 Trojan because the OS itself is infected, and most antivirus solutions don't yet support Windows 7 platform. Since takedown of C&C software, any new installs (about 1,600 per day) of pirated distribution of Windows 7 RC operating system are inaccessible by the botmaster (the old installs are accessible). The valid Windows 7 Release Candidate operating system can be downloaded from Microsoft web site, and original new can be read at darkREADING web site.
