Friday, January 30, 2009

Trojans for Pirates

Malware sucks.
... correction - malware sucks when the target it someone legitimate.

Hypothetically, if you were going to steal a car, whom would you steal it from? Someone legitimate that you know? Some stranger minding their own business? How about a criminal? That's the premise behind an interesting trend I've been tracking lately.

After doing some research into malware trends and the source of the really nasty stuff that's next-t0-impossible to detect I've come to the conclusion that the malware authors much prefer pirates over legitimate users. Could it be that malware (adware | spyware | crapware) have developed a conscience? I seriously doubt it. I think I have a much more reasonable explanation: it makes sense to target someone who's already doing something illegal. Right? Who's a software pirate going to complain to? Can you imagine someone downloading a copy of PhotoShop (ISO+crack) and getting a little more than they bargained for? I can just imagine that phone call to tech support...
[Technician] "So sir, what was the last thing you did before you noticed this abnormal activity on your computer?"
[User] "Well, I was downloading a cracked/pirated copy of [insert software title here] from LimeWire, then when I tried the crack my machine went crazy!"
[Technician] " ? "
Can you picture it? Is this not the ultimate target? What's also a little strange is that people who are doing illegal activity such as pirating software have a much diminished suspicion of what they're clicking on. They know that what they've just downloaded is illegal, so they figure [obviously wrongly] that the crack/serial-key generator is going to do nothing bad to their computer. Morons.

Over the past 12 months I've interviewed one of these such malware jockeys... and his take is that he can make much more money slipping adware into hacked binaries, because people who search for and download pirated software are just not as careful as everyone else. Weird. I've also downloaded [for research purposes only] a good representative sample of pirated content from music, movies and expensive software... and a huge percentage of it has had malware bundled. Some of that has been rather obvious, some of it was well-hidden.

The moral of the story is - don't download pirated software, obviously; but really... keep your guard up! Let the pirates turn on each other.

[I will be publishing more details on the research I'm conducting soon... it's taking a significant effort to map some of these P2P distribution networks... so if you're interested in helping me do some research I recommend you have a working throw-away VMWare image, some good binary analysis and machine-analysis tools, and a willingness to poke around - Let me know! I'd love some help.]

No comments: