> >

Post New Thread  Reply
 
Thread Tools
Old 11-11-13, 05:38 AM   #1
\_(ツ)_/


Join Date: Jun 2010
Posts: 7,601
Default Piracy Release Group Has Been Spying on Downloaders For 9 Months

Quote:
While viruses and malware can be added to any file online, it is rare for malicious content to planted by those in the so-called warez scene. Nevertheless, it has now been revealed that since February 2013 one particular group has been dropping a little something extra into its cracked software releases. Anyone who has installed the group’s software patches may well have had their username, hard drive serial, computer name and IP address emailed out without their knowledge.


Massively continued:
http://torrentfreak.com/piracy-release-group-has-been-spying-on-downloaders-for-9-months-131111/
L1b3rta is offline  
Old 11-11-13, 05:55 AM   #2
Guru

Join Date: Apr 2012
Location: Eventyrland
Posts: 5,603
Thanks for the head up Lib. Other fake warez spying on downloaders are mail.ru and sputnik, I found this malware posted also here in applications, reported and deleted, of course.

Be careful to what you download, download only from trusted members, run an AV check before installing. Golden rules.

Last edited by Shawn_7; 11-11-13 at 07:03 AM.
Shawn_7 is offline   Reply With Quote
Old 11-11-13, 06:21 AM   #3
Deditus libris


Join Date: May 2010
Posts: 3,580
What I find alarming are the number of downloads available here with the name MeGaHeRTZ attached to the titles. Do a search.

Thanks L1b3rta for the info.
rainbowspinner is offline   Reply With Quote
Old 11-11-13, 07:07 AM   #4
Apprentice

Join Date: Jun 2008
Posts: 347
Sucks for those who've been affected. I just ran a search through my current and back-up HDDs to see if I had any MHZ releases... fortunately, nothing found. Good luck to others!
fintime is offline   Reply With Quote
Old 11-11-13, 07:13 AM   #5
Guru

Join Date: Apr 2012
Location: Eventyrland
Posts: 5,603
LOL ... even malwarebytes

PHP Code:
http://tehparadox.com/forum/f51/flashfxp-v4-3-1-1961-a-5479899/
http://tehparadox.com/forum/f51/vso-convertxtodvd-v5-0-0-a-5585352/
http://tehparadox.com/forum/f51/idm-ultrafinder-v13-10-26-a-5592808/
http://tehparadox.com/forum/f51/anvsoft-any-video-converter-ultimate-5172977/
http://tehparadox.com/forum/f51/easypano-panoweaver-professional-8-60-a-5630366/
http://tehparadox.com/forum/f51/vso-video-converter-v1-0-a-5585355/
http://tehparadox.com/forum/f51/vso-convertxtodvd-v5-0-0-a-5604166/
http://tehparadox.com/forum/f51/[ul%7Crg]-vso-convertxtodvd-v5-0-a-5814286/
http://tehparadox.com/forum/f51/malwarebytes-anti-malware-pro-v1-6019174/ 
DO NOT DOWNLOAD THEM
Shawn_7 is offline   Reply With Quote
Old 11-11-13, 07:55 AM   #6
Apprentice
Join Date: Oct 2012
Posts: 417
I always scan anything and everything I download even if it's adobe or java updates. Better safe than sorry. :)
peepers1 is offline   Reply With Quote
Old 11-11-13, 08:21 AM   #7
Australian

Join Date: Oct 2008
Location: behind the scope
Posts: 1,329
I'm glad I haven't DL'd an apps in a while, I am getting kind of sick of these groups doing this, mostly because it n00bs who get infected and then pass it on, kinda sucks.
HEVIHITR is offline   Reply With Quote
Old 11-11-13, 08:33 AM   #8
Elder
Join Date: Apr 2011
Location: In your internets, eating all your cookies!
Posts: 2,504
Quote: Originally Posted by peepers1 View Post
I always scan anything and everything I download even if it's adobe or java updates. Better safe than sorry. :)
Doesn't always help.

I downloaded, to test AV, one of those files above, Eset found nothing.

Virus Total found 7/47 -

Bkav W32.Clode04.Trojan.7955
Malwarebytes Trojan.CallHome.Mhz
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G
Norman Suspicious_Gen4.CQIML
Symantec WS.Reputation.1
ViRobot Backdoor.Win32.A.Hupigon.455168.H

Virus Total was only 3/23!
MikeHunt is offline   Reply With Quote
Old 11-11-13, 09:03 AM   #9
Elite

Join Date: Feb 2012
Posts: 1,690
moderator should delete the links, we are all here to share and do no harm....if the up loader intention was to infect computers he/she should get banned
tehhunter is online now   Reply With Quote
Old 11-11-13, 09:07 AM   #10
Expert

Join Date: Oct 2010
Posts: 532
Quote: Originally Posted by rainbowspinner View Post
What I find alarming are the number of downloads available here with the name MeGaHeRTZ attached to the titles. Do a search.

Thanks L1b3rta for the info.
I think this is the one time that MODS should ignore the affect the likes/thanks on these releases has on the uploader and

PERMANENTLY DELETE THEM
pokeystar75 is offline   Reply With Quote
Old 11-11-13, 11:30 AM   #11
Elder

Join Date: May 2009
Location: Eire
Posts: 4,199
The fact it's taken 9 months to bring this to light speaks very poorly to overall user security consciousness.
FirtY is online now   Reply With Quote
Old 11-11-13, 11:59 AM   #12
Guru

Join Date: Apr 2012
Location: Eventyrland
Posts: 5,603
Quote: Originally Posted by FirtY View Post
The fact it's taken 9 months to bring this to light speaks very poorly to overall user security consciousness.
This can be true in cases like demon tool and imgburn malware, in that case I agree. Users should consider very carefully what they install in their computers.

However, IMO this case is far more dangerous because it's absolutely normal to have an AV 'false positive' for a crack, it happens all the time. So I think many users, even the advanced ones have considered their AV warning as 'false positives'.

Obviously it was not so, and I wonder who are those behind MeGaHeRTZ. They have collected a large amount of data, that is sure.
Shawn_7 is offline   Reply With Quote
Old 11-11-13, 01:15 PM   #13
Deditus libris


Join Date: May 2010
Posts: 3,580
Is it possible that part of the issue with this taking so long to come to light is that it's not an issue that is usually checked for?

The article claims the problem was found by:
Quote:
The problem reportedly came from patch that MeGaHeRTZ supplied with the release which attempted to send out traffic on port 25, a port commonly used to send email.
In the normal course of events how does one go about checking to see if there is traffic on port 25? Where does one easily monitor ports and what would one be looking for? Do malware programs even know to look for something like this or is it only caught by manual checking?
rainbowspinner is offline   Reply With Quote
Old 11-11-13, 03:24 PM   #14
Expert
Join Date: Sep 2009
Posts: 617
Never heard/downloaded anything of this group before, thanks for the heads up L1b3rta.
kevin360v is offline   Reply With Quote
Reply


Thread Tools



All times are GMT -7. The time now is 02:54 PM.
SEO by vBSEO ©2011, Crawlability, Inc.