Warez is Even More Dangerous Than Pxxn

Tuesday, February 15, 2011

Brent Huston

E313765e3bec84b2852c1c758f7244b6

A couple of vendors have been talking about how prevalent malware is in online pxxn these days, but during our testing of HoneyPoint Wasp, we found pirated software (or “warez”) to be among the most concerning.

Pxxnography is still a dangerous segment for infection, but it seems that grabbing so called “cracks” and “keygens”, along with pirated programs from the web and peer to peer networks is even more dangerous.

/uploads/remoteimg/ed61199c8b334da428bb97d0b7a15adc.jpg

In our testing, it took us around 1/8 of the time to find infected warez that it took to find infected pxxnographic sites.

Our estimates are that less than 10% of the pxxnography files we tested (excluding “codecs”, obvious Trojan Horses) were infected, while nearly 90% of the cracking and keygen tools were, in fact, malware.

In many cases, the warez would appear to work, but contained a background dropper that would install one or more pieces of adware, spyware or other malicious software.

Even worse, in a clear majority of our testing cases, several of these malicious programs were missed by the consumer-grade anti-virus applications we had installed on the test bed.

We used the white listing capability of HoneyPoint Wasp as the control and indeed identified a large number of malicious programs that traditional AV missed.

The key point of this topic though, is that pirated software remains a significant threat to businesses without proper license controls. Particularly, small and mid-size businesses where piracy often runs rampant, present a very wide target for attackers.

Good policies against pirated software, user awareness and the use of license enforcement/asset inventory tools are useful controls in ramping up protection against this attack vector.

How has your organization fared against pirated software? What controls do you have in place to reduce both the legal liability and the malware threat that warez represents?

Cross-posted from State of Security

Possibly Related Articles:
11027
Viruses & Malware
Software malware Pirated Warez keygen
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.