Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Concerning Cracked Files in Illegally Distributed Software


  • Please log in to reply
8 replies to this topic

#1 cryoganix

cryoganix

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:08 PM

Posted 14 January 2014 - 03:24 AM

This is kind of an odd question, but it's definitely a question that I'm sure someone here would be able to answer.

 

As a self-employed PC repair technician, I've seen a lot of computers come across my workbench, some of which have [obviously] cracked commercial software. The main method in which I find out about these, however, is by running anti-malware scans that pick up certain files which appear to be Trojans—files that are contained within the program's installation directory.

 

While I understand that some of the files must be modified for most commercial software to be cracked and used without payment, I am unsure as to why anti-malware programs would pick them up as malware instead of a regular file. In a short phrasing, my question is this: How or Why does an anti-malware program determine that a file used in cracking software may be harmful?

 

 

PS: I know that owning cracked software is illegal, but since my clients only tell me to fix their computers, my main goal is remove anything from their computers that impedes their computer's, operating system's, or programs' expected uses, so I don't mention anything about the programs or the legality of their actions. Out of curiosity, by not informing them of their illegal actions, am I myself committing an illegal offense, or would their installed programs be none of my concern?



BC AdBot (Login to Remove)

 


#2 HashX

HashX

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:11:08 PM

Posted 14 January 2014 - 05:12 AM

As to your first question, my best guess would be that pretty much most of all cracked software has some sort of malware hidden inside of it anyways. People pirate software and make illegal copies as a way of easily spreading malware, since the creators know that people will take the bait (the illegal software)


I don't always use Internet Explorer, but when I do, it's to download a different browser.

 


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:08 PM

Posted 14 January 2014 - 10:17 AM

The BleepingComputer Forum/Message Boards Rules, especially this part, will tell you how we feel about this subject:

* No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences.


However, our assistance with malware removal policy in regards to users with cracked or pirated software is to clean them up and send them on their way. We do this to stem the tide of infections and clean up a machine that could potentially further compromise other machines. When someone uses an insecure or infected computer, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, spammers have more platforms from which to send e-mail and more machines become compromised.

So while by policy we do not condone the use of cracks, keygens, pirated software, etc we do not automatically refuse to assist a member who asks for help with malware removal. Thus it is a case by case basis and we leave it to the discretion of our trained MRT Expert Helpers whether to continue or not as some folks do not feel comfortable helping those who use cracks, keygens and pirated software.

I normally provide a stern warning about the use of such tools/software and advise that using them is most likely how they got themselves infected. I also add that if they disregard my warning and become reinfected again, we may not assist me the next time.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Kilroy

Kilroy

  • BC Advisor
  • 3,413 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:05:08 PM

Posted 14 January 2014 - 03:29 PM

Pretty much as HashX said, while you may be getting the software for free with the crack you are also getting a dose of malware to go with it.  So that free copy of (insert program name here) is costing you by compromising all of the passwords you enter on that machine and allowing your machine to be used to do things that you might not be aware of, like BitCoin mining, DDOS attacks, infecting other machines.

 

While your customers are paying you to clean their machines you may mention that their issues may be caused by the installing of their free software.  Feel free to include the downloading of movies and music as other possible causes.  Finishing off with a statement similar to quietman7 you might say that continuing to perform these actions increases the chances that they will be back and an additional fee will be charged.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:08 PM

Posted 14 January 2014 - 03:58 PM

cryoganix...have your client victims read this:

The practice of using keygens, hacking tools, cracking tools, warez, torrents or any pirated software is not only considered illegal activity but it is a serious security risk which can turn a computer into a virus honeypot or zombie.

 

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

TrendMicro Warning

 

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

 

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

 

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

 

...a staggering 59% of the key generators and crack tools downloaded from P2P networks represent a security liability since they contain malicious and unwanted code. "25% of the Web sites we accessed offering counterfeit product keys, pirated software, key generators or crack tools attempted to install either malicious software or potentially unwanted software. A significant number of these Web sites attempted to install malicious or unwanted code...In addition to the peer-to-peer networks, 11% of the key generators and crack tools downloaded from Web sites were also plagued by malicious and unwanted software.

Microsoft Reveals the Risks of Using Pirated XP and Office
Whatever You Do, Do Not Download Windows 7 Via Torrent Sites
 

 

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

I strongly recommend that you remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so they need to be removed.

Using these types of programs or the websites visited to get them is very likely how your computer got infected!!


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 cryoganix

cryoganix
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:08 PM

Posted 15 January 2014 - 03:24 AM

Ah, gotcha. So next time, regardless of the context that the file's being used, if a file shows up as malware in any anti-malware scanner, would I just go ahead and remove it? Also, as for the warning to show them, should I also put websites to visit for more reading on the matter, or would the aforementioned information be sufficient?



#7 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:05:08 PM

Posted 15 January 2014 - 10:52 AM

Send them to websites. By the time they get home they may have forgotten some of what you said. It's more likely to stick with them if they see it with their own eyes. Plus, what is written would be more in depth than what you tell them.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:08 PM

Posted 15 January 2014 - 10:52 AM

I would just warn them that if they are using cracks and pirated software, they may be detected and removed as malware by anti-virus while you are cleaning their computer. I would further advise the client they should remove such software themselves prior to giving the machine to you for cleaning.

You could print out the info to give them but make sure you include active links so folks can read the material in full.

You could also send them an email with the warning and links which would probably be better as today's user prefer reading email rather than a piece of paper which could easily be lost.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:10:08 AM

Posted 15 January 2014 - 07:20 PM

Ah, gotcha. So next time, regardless of the context that the file's being used, if a file shows up as malware in any anti-malware scanner, would I just go ahead and remove it? Also, as for the warning to show them, should I also put websites to visit for more reading on the matter, or would the aforementioned information be sufficient?

I suggest to put a folder on their desktop (with your business name) and place the antivirus scan report/logs in there, and a PDF, or DOC, file summarising the websites (with reference links) as posted http://www.bleepingcomputer.com/forums/t/520787/concerning-cracked-files-in-illegally-distributed-software/#entry3259816

This gives your client the option to either uninstall themselves, or return their PC to you?
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users