Anti-piracy malware or Vigilante Malware was discovered during a study conducted by cybersecurity company Sophos. Once infected, exploitation prevents the user from visiting more than a thousand websites related to terrorism and robbery.
According to a security company, vigilante-style malware is not complicated and can be easily fixed to gain access to torrent and privacy related websites.
In their blog post on the subject, Sophos researchers noted that the most unusual malware comes from accepted ethical principles:
Instead of trying to steal passwords or compensate a computer owner, this malware prevents computers from infected users from being able to visit a large number of websites dedicated to software looting by converting the HOSTS file into an infected system.
According to Sophos, payload has been pouring into people’s machines through false downloads of looted versions of popular games, production tools, and security products.
Leading researcher at Sophos, Andrew Brandt, said the main purpose of malware was “clear bar”. It is designed to prevent “people from visiting software piracy websites (if temporary)”.
Anyone infected with “vigilante” malware can remove it using Sophos antivirus according to the company. Some popular antivirus programs should also be able to effectively detect, prevent, and remove exploitation because they can be detected using its “unique runtime pack, similar to that used by the unrelated malware family, Qbot,” Sophos said.
That means, anyone infected will also need to manually update the HOSTS file on their operating system to gain access to closed river and robbery enclosures.
The HOSTS file is the source of a functional program that makes maps of people-owned names containing URLs (www.bla.com, for example) into the number of numbers used to scroll and locate the host on an IP network.
If you are infected with anti-piracy malware, popular piracy website names such as Pirate Bay are modified within the HOSTS file to intentionally identify the IP address 127.0.0.1. As a result, the computer is restricted from accessing the actual IP addresses of criminal and torrent services.
Fortunately, undoing the negative effect of this malware is straightforward. Anyone infected can manually access their HOSTS file to restore it to its original state or to manually clean any entries set to point to 127.0.0.1. Sophos explains:
Users who have created one of these files unintentionally may clean their HOSTS file manually, using a copy of Notepad’s advanced (as administrator), and converting the file to c: \ Windows \ System32 \ Drivers \, etc \ hosts to delete all lines starting with ‘127.0.0.1 ‘and refers to various sites ThePirateBay (and others).
In addition, the virus has no means of persistence, so once you have updated the HOSTS file (as long as you do not reuse what is happening) you will no longer have problems. For more information on cleaning your HOSTS file or restoring it to its default state visit this Windows blog on this subject for more details.
Without further ado, we strongly recommend that you use an antivirus program to ensure that you do not become infected with this type of malware in the future and to ensure that you can recover it and remove it from your system if you are harassed.
Who is responsible for the malware?
It is not yet clear who is responsible for the malware. However, exploitation (described as “oddball” by its finder) raises eyebrows.
At the top, vigilante malware appears to have been distributed by a bully whose main purpose is to support copyright holders and content publishers for their fraudulent activity and for free distribution on Torrent websites. This is in stark contrast to the democratic cybercriminals – who often love crime.
This means that the criminal may be working for copyright owners who feel that they have been harmed by floods and looting. Specifically (because malware is particularly noticeable in the download of fake computer games) the criminal may be operating a computer game industry, perhaps a game studio attacked by hackers.
It is also noteworthy that during its research, Sophos received a .nfo text document within uploads; perhaps there is to make the archive appear more legitimate. BitTorrent files usually contain merged files including a.
The presence of these types of integrated files can help trick victims into downloading malware. However, upon examining the .nfo file associated with the malware, Sophos found that it was full of racist slogans. The company said:
Removing an archive with random files of random length can only be done to convert the hash value of the archive hash. Bringing it out with racist insults told me everything I needed to know about its creator.
As noted, the presence of discriminatory content within malware reveals that it was created by someone who is not at all interested.
Therefore, if this is disclosed and distributed by someone working for a particular game studio (or other copyright interest); Consumers may be more interested in knowing exactly which company or copyright holder – so they can boycott it for ethical reasons.
Lastly, you should know that while malware does not appear to be stealing any passwords or other information related to infected machines, it sends certain information to hackers.
The abuse was found sending information back to a criminal-controlled domain via a message containing the name of the software the victim had tried to hijack. This information may be helpful to copyright holders who want to identify criminals for the purpose of prosecution and salary, or even prosecution.
As we always recommend that visiting any piracy website for downloading any type of content is illegal. So we do not recommend to visit any torrent website for any purpose.