While viruses and malware can be added to any file online, it is rare for malicious content to planted by those in the so-called warez scene. Nevertheless, it has now been revealed that since February 2013 one particular group has been dropping a little something extra into its cracked software releases. Anyone who has installed the group’s software patches may well have had their username, hard drive serial, computer name and IP address emailed out without their knowledge.
Over the weekend a notice spread around the warez scene which detailed how one individual became alarmed by unusual firewall activity after he had installed, ironically, a MeGaHeRTZ release of Malwarebytes Anti-Malware Pro.
The problem reportedly came from patch that MeGaHeRTZ supplied with the release which attempted to send out traffic on port 25, a port commonly used to send email. The same individual who found the strange activity then ran the patch through a debugger and to his alarm found that it was harvesting information from the host machine.
The data being gathered from infected machines includes the username, computer name/drive serial obtained from the Windows API, and the host machine’s IP address. This information is then packaged up and sent off to any of three predetermined email addresses, all of which have account names containing some variation of the MeGaHeRTZ group name.
Further tests were carried out on several other MeGaHeRTZ releases and they were all found to carry similar mechanisms for pulling data from host machines and funneling it back to the release group.
The scene reacts – all MeGaHeRTZ releases get nuked
Quite what MeGaHeRTZ intend to do with the data is unclear but it appears that as an active release group they are now finished, at least under their current identity. On Saturday the warez scene took action to ‘nuke’ every MeGaHeRTZ release, which means they won’t be allowed to release anymore.
Revealing malware in scene releases is a very unusual occurrence and malicious content is usually added at a later stage by third parties. Still, the damage has now been done. MeGaHeRTZ releases are now all over the Internet and there is nothing that anyone can do to get them back. Avoidance is the only solution now.
Source : torrentfreak