Pirates beware: A nasty piece of malware is currently being disguised as a keygen crack for a PC game.
You may want to think twice before you pirate your next PC game, because it turns out that a cracked code being distributed actually contains a rootkit that could do some serious damage to your computer. Malware research group GFI Software, has just revealed that it’s discovered such a case, and the fake cracking software houses a pretty nasty program.
On the GFI Labs blog, the company explained that one of its researchers came across a YouTube account that contained a MediaFire link which – in turn – would supposedly provide users with a crack code for Pro Evolution Soccer 2012. However, it turns out this isn’t really the case:
Users visiting the page can readily download and extract the compressed file Pro Evolution Soccer 2012 Keygen. In it are three files: an HTML file, a text file, and another compressed file, which contains the key generator application. The text file doesn’t actually contain the password it claims to have. Instead, it contains a shortened URL users must visit to get the password from.
http://tinyurl(dot)com/64ad4m is actually http://lnkgt(dot)com/7RM, a survey page that users must answer before their password is given to them.
Unfortunately, after users fill in the survey, gets the password to be used to run the keygen, they inevitably end up installing malware on their systems. Not just any malware; it’s a rootkit: ZeroAccess, a sophisticated rootkit known for overwriting critical OS files.
According to GFI, most antivirus groups are aware of ZeroAccess and their software will likely be able detect it. Still, let’s be honest about something here, folks: Putting your computer at risk just so you can save a couple of bucks on a game is a dumb idea. If you really want to play Pro Evolution Soccer 2012, just buy it and keep your OS files safe.
Source: GFI Blog via GMA Network