LulzSec's Last Cache Included Malware - HotHardware
LulzSec's Last Cache Included Malware

LulzSec's Last Cache Included Malware

LulzSec's last set of "booty" contained malware, and although the now disbanded hacker group placed a warning about the Trojan Horse in their "press release," you had to read the fine print to be warned about it.

Way at the bottom their announcement the group posted the following information:
Note: In "AT&T internal data.rar", do not open "BootableUSB/Program Files/WinRar/WinRar v3.71.exe", as it is malware (due to AT&T using a pirated copy of WinRar).
First, why didn't they just remove that before posting it? Second, why would AT&T be using a pirated copy?

It's also interesting that they would have embedded WinRAR itself in the RAR file. To open it, you'd either need WinRAR or some other program that can open RAR files (like the open-source 7-zip).

The file is no longer available via The Pirate Bay BitTorrent site, as it was removed over the malware. It may reappear in scrubbed form. Still, those with sufficient security software should have been protected from infection.

On InfoSec Island, a website for IT and security professionals, security expert Kevin McAleavey wrote,
"It turns out that the RAR file offered as a torrent download is infected with a backdoor of the 'RBOT' class of malware. This type of malware was commonly used by the lulzsec 'hackers' to own other machines, but is a different variant of the tools they normally used to expand their botnet."
Based on that, it sounds like LulzSec might have planted the malware itself, but they why warn about it, even in a footnote. McAleavey wrote the respected "BOClean" anti-malware software which was later acquired by security firm Comodo.

In addition to the Trojan, LulzSec's last drop of data included information about AT&T's LTE rollout, data from an external NATO-affiliated site, and more.

LulzSec suddenly quit last Saturday, after only 50 days of "lulz." It's suspected that they may have felt the heat of law enforcement or other hackers.
0
+ -

Hmm... definitely sounds like it was planted by the lulz to me. It would be idiotic of At&t to be using a pirated version of a program that is unnecessary for the typical business.

0
+ -

I suppose it's their way of a parting gift for those who still haven't learned whatever kind of lesson they were hoping to teach people? Anyway, I read that the LulzSec group members have formed a pact with Anonymous...

http://money.cnn.com/2011/06/20/technology/lulzsec_anonymous/index.htm

0
+ -

There is actually another one already on TPB that has been cleaned up, and (if I remember correctly), it's about 300MB smaller. It was available shortly after lulz' was.

0
+ -

AGAIN, Never trust a hacker? Maybe their quitting speech was to get more scams out with the malware and who knows what else was in it :)

Login or Register to Comment
Post a Comment
Username:   Password: