While some members of our Threat Research group are attending talks at the Black Hat Briefings, the rest of the team is back at our offices, hard at work watching for novel threats. That’s good news for gamers, and bad news for malware distributors who might try to take advantage of a confluence of events where many elite members of the security community are temporarily turned away from monitors while they attend the conference. I received a warning about one potential threat facing gamers who might turn to piracy to get a copy of Blizzard’s new real-time-strategy game, Starcraft II.
Apparently, there are a flood of torrents where gamers can download purportedly pirated versions of SC2. While your less ethical gamer might cheer this news, you might be less pleased to find out that some of the SC2 torrents appear to bring along a side order of malware. One of the torrents, for example, touted as a custom game launcher, drops the Zbot keylogger Trojan—albeit a variant we can easily detect and remove.
While this isn’t exactly new, we’re finding that the incredible demand for this game is driving malware distributors to supply something that looks like what the gamers want. We’ll keep an eye on this trend, and update the post if necessary with more details as they become available.
And if you want a copy of the game, just go out and buy it. It may not be the most thrifty use of your money, but it’s the ethical thing to do, and the safest way to get a copy of the game.
(Starcraft 2 logo courtesy of Blizzard Entertainment)
What I’ve wondered is if the game is actually being pirated or if the malware guys are just using it to bait in people who would be interested in it. I doubt that the game would actually be playable if their main goal was to infect your computer.
So far, we’ve seen both full installers which have been Trojaned, as well as some bogus “launcher utilities” that include Trojans.
As far as making the game unplayable, Zbot is fairly good at remaining under the radar and does not, in most cases, crash the computer or interfere with normal operations. The computer can remain infected and functional for some time unless you use an up-to-date antivirus product and perform regular scans.
malware distributors prey on the impatience of people. I agree…now that the game is out they’ll move on to the next big thing…
Interesting how unscrupulous malware distributors are actually helping to curb software piracy..
Perhaps they don’t intend this, but the more that this type of news gets out, the more that gamers will think twice about downloading pirated software..
Many torrents come with adware, spyware and viruses. This is a way for blackhat marketers to obtain and steal information which could allow them to steal your identity.
Targeting a huge release such as SC2 is actually a smart idea (for them) and the first ones to release the cracked version are going to be the bread winners. On a side note, I agree, just buy the game. It is well worth it and online play is free.
I completely agree that you should just buy the game instead of trying to get it for free and ending up with malware. The cost to get rid of this malware and the damage it can do to your computer makes it not worth the risk.
If you’re so concerned about the price then wait for a few months for the game to drop in price.