Pirated AntiVirus Software: how to defeat the evil hackers

[RayLopez99]

I got a used machine here in SE Asia and it was full of pirated
software--in fact it was 100% pirated, even the AV program (ESET).
ESET, a very good AV program, detected no viruses. Now being paranoid
I decided to replace it with Avira (freeware), which detected one
potential anti-privacy malware / virus in the root. So I put that
malware in quarantine and replaced ESET with Avira. That way I could
have my cake and eat it too--a HD full of tens of thousands of dollars
worth of software and no viruses. If the seller intended to have a
backdoor to my machine, by perhaps doctoring ESET to allow such a
backdoor with some sort of rootkit, I foiled them.

Pretty clever of me, eh?

RL

 

[Dustin]

I got a used machine here in SE Asia and it was full of pirated
software--in fact it was 100% pirated, even the AV program (ESET).
ESET, a very good AV program, detected no viruses. Now being paranoid
I decided to replace it with Avira (freeware), which detected one
potential anti-privacy malware / virus in the root. So I put that
malware in quarantine and replaced ESET with Avira. That way I could
have my cake and eat it too--a HD full of tens of thousands of dollars
worth of software and no viruses. If the seller intended to have a
backdoor to my machine, by perhaps doctoring ESET to allow such a
backdoor with some sort of rootkit, I foiled them.

Pretty clever of me, eh?

Depending on how it was warezed onto the box, you might be screwed in
so far as getting updates to some of the package(s) you have.
Personally, if I wanted to backdoor a machine; the AV or AM would be
the last programs on my list of suitable hosts. You would likely remove
one or both of them in favor of your own personal favorites, as you
actually did. I believe I'd go for redundancy and place myself into
programs you aren't likely to remove, but are going to use. Adobe
photoshop, Maya, Autocad.. Mitchel. Software that's worth $$$ so you
won't be getting uninstall happy and kill me in the process.

I'm not saying there is anything wrong with the box, most likely you
scored a killer deal insofar as software cost you didn't have to bear,
even with the possibility of some of it not accepting updates for
whatever reason.

OTH, If I was going to use the box for anything serious, It would be
wiped and reloaded with my own ISOs..

 

[David H. Lipman]

From: "RayLopez99" <[email protected]>

| I got a used machine here in SE Asia and it was full of pirated
| software--in fact it was 100% pirated, even the AV program (ESET).
| ESET, a very good AV program, detected no viruses. Now being paranoid
| I decided to replace it with Avira (freeware), which detected one
| potential anti-privacy malware / virus in the root. So I put that
| malware in quarantine and replaced ESET with Avira. That way I could
| have my cake and eat it too--a HD full of tens of thousands of dollars
| worth of software and no viruses. If the seller intended to have a
| backdoor to my machine, by perhaps doctoring ESET to allow such a
| backdoor with some sort of rootkit, I foiled them.

| Pretty clever of me, eh?

NO !

Whenever one gets a used machine, *ALWAYS* wipe the PC and re-install the OS of choice
from scratch.

This is a "best practice" procedure.

 

[Buffalo]

NO !

Whenever one gets a used machine, *ALWAYS* wipe the PC and re-install
the OS of choice from scratch.

This is a "best practice" procedure.

But then he would most likely 'lose' all those pirated programs.
Buffalo

 

[David H. Lipman]

From: "Buffalo" <[email protected]>


| But then he would most likely 'lose' all those pirated programs.
| Buffalo

Which would be the ethical thing to do

 

[gufus]

Hello, David!

(e-mail address removed)
On Sat, 26 Mar 2011 16:29:36 -0400

|> But then he would most likely 'lose' all those pirated programs.

Which would be the ethical thing to do

In the real world.

 

[FromTheRafters]

I got a used machine here in SE Asia and it was full of pirated
software--in fact it was 100% pirated, even the AV program (ESET).
ESET, a very good AV program, detected no viruses. Now being paranoid
I decided to replace it with Avira (freeware), which detected one
potential anti-privacy malware / virus in the root. So I put that
malware in quarantine and replaced ESET with Avira. That way I could
have my cake and eat it too--a HD full of tens of thousands of dollars
worth of software and no viruses. If the seller intended to have a
backdoor to my machine, by perhaps doctoring ESET to allow such a
backdoor with some sort of rootkit, I foiled them.

Pretty clever of me, eh?

If you say so.

What if the seller doctored the option rom?

 

[Roy]

I got a used machine here in SE Asia and it was full of pirated
software--in fact it was 100% pirated, even the AV program (ESET).
ESET, a very good AV program, detected no viruses.  Now being paranoid
I decided to replace it with Avira (freeware), which detected one
potential anti-privacy malware / virus in the root.  So I put that
malware in quarantine and replaced ESET with Avira.  That way I could
have my cake and eat it too--a HD full of tens of thousands of dollars
worth of software and no viruses.  If the seller intended to have a
backdoor to my machine, by perhaps doctoring ESET to allow such a
backdoor with some sort of rootkit, I foiled them.

Pretty clever of me, eh?

RL

Setting aside the ethical issues,( which is a major concerns only to
software manufacturers ) but even given less thought by many PC
users in that region ( Asia) having treasure find of useful
expensive softwares on one box can be considered a good bonus for PC
buyers.

As long as the programs work and useful for the new owner then its
better to keep it...
.......
Roy

 

[gufus]

Hello, Roy!

(e-mail address removed)

users in that region ( Asia) having treasure find of useful
expensive softwares on one box can be considered a good bonus for PC
buyers.

I could see /any/ buyer keeping the software.

 

[RayLopez99]

If you say so.

What if the seller doctored the option rom?

What is an "option rom"--you mean the BIOS? Doctored the bios to
allow some sort of keyboard logging? That's so diabolically clever
that if some pirate did that, I guess they deserve to clean out my
bank account just because they are diabolical evil geniuses. Never
heard of that before but I guess it's possible.

RL

 

[RayLopez99]

From: "RayLopez99" <[email protected]>

| I got a used machine here in SE Asia and it was full of pirated
| software--i
| Pretty clever of me, eh?

NO !

Whenever one gets a used machine, *ALWAYS* wipe the PC and re-install theOS of choice
from scratch.

This is a "best practice" procedure.

Best practice you say? For the corporate world maybe. Unless you are
prepared to tell me that the doctored Windows 7 OS on my machine has
some sort of preexisting and immune virus in it, that allows some
pirate access to my machine, I think "best practice" is to scan the PC
for infections, remove same (and there's always at least one virus in
any pirated software machine), and then enjoy thousands of dollars of
software for a nominal fee. Who needs Linux when you can have world
class software like from Adobe for $5?

Oh, in SE Asia btw even legal software costs a fraction of the US
price (typically one-half to one-fourth), and comes with a sticker
"this software cannot be exported outside of [Philippines] [Singapore]
[Thailand]".

Just in case when I bring my laptop into the USA some overzealous
Customs officer tries to arrest me, that would be my defense: I bought
said software in a legal s/w shop.

RL

 

[gufus]

Hello, 7!

message: [email protected]

Look raydope tard, idiot, or double idiot, whatever suits you
best, just delete windopws and install Ubuntu Linux 10.10.

Everyone is always ranting and raving about Linux. It's OK IMHO

 

[FromTheRafters]

What is an "option rom"--you mean the BIOS?

The BIOS firmware has provisions for running other firmware that needs
(or wants) to load before the OS. Option ROM is firmware typically
housed in EEPROM just like the BIOS is, except on a PCI card.

Doctored the bios to allow some sort of keyboard logging?

Google for PCI rootkit. Keep in mind that this is not the 'mobile code'
kind of malware that most malware researchers deal with (or even believe
in).

The bottom line is that such a computer as you describe *could* have
been purpose built to harbor a rootkit. This is *not* a case of 'it
could have been infected' by normal use after being built as a normal
computer.

That's so diabolically clever
that if some pirate did that, I guess they deserve to clean out my
bank account just because they are diabolical evil geniuses. Never
heard of that before but I guess it's possible.

Chances are very slim indeed, but I just thought it bears mentioning.
After all, what better SE than a deal "too good to be true".

 

[RayLopez99]

Google for PCI rootkit. Keep in mind that this is not the 'mobile code'
kind of malware that most malware researchers deal with (or even believe
in).

Thanks that was interesting. I did read up on this and learned
something. Apparently though these PCI rootkits are more theoretical
than what's actually found in the wild.

Chances are very slim indeed, but I just thought it bears mentioning.
After all, what better SE than a deal "too good to be true".

Slim indeed, but possible, even and especially in the USA. As for
this SE Asia deal, it was not 'too good to be true' but simply priced
at market (and the market prices here for software and hardware are
generally much less than the USA, though for hardware prices are about
the same as you can find at discount sales in the USA).

RL

 

[Roy]

Thanks that was interesting.  I did read up on this and learned
something.  Apparently though these PCI rootkits are more theoretical
than what's actually found in the wild.


Slim indeed, but possible, even and especially in the USA.  As for
this SE Asia deal, it was not 'too good to be true' but simply priced
at market (and the market prices here for software and hardware are
generally much less than the USA, though for hardware prices are about
the same as you can find at discount sales in the USA).

RL

I have seen in certain parts of Asia including India, the price of
hardware and software are cheaper.....I even saw legitimate
kaspersky internet security 2011 just sold at 12 USD for single
license in India...never understand how they were able to do that when
its usually priced much higher in western countries...

The KIS2011( kaspersky) I saw in Philippine computer stores were
priced at 20USD per single license.


Roy

 

[RayLopez99]

hardware and software are cheaper.....I even saw  legitimate
kaspersky internet security 2011 just sold at  12 USD for single
license in India...never understand how they were able to do that when
its usually priced much  higher in western countries...

 The KIS2011( kaspersky)  I saw in Philippine computer stores were
priced at 20USD per single license.

Yes, I've seen that too in the P. and Thailand. Like I say, the
software has a sticker that says "Not for export" but it's otherwise
100% legal (not a pirate copy). Pirate copies (cracked copies) of
course are even cheaper, generally around USD $5.

But hardware is roughly the same as US west coast (FRY'S, etc) prices,
maybe a little cheaper (about $100 cheaper for a notebook, say $500
rather than $600 as in the USA). I notice the chips are sometimes
made in far away places like Costa Rica for Intel and shipped to SE
Asia.

RL

 

[FromTheRafters]

Thanks that was interesting. I did read up on this and learned
something. Apparently though these PCI rootkits are more theoretical
than what's actually found in the wild.

That's the thing, unless they are numerous enough to warrant being
detected they will not be considered "in the wild" - usually "in the
wild" refers to the more prolific mobile code like viruses, worms, and
network distributed trojans.

[...]