Virus: What is a vaccine? It is “a preparation intended to generate acquired immunity against a disease, by stimulating the production of antibodies.” And its beauty is that it contains an agent that resembles a disease-causing microorganism and is often made from weakened or dead forms of the microbe, its toxins, or one of its surface proteins.
In other words: They inject more or less the same virus against which they want to vaccinate you, forcing your body to prepare measures and antibodies. Imagine adapting that process to the Internet, a virus that would infect us to protect us from other viruses? Well, it already exists.
The virus created to protect you from other viruses
The security company Sophos has announced in an article the discovery of this malicious code, and indicated that the origin and motivation of the ‘malware’ is unknown, which, unlike most, does not seek the theft of personal data or private information.
Instead of trying to steal passwords or extort money from the owner of the computer for a ransom, this malware blocks the computers of infected users from visiting a large number of websites dedicated to software piracy, modifying the HOSTS file on the system. infected.
Modifying the HOSTS file is a “crude but effective method of preventing a computer from accessing a web address. It is crude because, although it works, the malware has no persistence mechanism. Anyone can remove the entries after they have been added to the HOSTS file, and they remain removed (unless the program is run a second time). ”
According to the Sopos analyst, “We could not discern where this malware came from, but its motivation seems pretty clear”: Prevent people from visiting software piracy websites (even if only temporarily), and submit the name of the pirated software that the user expected to use a website, which also delivers a secondary payload. The file adds from a few hundred to more than 1000 web domains to the HOSTS file, pointing to the localhost address, 127.0.0.1.
Fake games on Discord
At least some of the malware, disguised as pirated copies of a wide variety of software packages, was hosted on the game chat service Discord. Other copies, distributed via Bittorrent, also carried popular game names, productivity tools, and even security products, accompanied by additional files that suggested they had originated from a well-known file-sharing account on ThePirateBay.
There appear to be hundreds of different software brands represented by the file names found in a Virustotal search for related samples. Files such as “Left 4 Dead 2 (v220.127.116.11 Last Stand + DLCs + MULTi19)” and “Minecraft 1.5.2 Cracked [Full Installer] [Online] [Server List]” mimic the naming conventions commonly used to label the pirated software.
The files that appear hosted on the Discord file-sharing system are usually single executable files. Those distributed via Bittorrent “have been packaged in a way that more closely resembles the way pirated software is often shared using that protocol”: Added to a compressed file that also contains a text file and other files helpers as well as an old internet shortcut file pointing to ThePirateBay