Pirated Starcraft II Wings of Liberty .EXE Files Infected with Malware

Warns Microsoft

By on 28 Jul 2010, 11:32 GMT
It has happened to both Windows 7 and Office 2010, and many other pieces of software, and now it’s the turn of the recently launched Starcraft II Wings of Liberty. Microsoft has warned that fake Starcraft 2 files associated with illegal, pirated copies of the game from Blizzard, contain malware, with downloads from various sources including BitTorrent trackers and warez websites serving as vessels for the malicious code. Some gamers will undoubtedly turn to torrents or other examples of file sharing networks looking for free Starcraft 2 downloads now that the title is officially available. However, they should be aware of the risks that their actions imply.

“’Starcraft_II.exe’ (Sha1: ae648158b87d1513d2777ddb2233d3e83e2741c9) contains a file named "WinUpdate.exe", which is actually malicious and is detected as VirTool:Win32/VBInject.gen!DM. This is a generic detection for Visual Basic-compiled files that attempt to load other malware by injecting code into different processes,” revealed Andrei Saygo and Francis Tan Seng, from the Microsoft Malware Protection Center.

“Another interesting file we saw is "StarCraft.2.Wings.Of.Liberty.CLONEDVD-WW TRAINER.exe" (Sha1: fdaa5abd53256a3fb0ddca5d3dead622768b3ab2). We detect this file as Worm:Win32/Rebhip.A. After a bit of research, we found that it is available to download through the BitTorrent protocol. Worm:Win32/Rebhip.A is a worm capable of stealing sensitive information from your computer by logging keystrokes and gathering passwords,” Saygo added.

Starcraft I was released back in 1998, and it has certainly been quite a wait for fans worldwide. However, as of July 27th, Blizzard launched the sequel to the real-time strategy game that redefined the genre. Starcraft II: Wings of Liberty is now available worldwide, and players are now permited to activate their copies. “Here in the MMPC, we monitored this event as malware writers almost always attempt to take advantage of high-profile news, this being a prime example. Sure enough, we found samples that pretend to be Starcraft-related files but are actually malware,” Saygo said.

Follow me on Twitter @MariusOiaga.

Comments

Starcraft II
   Starcraft II