Arik Hesseldahl

Recent Posts by Arik Hesseldahl

Laughs Just Keep on Coming — LulzSec’s Final Release Contained Malware

Saturday night as was I reporting on the “retirement” of the criminal hacker gang LulzSec, I took a chance: I downloaded the file containing the group’s “final drop,” which it had released to the BitTorrent site The Pirate Bay.

The file was 600-plus megabytes and contained several things, including evidence that the group, or someone helping it out, had defaced a Navy civilian jobs board and a list of corporate networks belonging to numerous companies, including the Walt Disney Company. But the biggest thing inside that folder was a trove of documents apparently taken from wireless giant AT&T concerning the planned construction and rollout of its LTE network. (Incidentally, AT&T isn’t commenting on the documents, and so won’t say whether they’re authentic.)

Also nestled within that folder was yet another folder labeled BootableUSB. I didn’t think anything of it on a Saturday night. It didn’t occur to me that it would be odd for a folder with such a name to be included among a folder of documents looted from a company. I promptly forgot about it.

I found out today that directory, which in hindsight should have set off alarm bells, contained malware — trojans and worms and all sorts of nasty things that no one in their right mind would want. Anonymous, which has in the last 24 hours taken all of LulzSec’s members under its organizational wing (more on that in a moment), confirmed that the original torrent was infected.


@ Downloading the torrent is fine. Just avoid the Bootable USB folder that contains .exe files. Clean torrent: http://t.co/iO98ivz
@AnonymousIRC
AnonymousIRC

At least one of the folders, labeled WinRAR, contained malware that was masquerading as the legitimate version of WinRAR, a Windows compression utility. The StopMalvertising blog goes into significant detail here.

For the record, I took a screen shot of the directory’s contents, which to my eye looks a lot like a ticket to a headache-filled day for any Windows user. Thankfully I use a Mac. Anonymous says that a cleaned-up version of the torrent has been released. But if it’s all the same to you, I’ll avoid downloading this one. You can see the list of malware files in the pictures below. Click them to make them bigger. If you know what any of them are, leave a comment.

Word of the infected torrent — which I consider more supporting evidence that the LulzSec crew was really a bunch of neophytes and nowhere near the unstoppable super-hackers they’ve been made out to be — came on the same day that Anonymous announced it had absorbed LulzSec’s members under its own banner.


We like to clarify again: All LulzSec members are accounted for, nobody is hiding. Only a name was abandoned for the greater glory #AntiSec
@AnonymousIRC
AnonymousIRC

“AntiSec” refers to the “Anti Security movement” that LulzSec, in a rare moment of thoughtfulness, came up with to describe the closest thing it has to a philosophy. It’s the sort of thing that Anonymous, the amorphous batch of hackers sympathetic to Wikileaks, would seem to find attractive. Plus, for the LulzSec gang, there is — at least in theory — some added safety in larger numbers, though there’s been a lot of speculation that the two groups already share several overlapping members.

PREVIOUSLY:

Latest Video

View all videos »

Search »

There was a worry before I started this that I was going to burn every bridge I had. But I realize now that there are some bridges that are worth burning.

— Valleywag editor Sam Biddle