StarCraft II Pirates Stung By Malware


Nefarious pirates looking to, um, pirate StarCraft II are running into a bit of a problem: one of the more popular torrents that purports to be the game is actually nothing more than a conduit for a nasty bit of malware. I know $60 for a PC game may seem a little expensive to many of you, but would you rather pay the money (and earn Light Side points) or try to pirate it (and earn Dark Side points) and have to deal with cleaning out your system?

Microsoft has warned gamers about the dangers of trying to pirate the game:

’Starcraft_II.exe’ (Sha1: ae648158b87d1513d2777ddb2233d3e83e2741c9) contains a file named “WinUpdate.exe”, which is actually malicious and is detected as VirTool:Win32/VBInject.gen!DM. This is a generic detection for Visual Basic-compiled files that attempt to load other malware by injecting code into different processes.

Another interesting file we saw is “StarCraft.2.Wings.Of.Liberty.CLONEDVD-WW TRAINER.exe” (Sha1: fdaa5abd53256a3fb0ddca5d3dead622768b3ab2). We detect this file as Worm:Win32/Rebhip.A. After a bit of research, we found that it is available to download through the BitTorrent protocol. Worm:Win32/Rebhip.A is a worm capable of stealing sensitive information from your computer by logging keystrokes and gathering passwords.

Nearest I can tell there does exist a legitimate pirated copy of the game available online, released by one of the prominent release groups. No names here, of course. The crack is more involved than the usual replace-the-exe-with-another-exe, according to the nfo.

The point is, putting aside the morality of piracy, that you’re playing with fire if you try to find a pirated copy of the game online, particularly if you’re downloading it from a public BitTorrent site or one of those shady release blogs.