File sharing pirates go underground

Software pirates are borrowing techniques and tools from hackers in a bid to take over high bandwidth servers, such as those at universities and web hosts, to help develop large underground file sharing networks.

White hat security firm ISS X-Force has been tracking the growth of a number of underground file sharing networks that are being used to trade terabytes of pirated software and movies.

The networks work on a similar concept to Napster and Morpheus, but typically focus on larger files such as applications and movies, and use stolen bandwidth and storage to host them.

Pirates need high storage and bandwidth capabilities to send and receive digital contraband the size of modern software packages and pirated movie files.

The files are several hundred megabytes in size, so it is cost-prohibitive for 'warez' pirates to use their own servers to distribute the material.

As a result, thousands of machines are thought to be infected with rogue file-sharing software controlled by Internet Relay Chat (IRC) 'bots', unknowingly participating in a massive underground file-sharing network.

These large bot networks are extremely popular and bandwidth hungry. The largest have 300 to 400 bots, all logged into the same IRC network and listening on the same IRC channel.

Larger channels can have thousands of individuals downloading files from these bots.

IRC has long been favoured by the hacker community to congregate, discuss tactics and techniques, and trade tools.

But more recently, as bots have developed, IRC has been used to control large numbers of IRC-aware distributed denial of service (DoS) zombie programs and warez distribution bots.

An increasing overlap has appeared between the hacking and warez communities, and software pirates are now borrowing techniques and tools from the hacking community.

Attackers attempt to compromise low risk/high reward systems, such as servers in .edu domains, home broadband users, web hosting companies, and internet service providers, and install backdoors and remote control programs in order to connect them to IRC-based file-sharing networks.

IRC bots like 'iroffer' are especially user friendly and provide instructions to novice pirates on how to download files.

This bot software may also install Trojan horses, allowing a remote attacker to gain access to the system.

Such attackers do not need further access to the infected target in order to utilise its resources and, aside from distributing pirated software, high bandwidth machines are often used as DoS weapons in hacker warfare.