When we think of the word malware, the associations are exclusively grim.

It’s in the name. Malware is a concise way of saying ‘malicious software’ - something that infiltrates our systems to corrupt our information, steal passwords, put a ransom, commit fraud, render the machine incapable of running as intended, etc.

Nine times out of ten, malware breeds injustice. Once in a while, it will attempt to enforce integrity and fairness, delving into grey zone tactics instead of explicit intention to harm and damage the unsuspecting users. One such case has been discovered by the Sophos security team.

A malware campaign designed for vigilante purposes...

When The Hackers Take Over The Moral Ground

In this particular situation, the victims are not as innocuous as they tend to be usually.

The reason is simple. This unorthodox malware campaign intends to stop people not keen on paying for content and software by blocking access to the vast number of websites facilitating piracy.

It becomes possible as malware modifies the HOSTS file on the infected computer, adding many web domains (mainly piratebay clones) and pointing them at the localhost address.

Security professionals have described this technique as crude because this method lacks persistence mechanisms. It is relatively easy to remove entries after they have been added to the file, and they will not return unless the malware is executed a second time.

This trick has been around for at least a decade, and as basic as it is, it still gets the job done.

How Does It Spread? How Does One Cleanse It?

The spread tactic is also nothing special - malware is packed and hidden in Discord servers and torrent trackers, posing as fake games, productivity solutions, and cybersecurity tools.

"The files that appear to be hosted on Discord's file-sharing tend to be lone executable files. The ones distributed through BitTorrent have been packaged in a way that more closely resembles how pirated software is typically shared.” - disclosed Andrew Brandt, a security analyst who broke down the story.

This reminds everyone that the risk of infection is always high when you tread pirate waters. If you were unfortunate enough to pick up this malware or just want to know how to remove it, here are the instructions:

“Users can clean up their HOSTS file manually, by running a copy of Notepad elevated as administrator, and modifying the file at c:\Windows\System32\Drivers\etc\hosts to remove all the lines that begin with “127.0.0.1” and reference the various ThePirateBay (and other) sites.”

Then again, you won’t need it if you don’t do anything nefarious. And all my readers are noble, goody-two-shoes folks… right?

Someone’s Moral Compass Is Going South

As Robert Jordan once said, ‘Men often mistake killing and revenge for justice. They seldom have the stomach for justice.’

The same applies to the vigilante that made and spread this malware online. The potential audience that falls under relative threat is too vast to consider it a targeted ‘attack’. The combination of old and new tools, overall tactics, techniques, and procedures, the expansive list of blocked websites, and the controversial content of the .nfo file, filled with racial slurs, does not make the author look very good.

The motivation behind such a deed is unclear and certainly falls into a ‘grey’ area. The perpetrator does not have direct malicious intent but also doesn’t act ethically. It’s complex.

Piracy is a complicated topic that spurs many opinions. Interestingly enough, a highly acclaimed podcast Darknet Diaries recently made an episode with Peter Sunde Kolmisoppi, one of the three main figures behind the initial Piratebay movement. Here’s what he had to say about legality:

“I don’t really care if it’s illegal or not. That’s kind of the core, again. Someone has defined what is legal and what’s illegal, and I don’t really agree with that perspective. For me, it’s more important what’s moral and what’s immoral. For me, it’s immoral to actually say that you can’t have this, you can’t be part of the cultural conversation because you don’t have enough money.”

For my taste, the last line is a zinger, even though you could argue with it.

A Few Thoughts On PirateBay Ethics

When you think about it, PirateBay is not illegal in itself.

It acts as a blank page that allows users to submit files anyone could download. It’s not that different from Google, acting as a search engine, and you can certainly use the top search engine to find pirated stuff. If you type the name of the song, type in title:indexof and mp3, you will tell Google to do exactly what PirateBay does.

“The difference between Pirate Bay and Google is that they’re considered good guys because they’re business people, so I think that – I’d say the opposite of Pirate Bay, they would also be business people that are interested in doing business with other businesses.” - elaborates Peter.

I strongly recommend you to check out episode 92, and make up your own opinion on the topic. I am not an advocate for avid leeching and seeding, but It’s truly a fascinating listen!

And the moral of the story is simple...

When fighting monsters, make sure you yourself do not become a monster. When online, try to stay safe and be honest.