Scene Notices rarely contain useful information – they are usually full of E-drama and flame wars. However, I stumbled across a recent SceneNotice which can be pretty useful if you download illegitimate software online. As you may know, the internet is full of pirated software that come with cracks or key generators which circumvent the built in copy protection mechanisms. One of the most common downsides associated with cracked software is that they ever so often carry virus or other malware infections. The original release which usually comes from the scene is almost always clean – viruses and other malware sneak in as the release gets repacked and spread across warez sites on the internet. But here is a rare case where the scene release itself is infected by malware.

A.NOTE.ABOUT.WiNDAZ.RELEASES.v1.0-iND warns you of malware that comes embedded with cracked software releases by 0Day release group WiNDAZ. Full NFO is quoted below:

Rels: A.NOTE.ABOUT.WiNDAZ.RELEASES.v1.0-iND
Name: ind-wnz1.zip
Date: 2010/05/09
Size: 1 x 5MB
Type: TextProof
Avast.Internet.Security.v5.0.545.Incl.Keymaker-WiNDAZ
ESET.NOD32.Antivirus.v4.2.42.0.Incl.Keymaker-WiNDAZ
Nero.v9.9.4.26.0b.Incl.Keymaker-WiNDAZ
Mirc.v7.0.Incl.Keymaker-WiNDAZ (contains mIRC 6.35)
WiNDAZ-installers bundle the setup and a file called idx.exe, which is a trojan/password-stealer. Check proof.rar and/or google for Steam.pdb
Their keygens arent working (containing a random string generator) Btw. nuking the shit for only "not.working" or even "get.proper" is simply a sign of stupidity the sole purpose of the releases is to spread the trojan - there wont be any FIXED or WORKING version by this fool
Ban them & catch the guy who brings this scum into scene

5-15-2010 3-42-06 PM

Proof.RAR includes screenshots of disassembled code from WiNDAZ installers. One screen includes a set of methods which appear to be trying to kill off background processes of several popular security software (whether that’s working code or not is a different matter – point is such methods should not have made it into an installer). It also exposes the functionality of the key generator which indeed just generates random strings as claimed by the NFO. If you have downloaded any of WiNDAZ releases and if your antivirus software didn’t alert you of suspicious activity, it might be time to do a full system scan with updated definitions (or try using a new AV for that matter).

[Click Here] to download the full NFO along with all the screenshots of disassembled code.


6 Comments

  1. grapher // 5/15/2010 06:47:00 PM  

    Attention: all releases by FALAFEL, ACTiVATiNG, WiNDAZ, sLOTz, KSCRACKiNG
    are trojans. Dont download it.

  2. Derek // 5/16/2010 02:20:00 AM  

    Lol these guys are real pros, using .NET and not even scrubbing the garbage data? Nice.

  3. TEAM FILEnetworks // 5/16/2010 02:41:00 AM  

    @Derek,
    On top of that most AV software protect themselves against 'process killing' approach used in that code.

  4. amma // 5/16/2010 07:43:00 AM  

    Funny thing, I thought this windaz is the software i used to fix my sony monitor in the past, but it appear the software i used called windas...XD

  5. microd20 // 5/17/2010 02:46:00 PM  

    Great HD Site:

    www.seed-bytes.com



    For a good seedbox:

    http://pulsedmedia.com/clients/aff.php?aff=006

  6. grapher // 5/31/2010 08:13:00 PM  

    Trojans on scene - updated

    Attention: all releases by FALAFEL, ACTiVATiNG, WiNDAZ, sLOTz, KSCRACKiNG, ViLLAiN
    are trojans. Dont download it.