A pirated copy of Windows 7 bought at a Chinese electronics bazaar for 40 yuan, or less than US$6. The disc's setup file promotes a Web site infested with malware.
BEIJING, 11 AUGUST 2009 - Pirated copies of Windows 7 have hit the shelves at China's electronics bazaars, months before the operating system officially goes on sale.
A stall owner at one of the multistory PC markets in Beijing sold a copy of the program for 40 yuan (US$5.86) on Monday. It was not clear from the thin, DVD-shaped box or the contents of the disc what version of Windows 7 it purported to carry, but a 1.8GB file named Win7.gho was on the disc. A .gho file is an image of a system that can be copied onto a new hard drive, potentially letting a user bypass the activation key step for programs like Windows.
Both legal and cracked copies of Windows 7 were already available online. A release candidate version of the OS is publicly available, and subscribers to the Microsoft Developer Network can download the RTM (release to manufacturing) version on the network's Web site.
A cracked version of Windows 7 has also appeared online in recent weeks. An image file containing Windows 7 Ultimate RTM and a manufacturer product key was stolen from Lenovo and placed on a Chinese hacker forum, the company said in a statement.
A user can purportedly pair the leaked key with a certain hack to install and use the OS, Microsoft said in an MSDN blog entry. But Microsoft said it is working with Lenovo to make sure no PCs using the pirated manufacturer key are sold, and Lenovo said the key would be disabled. Windows 7 will go on sale Oct. 22.
Pirated software from Microsoft and other companies is widely used in homes and offices across China, and it is often sold in stores or on streets.
The vendor at the Beijing bazaar said she said had sold pirated copies of Windows 7 for over a month and had a dozen buyers on some days. She kept the program discs in a low cabinet that she opened only when asked specifically for the OS.
It was not clear if the pirated Windows 7 disc carried malicious code, but its setup file promoted a Web site, www.pkghost.cn, infested with a high level of malware. Google found 31 scripting exploits, 25 Trojans and 21 other exploits on the site, according to its diagnostic page.
Malware may have been on the disc as well. Pirated software packages sold in China often include malware used to steal personal information from users, said Vu Nguyen, a McAfee Avert Labs researcher. One common type of Trojan steals passwords for popular online games, he said. Attackers can then profit by selling virtual items in the game accounts.
Sign up for Computerworld eNewsletters.