This is not about intellectual property, copyright or electronic markets. This is about malware infections. I know, how weird of me.
I overheard someone speaking recently about the threat of viruses and other nasty malware coming from P2P networks. How it must be obvious that pirates have ulterior motives for distributing software applications free of charge - nobody in their right mind would do that unless there was something to gain. In this person’s view, all software originating from P2P networks [all commercial software] is somehow infected with some form of malware or another.
There certainly is merit to such a claim. KaZaA, Gnutella and a whole lot of other “unregimented” networks did1 suffer from the plight of malware. As some might know, software isn’t the only way to distribute bad thing to others - we have executable content in movies, exploits in images, macros in documents. Virus-spreader’s dream come true, what with all those gullible teenagers stealing music… they’re getting what they deserve. But this isn’t the whole story.
Pirates - and here let’s refer to suppliers only - do not do this so that they have a way to build their very own botnet. Historically speaking, warez was traded between top groups as an exchange - “you have something, I have something, let’s trade”2. With the advent of P2P networks, somebody, somewhere decided to leak these files. A lot of groups decry this practice and complain that it ruins the scene, both by allowing plebes access to things they haven’t worked for [commonly known as "leeches", although the term has been muddied by other meanings nowadays] and increasing exposure for the groups who are easier to target by those whose job it is to do so. Somebody else, before throwing the latest and greatest version of Office or EA game unto KaZaA, thought it would be rewarding to taint it with some trojan code. Here we are now.
It would be conceivable, although impractical, for groups to taint software at the release stage. By patching the entire environment - firewall, antivirus, even OS - they could control the leecher’s machine in a manner akin to the Blue Pill3. At this point it really is like in The Matrix, the leecher’s machine now belongs to someone else and chances of picking up on this are slim - when all your software is tainted in this way, there isn’t much you can do [but buy it, of course, and even then there might be other backdoors to worry about.]
Groups might or might not [decide to] be doing that. A conspiracy theorist is free to run crazy about all the possibilities that stem from this - but as a security enthusiast, I’m only here to dig up the possible scenario. Latest tales I hear from the underground say that Windows XP comes out pre-patched every so often - with all the security updates bulked in and a cracked WGA. From this to the next step - patching a little extra into the OS - isn’t much ground to cover. Might make an interesting summer project, if you’ve got the time.
