Forum postings about a possible RBOT malware infection of the AT&T data dump posted via BitTorrent and other filesharing services on Monday were confirmed yesterday by the Tech Buzz Examiner.
According to Michael Santo, after analysing the AT&T internal data dump there is an infection which – allegedly – stems from AT&T's apparent use of an unregistered copy of the WinRar file compression/decompression application.
The Tech Buzz Examiner newswire asserts that the LulzSec posting on Monday included a warning about the infection, although buried in the 'small print' at the tail end of the data text file:
"Note: In "AT&T internal data.rar", do not open "BootableUSB/Program Files/WinRar/WinRar v3.71.exe", as it is malware (due to AT&T using a pirated copy of WinRar)."
The newswire questions why LulzSec's posters didn't remove the infection before posting the file. "Second, why would AT&T be using a pirated copy?"
Infosecurity notes that the AT&T internal data file has – ironically enough – been removed from the PirateBay BitTorrent filesharing service because of the infection, although various Rapidshare images exist on the internet.
Based on its observations, the newswire says that it sounds like LulzSec might have planted the malware itself, but then why warn about it, even in a footnote?
"In addition to the Trojan, LulzSec's last drop of data included information about AT&T's LTE rollout, data from an external NATO-affiliated site, and more", notes the newswire.