Skip to main content

Some Illegal Movie Downloads May Contain Trojan Threat

By May 3, 2017May 25th, 2021Cybersecurity

If you use torrent software to download advance copies of movies or your favorite TV shows, your machine could be part of a large and sprawling botnet called Sathurbot.

The hackers behind the botnet upload infected torrent files that contain a small executable described as being a video codec you need in order to play the movie file. It’s actually malware, and if you run the executable, it will install the Sathurbot.dll file on your machine, which will make it part of their network.

Once it’s installed, the file can auto-update to receive additional instructions from the hackers controlling it.

Right now, the botnet is focused on growth, so all of their slaved machines have been tasked with targeting small blogs – mostly WordPress, but the hackers aren’t picky. Infected machines will attempt to log in as the site admin and infect the site, which, in turn, can serve as a springboard to infect any of the site’s users or visitors, thus expanding their network.

Interestingly, each computer that’s part of their botnet only makes one attempt to log into each website before passing the baton to another infected computer. This is to prevent that computer’s IP address from being blacklisted, and preserving its ability to try again later on.

While the botnet is currently focused on growth, once its numbers hit whatever threshold the hackers have in mind, it could easily be rented out to other interested parties and used to conduct DDOS attacks against specified targets. It could also be used as a launchpad to infect a specific network, initiate phishing attacks and the like. The possibilities are virtually endless.

The bottom line is that if you watch pirated movies or have a WordPress website, it’s possible that you’ve been infected. Run a search of your PC and look for the presence of Sathurbot.dll. If it’s on your system, you’re unwittingly part of the botnet.

If you maintain a website, look at your directory structure to see if there are any new folders you don’t recognize. If so, your best bet is to delete them and restore your site from your most recent non-infected backup.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.