KeyGen Candy Leads To Malware

Just a reminder to all of you gamers, that downloading KeyGen software is playing russian roulette with your personal computer.  KeyGens are little programs that generate registration keys for games that you didn’t pay for.  They are an executable program that was written by a programmer with the intent to allow you to pirate commercial software.

I can’t count the number of incidents that I have been called on to fix this or that strange behavior on a computer, only to trace the problem back to the installation of some stupid KeyGen or other crack.  The fact that someone is giving you candy for nothing should be your first red flag.  The fact that you have to download an executable and run it should be another.  Case in point, popular Pro Evolution Soccer 2012 game users looking for freebies are in danger of having their computers compromised, according to GFI.

Their search for a key generator can take them to a YouTube or other site offering links to download the full game, KeyGens, cracks and serial numbers, but it is of course, a scam.   One compressed download consists of 3 files: an HTML file named password, a text file named password, and another ZIP file containing the key generator app.

You would assume that the text file contains the password for the compressed file, but it doesn’t.  Instead, there is a shortened link to a site for picking up the password, AFTER you fill out a short survey.  Nothing is ever quite 100% free, you know…

After the survey is completed, the victim receives the password for running the KeyGen program.  Only, that program is in fact the ZeroAccess rootkit, designed to hide from any Anti-Virus that might be installed, interfere with legitimate programs, redirect online searches to malicious pages, and to download additional malware.

The majority of A/V products now have signatures to detect this rootkit, but not all users install A/V, configure it correctly, leave it turned on when applying cracks or KeyGens, or update their A/V regularly.  Be careful when considering too-good-to-be-true offers from unverified sources, and if you like a game enough to want a registration key, why not feed the author’s kids?  It costs money and takes talent to create good games.  If there is no return on that investment, what is the incentive to release the next one, or to make it more affordable?

Don’t take candy from strangers!  Just sayin’…