Even after the lulz have officially ended, the adventure continues for the hapless crew of the lulzboat. After piping off the ship and dropping their cargo on "The Pirate Bay" it turns out that the RAR file offered as a torrent download is infected with a backdoor of the "RBOT" class of malware.
This type of malware was commonly used by the lulzsec "hackers" to own other machines, but is a different variant of the tools they normally used to expand their botnet.
Here's an image of the location of the file within the archive:
The "/AT&T internal data/BootableUSB/Program Files/WinRar/WinRar v3.71.exe" file located in the within the "AT&T internal data.rar" file was found to be infected:
The infected torrent was deleted by Pirate Bay after discovery and TPB issued this formal notification:
The Lulzsec team replaced the file later Sunday with an uninfected version of the same file which was significantly smaller than the original prompting suspicion that a number of other files within the archive were similarly infected:
An accounting of the drama was posted on Tumblr earlier today:
The mystery among analysts was whether it was intentionally placed there by the LulzSec crew as final gag on their followers or whether it was actually part of AT&T internal files which would mean that AT&T's own IT staff was inadvertently infecting their own operation.
At this time, only AT&T can confirm or deny whether the files dated 14 February, 2008 are theirs or whether the USB image included in the AT&T heist is actually theirs.
Attempts to contact LulzSec members as to the origin of the file remain unanswered at this time. Others theorize that if lulzsec was the victim of this infection, it was apparently caused by their competitor, TeaMp0isoN:
So if you've downloaded this file, it is strongly advised that you scan it first before opening the AT&T section of the file to be sure that the infected bot doesn't end up on Windows clients. It's quite possible that there might be others as well given the plural in TPB's description.
I can't understand why anyone would want to download it in the first place, but apparently a large number of people have and thus this cautionary warning.