Jump to content

Why you should view torrents as a threat


Batu69

Recommended Posts

Despite their popularity among users, torrents are very risky “business”. Apart from the obvious legal trouble you could face for violating the copyright of musicians, filmmakers or software developers, there are security issues linked to downloading them that could put you or your computer in the crosshairs of the black hats.

 

Merely downloading the newest version of BitTorrent clients – software necessary for any user who wants to download or seed files from this “ecosystem” – could infect your machine and irreversibly damage your files.

 

This was proven true on multiple occasions in 2016 when attackers targeted macOS users by hijacking a version of the Transmission app – a legitimate and widely used BitTorrent client – and then used it to spread nasty malware families.

 

The first attack was documented in March 2016, when victims downloaded ransomware known as KeRanger, which encrypted data (thus rendering it inaccessible). Despite the quick reaction of Transmission’s developers, who removed the trojanized version of the app only a few hours after it appeared on the official website, it still hit thousands of victims worldwide.

 

What is worse, KeRanger’s creators used a cryptographic algorithm that was effectively unbreakable, rendering victims’ data inaccessible.

Another case following the same path occurred in August 2016. macOS malware called OSX/Keydnap, spread using yet another hijacked version of the Transmission software – planting a permanent backdoor in infected devices and stealing credentials stored in the Keychain app.

 

Again, the official team of the BitTorrent client was fast to react and removed the trojanized app from the website within minutes after being notified by ESET researchers.

 

However, the threat posed by torrents extends beyond these clients. Risks are also associated with the downloaded files, which can pose as a popular software, games or movies, but turn out to be something completely different – often malevolent.

 

This was the case with Sathurbot backdoor trojan, a threat documented by ESET researchers in April 2017. The affected devices were infected via malicious torrents and added to a botnet that scanned the internet for WordPress administrator accounts. These were then targeted by a distributed brute-force attack.

 

To ensure its further propagation, Sathurbot masked itself as a popular movie or software, and misused the hijacked WordPress accounts to further propagate its original malicious torrent. As a result, the trojanized files were very well seeded and appeared legitimate “to the untrained eye”.

 

The movie torrent bundle contained a file with a video extension accompanied by an apparent codec pack installer, and an explanatory text file. The software torrent contained an apparent installer executable and a small text file. The objective of both was to push the victim to run the executable that loaded the Sathurbot DLL.

 

In February 2017, black hats misused BitTorrent sites again, this time to distribute new ransomware called “Patcher”, seemingly an application for pirating popular software.

 

The Torrent contained a single ZIP file – an application bundle. ESET researchers saw two versions of this malware, one posing as a “Patcher” for Adobe Premiere Pro and one for Microsoft Office for Mac. However, our analysis was not exhaustive and there might have been other versions in the wild.

 

Even though the malware was poorly coded, its encryption routine was effective enough to prevent victims from accessing the affected files. Additionally, the ransomware didn’t have any code to communicate with a C&C server. This means that there was no way to send the key – used to encrypt the files – to the malware operators and, hence, no way for them to provide the decryption key to the victims.

 

These are only a few examples of BitTorrent clients and torrents themselves, being a popular vector for cybercriminals who use it to infect large numbers of unaware users with malware or to gain control over their computers and misuse them for malicious purposes.

 

If you want to stay informed and protect yourself by building up your knowledge, read the latest pieces by ESET researchers on WeLiveSecurity.

 

Article source

 

Other source: ESET spreading FUD about torrent files, clients

Link to comment
Share on other sites


  • Replies 11
  • Views 990
  • Created
  • Last Reply


IT security company ESET has published a rather curious article which portrays the use of BitTorrent as a security threat. Noting that merely downloading a torrent client could "infect your machine and irreversibly damage your files", the piece focuses on a pair of rare incidents to present an overall climate of fear. The reality is much more nuanced.


Any company in the security game can be expected to play up threats among its customer base in order to get sales.

 

Sellers of CCTV equipment, for example, would have us believe that criminals don’t want to be photographed and will often go elsewhere in the face of that. Car alarm companies warn us that since X thousand cars are stolen every minute, an expensive Immobilizer is an anti-theft must.

 

Of course, they’re absolutely right to point these things out. People want to know about these offline risks since they affect our quality of life. The same can be said of those that occur in the online world too.

 

We ARE all at risk of horrible malware that will trash our computers and steal our banking information so we should all be running adequate protection. That being said, how many times do our anti-virus programs actually trap a piece of nasty-ware in a year? Once? Twice? Ten times? Almost never?

 

The truth is we all need to be informed but it should be done in a measured way. That’s why an article just published by security firm ESET on the subject of torrents strikes a couple of bad chords, particularly with people who like torrents. It’s titled “Why you should view torrents as a threat” and predictably proceeds to outline why.

 

“Despite their popularity among users, torrents are very risky ‘business’,” it begins.

 

“Apart from the obvious legal trouble you could face for violating the copyright of musicians, filmmakers or software developers, there are security issues linked to downloading them that could put you or your computer in the crosshairs of the black hats.”

 

Aside from the use of the phrase “very risky” (‘some risk’ is a better description), there’s probably very little to complain about in this opening shot. However, things soon go downhill.

“Merely downloading the newest version of BitTorrent clients – software necessary for any user who wants to download or seed files from this ‘ecosystem’ – could infect your machine and irreversibly damage your files,” ESET writes.

 

Following that scary statement, some readers will have already vowed never to use a torrent again and moved on without reading any more, but the details are really important.

 

To support its claim, ESET points to two incidents in 2016 (which to its great credit the company actually discovered) which involved the Transmission torrent client. Both involved deliberate third-party infection and in the latter hackers attacked Transmission’s servers and embedded malware in its OSX client before distribution to the public.

 

No doubt these were both miserable incidents (to which the Transmission team quickly responded) but to characterize this as a torrent client problem seems somewhat unfair. 

 

People intent on spreading viruses and malware do not discriminate and will happily infect ANY piece of computer software they can. Sadly, many non-technical people reading the ESET post won’t read beyond the claim that installing torrent clients can “infect your machine and irreversibly damage your files.”

 

That’s a huge disservice to the hundreds of millions of torrent client installations that have taken place over a decade and a half and were absolutely trouble free. On a similar basis, we could argue that installing Windows is the main initial problem for people getting viruses from the Internet. It’s true but it’s also not the full picture.

 

Finally, the piece goes on to detail other incidents over the years where torrents have been found to contain malware. The several cases highlighted by ESET are both real and pretty unpleasant for victims but the important thing to note here is torrent users are no different to any other online user, no matter how they use the Internet.

 

People who download files from the Internet, from ALL untrusted sources, are putting themselves at risk of getting a virus or other malware. Whether that content is obtained from a website or a P2P network, the risks are ever-present and only a foolish person would do so without decent security software (such as ESET’s) protecting them.

 

The take home point here is to be aware of security risks and put them into perspective. It’s hard to put a percentage on these things but of the hundreds of millions of torrent and torrent client downloads that have taken place since their inception 15 years ago, the overwhelming majority have been absolutely fine.

 

Security situations do arise and we need to be aware of them, but presenting things in a way that spreads unnecessary concern in a particular sector isn’t necessary to sell products. 

 

The AV-TEST Institute registers around 390,000 new malicious programs every day that don’t involve torrents, plenty for any anti-virus firm to deal with.

 


Article

Link to comment
Share on other sites


This didn't  have nothing too do with Torrents this had to do with direct links too the software got hijacked by hackers.
 

Quote


    On March 4, 2016, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted. We have named this Ransomware “KeRanger.” The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.


    Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. When we identified the issue, the infected DMG files were still available for downloading from the Transmission site (hxxps://download.transmissionbt.com/files/Transmission-2.90[.]dmg) Transmission is an open source project. It’s possible that Transmission’s official website was compromised and the files were replaced by re-compiled malicious versions, but we can’t confirm how this infection occurred.

https://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/


And articles from ESET's  www.welivesecurity.com have about as much chance being seen by some noob as some noob switching to Linux witch is about 2.5 % It could happen you can catch malware from a downloading from a torrent  but in 16 years  it only happen too me once but keep in mind i never download games and never downloaded any more software from p2p since that happen too me in 2008 ..

 

When  Watch Dogs came out in 2014 many gamers who use p2p infected themselves with Bitcoin botmaster

 

Tens of thousands of 'Watch Dogs' pirates ENSLAVED by Bitcoin botmaster
 

https://www.theregister.co.uk/2014/05/28/watch_dogs_pirate_gamers_botnet/

 

Link to comment
Share on other sites


Quote

 

How to Spot Fake Torrent File Downloads

 

Scammers and dishonest P2P individuals use false torrents to phish people's identities, trick them out of their money, or vandalize their computers through malware infections.

Fortunately, you don't have to be one of those people. There are some obvious signs that a torrent file you're looking at is fake, or should at very least be dealt with carefully.

Below are 10 tips to help you spot a fake torrent movie or music file. Be sure to also check out our continually updated list of the top torrent sites!

01
of 10
Beware Lots of Seeds but No or Few Comments

Abusive uploaders will often falsify the number of seeds and peers. Using software tools like BTSeedInflator, these abusers will make their torrents look like 10,000 or more users are sharing it.

If you see these kinds of massive seed/peer numbers, but there are no user comments on the file, you would be wise to avoid that file!

Any true torrent that has more than a few thousand seeds should also have positive user comments. If not, you're probably looking at a fake/bad torrent.

02
of 10
Check for 'Verified' Status on the Torrent

Some torrent sites actually employ a committee of core users to confirm and 'verify' torrents.

While these verified files are small in number, they are very likely true torrents that can be trusted. Keep your antimalware software updated and active, and 'verified' files should be safe to download.

03
of 10
Confirm the Movie Release Date with a Third Party

For brand new movie torrents, take a minute to visit IMDB and verify the release date.

If the torrent has been released before the actual movie date, then don't trust it.

Sure, there's a possibility that it could be the real thing, but much more often it's not, so beware.

04
of 10
You Can Usually Trust AVI and MKV Files (but Avoid WMA and WMV Files)

For the most part, true movie files are in either the AVI or MKV format.

Conversely, the great majority of WMA and WMV files are fake. While there are some authentic examples, files that end in the .wma and .wmv extensions will link to other sites to get paid codecs or malware downloads.

Better to avoid those types of files completely.

05
of 10
Be Careful With RAR, TAR, & ACE Files

Yes, there are legit uploaders who use RAR archives to share files, but for movies and music, the majority of RAR and and other archive type files are fake.

Torrent site abusers use the RAR format to conceal Trojan style malware and codec scam files. The video you're downloading is already compressed, so there's no need to compress it further in one of these formats.

If you see an attractive torrent movie file that is in the RAR, TAR, or ACE format, be very careful with it and examine its listed file contents before you download.

If there is no list of the contents, do not trust it. If the file list is disclosed, but it includes an EXE or other text-based instructions (more on those below), then move on.

06
of 10
Always Read the Comments

Some torrent sites like will capture user comments on individual files. Like eBay feedback on other eBay users, these comments can give you a sense of how legitimate the file is.

If you see no comments on a file, be suspicious. If you see any negative comments on the file, then move on and find a better torrent.

07
of 10
Beware if Password Instructions, Special Instructions, or EXE Files Are Included

If you see a file in the movie/music torrent that says 'password', 'special instructions', 'codec instructions', 'unrar instructions, 'important read me first', 'download instructions here', then the risk that this torrent is a scam or fake goes way up.

The instigator here is likely looking to redirect you to a shady website to download a dubious movie player as a precondition to opening the movie file.

Additionally, if there is an EXE or other executable file included, then most certainly avoid that torrent download. Executable files for movies and music should be a giant red flag!

EXE files and any passwords or special download instructions are likely a sign that you should find a better torrent download elsewhere.

08
of 10
Avoid Using the Following Software

Some torrent software clients have earned a bad reputation for seeding malware, fraudulent codec downloaders, keyloggers and Trojans.

Our readers have repeatedly advised us to warn against using BitLord, BitThief, Get-Torrent, TorrentQ, Torrent101, and Bitroll.


09
of 10
Beware Trackers that Can't Be Found on Google

Open the published torrent details, and copy-paste the tracker names into Google. If a tracker is legitimate, you'll see a number of Google hits where many torrent sites point to the copy-pasted tracker.

If the tracker is false, you will find many unrelated hits at Google, often with the words 'fake' as P2P users post warnings on that fake tracker.

10
of 10
Only Use These Media Players

These are plenty of trusted movie and music players for Windows, Mac, Linux, and your smartphone.

A few include WinAmp, Windows Media Player (WMP), VLC Media Player, GMPLayer, and KMPlayer... among others, of course.

Do a quick Google search for any media player you're not familiar with. With so many reputable options, don't risk downloading and installing something you've never heard of. It might end up being nothing but malware!

 

https://www.lifewire.com/how-to-tell-if-a-movie-torrent-file-is-fake-2483619

 

Link to comment
Share on other sites


On sexta-feira, 4 de agosto de 2017 at 0:07 PM, Batu69 said:

Merely downloading the newest version of BitTorrent clients – software necessary for any user who wants to download or seed files from this “ecosystem” – could infect your machine and irreversibly damage your files.

Merely downloading and installing an AV like ESET could "could infect your machine and irreversibly damage your files".

Specially if you are a victim of a MITM attack or a DNS redirect.

Scary stuff. Thanks for the warning, ESET.

;)

 

Link to comment
Share on other sites


  • Administrator
On 5/8/2017 at 7:50 PM, steven36 said:

https://www.lifewire.com/how-to-tell-if-a-movie-torrent-file-is-fake-2483619

 

 

Good article.

 

But seems outdated the author mentions an outdated codec / file extension but does not mentioned highly used mp4. :P The torrent clients mentioned - might - be outdated too. But still, an informative one.

 

Back to the main subject. Whole internet can get one's computer badware, so torrents are not new to it.

Link to comment
Share on other sites


1 hour ago, DKT27 said:

Back to the main subject. Whole internet can get one's computer badware, so torrents are not new to it.

MP4 have been around since before that article was ever written and it was just updated . April 21, 2017.. MP4 are more conman on Video streaming filehost but there just a container for x264 like MKV the scene is no longer uses  mp4 for tv shows only they release porn in mp4 now .. But most movies and tv shows if you find new ones there not going be in mp4 unless there a p2p re-encode  of h264  or AVI unless there a p2p or file host website . MKV dominates the scene and H265 websites and p2p...

 

If you need too add subs too the file the MP4 is useless like last night  i watched a movie from the Netherlands.. only i could find it in mp4 so i re-muxed  it too mkv with English subs.  BitTorrent use too be much more risky than they are today ..Most public uploaders get there uploads from clean private trackers .

Link to comment
Share on other sites


  • Administrator
14 minutes ago, steven36 said:

MP4 have been around since before that article was ever written and it was just updated . April 21, 2017.. MP4 are more conman on Video streaming filehost but there just a container for x264 like MKV the scene is no longer uses  mp4 for tv shows only they release porn in mp4 now .. But most movies and tv shows if you find new ones there not going be in mp4 unless there a p2p re-encode  of h264  or AVI unless there a p2p or file host website . MKV dominates the scene and H265 websites and p2p...

 

If you need too add subs too the file the MP4 is useless like last night  i watched a movie from the Netherlands.. only i could find it in mp4 so i re-muxed  it too mkv with English subs.  BitTorrent use too be much more risky than they are today ..Most public uploaders get there uploads from clean private trackers .

 

I see. You are right. I was not aware about scene completely switching to mkv. Have not downloaded much from a long time I think.

 

Somehow I do not like mkv and prefer mp4 inspite of it being better. Maybe it's more to do with the name rather than anything else with it.

Link to comment
Share on other sites


10 minutes ago, DKT27 said:

Somehow I do not like mkv and prefer mp4 inspite of it being better. Maybe it's more to do with the name rather than anything else with it.

Still some prefer AVI  too MP4 and MKV even though the scene have not done avi since 2012. But that's a whole different ball game avi is the container  for XVID and  DivX  codec mostly  .. You can download   programs too switch MKV too MP4 and switch MP4 too MKV  (direct stream copy no quality lost )  MP4 and MKV are just containers not codecs. :) 

Link to comment
Share on other sites


  • Administrator
11 minutes ago, steven36 said:

Still some prefer AVI  too MP4 and MKV even though the scene have not done avi since 2012. But that's a whole different ball game avi is the container  for XVID and  DivX  codec mostly  .. You can download   programs too switch MKV too MP4 and switch MP4 too MKV  (direct stream copy no quality lost )  MP4 and MKV are just containers not codecs. :) 

 

How I wish H.264 does not get outdated. I do not have the hardware - computer and mobile to play H.265. Forget about AV1. :P Bought a media player with H.265 more than a year ago, yet to play anything on it.

 

As for converting it, I'm looking for a good one from a long time here.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...