Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware Floods in Through BitTorrent

Posted by CmdrTaco on from the only-a-matter-of-time dept.

solareagle writes "Public peer-to-peer networks have always been associated with adware program distributions, but BitTorrent, the program created by Bram Cohen to offer a new approach to sharing digital files, has managed to avoid the stigma. Not any more, anti-spyware advocates warn. According to Chris Boyd, a renowned security researcher who runs the VitalSecurity.org nonprofit resource center, the warm and fuzzy world of BitTorrent has been invaded by a massive software distribution campaign linked to New York-based adware purveyor Direct Revenue LLC."

14 of 457 comments (clear)

  1. Shrug by The+Bungi · · Score: 5, Insightful
    Download something, install it on your machine. You get malware. Surprise. This has nothing to do with the fact that it's BT, because BT is open to everyone. It's the user's responsibility, as always. As with Kazaa, LimeWire and any other P2P technology or just downloading "that really cool screensaver" using your web browser.

    Of course this won't stop some people from blaming Microsoft somehow.

  2. They're number one financial backers by bigwavejas · · Score: 5, Insightful

    I wouldn't be surprised if the MPAA and RIAA are their number one financial backers, it was probably even their brainchild in an effort to chase wouldbe wrongdoers from downloading music or movies.

    --
    "Simplify, simplify, simplify!" Thoreau
  3. I call BULLSHIT by Jarnis · · Score: 5, Insightful

    Anyone with half a brain will NOT download a 'video file' that ends in .exe

    None of the real proper releases are 'infected'. Only way to get spyware is to be a moron and download some 'hot_paris_hilton_sex_video.exe'.

    There is no magic way to 'insert' spyware in bittorrent transfers. Tracker has the hash of the file, you cannot modify it. This is just a marketer seeding crap, hoping that idiots bite. Hook, line, sinker -style.

    1. Re:I call BULLSHIT by Jarnis · · Score: 3, Insightful

      Bull. The person describes how it launched somekinda installer (those come from .exes, btw) and then a selfextracter.

      If you actually unpacked the rar using winrar, that wouldn't happen.

      In any case, it wasn't a proper release. Proper release = bunch of identical-sized partfiles, .nfo, and .sfv files, all neatly in a properly named directory. And then you unpack the directory using WinRar, so there is no way for anything to launch (Since winrar itself searches the actual packets from the folder, then unpacks the actual .avi, .mpg, .iso or whatever).

      DL crap, and you probably get crap...

    2. Re:I call BULLSHIT by Andy+Dodd · · Score: 5, Insightful

      Still, if the result of un-RARing the file is an .exe when you downloaded video, any moron can tell that something is WRONG.

      Such torrents would quickly die from lack of seeders.

      So far, very few (if any) BT clients are bundled with spyware. Perhaps if you got them from an untrustworthy mirror, this would be different, but nearly every client is adware/spyware-free if you download it from a reputable source.

      With the exception of downloading warez (games/apps), there's almost no way anyone could sneak spyware/adware into a BT download. You just simply can't infect AVI/WMV/MPEG/MP3 files. Probably 50% of BT traffic (or more) consist of media files. Another 30-40% (at least) are Linux ISOs, which are also pretty damn hard to infect with spyware/adware.

      --
      retrorocket.o not found, launch anyway?
  4. Re:Practical solution to spyware and p2p executabl by TheKidWho · · Score: 3, Insightful

    or just open the file directly with winrar or winzip bypassing the self extracting EXE all together.

  5. Re:This is Dumb by failure-man · · Score: 5, Insightful

    BitTorrent already hashes the download with SHA1, so unless the Spyware industry has come up with some practical way to generate collisions it's not the pieces that are corrupt. It's the whole torrent.

  6. Re:This is Dumb by nahpets77 · · Score: 3, Insightful

    I don't see how the spyware can be installed automatically. When you download a file, it goes in a directory. Unless you execute the infected file(s), the spyware can't be installed. Of course, I'm assuming here that you're using a "real" BT client that won't execute files for you ;) Furthermore, it shouldn't be too hard to filter out fakes: - Using things like MD5 to verify 'real' releases. Maybe even GPG signatures? - Virus/Spyware tools which can scan your downloads and detect known spyware progies.

  7. So why not go after Direct Revenue for piracy? by doormat · · Score: 3, Insightful

    If they're including their spyware into pirated software, why doesnt the BSA go after these guys and shut them down? Its seams like they're very low-hanging fruit on the tree of software piracy (since its easier to follow money and corporations than individuals and IP address from foreign countries).

    --
    The Doormat

    If you're not outraged, then you're not paying attention.
  8. EXE files? by mindaktiviti · · Score: 4, Insightful
    A BitTorrent user downloading a movie clip only becomes aware of the associated adware after the files are reassembled. At that stage, when the user attempts to load the reassembled file, he or she is greeted by an installation notice for an adware bundle distributed by MMG (Marketing Metrix Group), a Canadian company that specializes in P2P network marketing.

    Yeah...but those movie files tend to be .exe files, right? How can you install spyware if you're just playing an avi file? And when you're downloading a bittorrent file you can go into your directory and SEE what files you're getting! I sometimes click on torrent files and yes it might be an .exe even though I was expecting an .avi. but then I just cancel the download and grab something else.

    Maybe this will get people who don't really know anything?

  9. Re:Oh, the Irony! by Cylix · · Score: 3, Insightful

    Two points really...

    DOS can delete them if you feel like paying for the NTFS dos drivers which support both read and write. (read is free).

    This kind of thing really strikes me as a virus and why don't more AV programs stop it?

    However, if it is listed as a program adaware cannot remove it will attempt to insert itself as the first program run to clean the system.

    Yeah, it's a nightmare that I've dealt with, but why don't more AV companies recognize it as a virus rather then adware.

    --
    "You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
  10. THIS JUST IN-- by BitHive · · Score: 5, Insightful

    --File Transfer Protocol Used to Transfer Files. Story at 11.

  11. Not a windows problem by KingSkippus · · Score: 4, Insightful

    It's not a Windows problem.

    First of all, I can't think of anything stopping the same thing from happening with Linux software. Although it's ever elusive, if Linux does eventually become the desktop standard, do you think that average Linux users will conscienciously check every MD5 hash for every binary they download? Probably not. Even if some external means of verification exists that a program is authentic, it adds a layer of complexity to using the system that most average people, given the choice, simply won't use.

    Which brings me to my second point, that if you have to blame anything you mentioned, the emphasis should be on the USER, not the operating system. And personally, I don't blame the average user because I think that there's no excuse for computers and software not being easy and intuitive enough for average users to use without having to spend hours and hours learning it. So who does the blame lie with? Primarily, the developers of virii and adware. Secondarily, the developer community (closed AND open source) for not putting enough emphasis on security with ease of use. And the problem with feeling that they "deserve their pop-ups" is that they're not just hurting themselves by throttling their own bandwidth, they are collectively throttling the bandwidth of the entire Internet, and that makes it your and my problem, too.

    Third, I am a Windows user for around twelve years, and a damn competent one, if I do say so myself. I have never once been hacked, infected, or adwared (can that be used as a verb?) without it being a deliberate action on my part for academic purposes. If Windows were such an insecure operating system, it seems that no amount of virus and adware protection would prevent me from eventually getting some nasty bug. The fact is that with a few simple actions, Windows is as safe and secure for an average user as any other OS.

    In addition to pointing out the obvious (which I'm not criticizing you for, sometimes things need to be said), please do something about it. A nice start might be what I did: Buy a spindle of CD-R's and burn a copy of a FOSS antivirus program, adware detector/remover, Firefox, etc. and start handing it out to your friends and family, and offer to help out in giving their machines a periodic tune-up (or overhaul, as the case may be) to make their lives--and by extension, your life--a little easier and better.

  12. Re:Oh, the Coincidence! by Vengeance_au · · Score: 3, Insightful
    I'm more taken by the coincidence of this 'news', where the key references are from;
    Chris Boyd, a renowned security researcher
    Boyd, the Microsoft Security MVP (most valuable professional)
    and then we see in a subsequent article here on slashdot.... Microsoft wants P2P Avalanche to Crush Bittorrent