Slashdot Mirror
Spyware Floods in Through BitTorrent
solareagle writes "Public peer-to-peer networks have always been associated with adware program distributions, but BitTorrent, the program created by Bram Cohen to offer a new approach to sharing digital files, has managed to avoid the stigma. Not any more, anti-spyware advocates warn. According to Chris Boyd, a renowned security researcher who runs the VitalSecurity.org nonprofit resource center, the warm and fuzzy world of BitTorrent has been invaded by a massive software distribution campaign linked to New York-based adware purveyor Direct Revenue LLC."
I will admit to being rather conflicted. On one hand, it really irritated me to discover that the app I downloaded (for testing purposes only!) would also install spyware.
On the other hand who could I complain to? Bittorrent? Adobe? Direct Revenue?
Yes, once again Slashdot comes to the rescue! Where else can I gripe about companies that try to exploit my illegal activities!
Three Squirrels
We had to see this one coming. The spyware/adware folks are getting good at putting their "product" everywhere. It was only a matter of time before bittorrent reached critical mass and became a good target.
Finance tutorials and more! Understandfinance
The MPAA cartel have been more than public about their conspiracy to poison p2p networks.
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
It's not bittorrent that has the spyware, it's crappy spyware-infested clients. A client can contain other malicious code obviously (as seen in Kazaa, etc). Bittorrent itself is just a file type with special download methods. How you download it is up to you. If you don't use a crappy client, and don't run .exe files that you don't remember downloading, you're all set, jesus-h-christ, how many times does this have to be re-hashed.
-Jesse
Nothing says "unprofessional job" like wrinkles in your duct tape.
Which "sites" does this affect? The article and summary says that its flooding in through "BitTorrent." BT is just a protocol, there are have got to be sites hosting trackers that are providing these malicious files. My question is, who are they?
Of course this won't stop some people from blaming Microsoft somehow.
I wouldn't be surprised if the MPAA and RIAA are their number one financial backers, it was probably even their brainchild in an effort to chase wouldbe wrongdoers from downloading music or movies.
"Simplify, simplify, simplify!" Thoreau
Anyone with half a brain will NOT download a 'video file' that ends in .exe
None of the real proper releases are 'infected'. Only way to get spyware is to be a moron and download some 'hot_paris_hilton_sex_video.exe'.
There is no magic way to 'insert' spyware in bittorrent transfers. Tracker has the hash of the file, you cannot modify it. This is just a marketer seeding crap, hoping that idiots bite. Hook, line, sinker -style.
Another problem for the average windows user.
I hate to point out the obvious, but users that don't pay attention to what they are installing deserve their pop-ups.
is that Bittorrent is really not the problem here. The adware isn't coming from a Bittorrent client, or being 'snuck in' over the protocol instead of or alongside a file you're downloading, it's coming in the file you're downloading! It's the same way adware gets into a host of other files we've been told to be careful of, like email attachments.
Bittorrent is simply used to add a bit more hype and FUD to the same old same-o.
or just open the file directly with winrar or winzip bypassing the self extracting EXE all together.
More info from Vitual Security here and here.
90% you say? How far up your ass did you pull that number from?
Not a Twitter sockpuppet... but I wish I was.
My roomate has had Aurora installed on his system for about 2 weeks now, I just haven't had the time to get around to removing it. I've done some quick searches to find information about the removal of Aurora, and it looks like removal involves a lot of tedious work... Doea anyone know of some software that'll remove it so I don't have to do it manually? So far Microsoft Anti Spyware has found it, but not removed it. AdAware hasn't removed it. Spybot Search & Destroy hasn't removed it. AVG Antivirus hasn't removed it. Just a word of advice to others who may be "infected": Direct Revenue has a removal tool on their site. I wouldn't suggest using it after reading a number of posts on forums (computing.net)
Not a problem in BT communities requiring registrations.
Not a problem if you're sane either, really.
Beware: In C++, your friends can see your privates!
Why is it still safer? Open Source / Freeware (no spyware) clients.
.exe or some such program. One program I did download asked me to install third party software... I quicky realized that the EULA was of a spyware company, asking me to waive all rights to privacy, and did not belong to the developing company.
Plus, even if you DO download a file that ends up being spyware, when you download the torrent from most sites, they allow you to give comments like "I FOUND SIXTEEN HUNDREN VIRUSES IN THIS TORRENT", and although some people lie, if people are complaining about stuff like that, you can usually guess that it is a spyware infested torrent.
Of course, even this only matters when you download something containing an
Um...this is wrong. Perhaps you missed the part that said the client isn't the infection path?
Oh, guess you didn't read TFA.
The infection path is simply a self-extracting file that contains the content you wanted, along with a spyware tag-along. It can be downloaded with any client, they just happen to be seeding them as torrents.
Excellent idea; anyone know where I can get a torrent of VMWare?
(For those conserving humor filter battery power, I'm kidding--please don't reply...)
After reading the article, it seems that the client itself is not the vehicle for infection - it's tainted files. Which client you use is irrelevant.
=Smidge=
Look up the definition of irony sometime. I think you'll find it illuminating. Then read TFA.
It's funny to see BitTorrent now get their comeuppance. When you lie with snakes, you're going to get bit.
How does it feel to get hoist by your own petard now?
Feels just like making my bed and lying in it or lying with dogs and getting up with fleas. But not as embarassing as painting myself into a corner or being caught with my pants down. A bird in the hand is wor#*NG(*(JF>SA
POST TERMINATED: Cliche limit reached.
Where does the school board find them and why do they keep sending them to ME?
All that does is block bad IPs. That won't do squat if you're downloading and running an application with malware inside. The real solution is to use something like bitzi which lets you check if a given file/app you are downoading is known to have "issues."
If someone is competent enough to use BT, aren't they competent enough to realize that .exe is not a video?
Whoa hold your horses there Charlie. Remember that according to some RIAA lawsuits, we're talking about grandmothers, dead people and family pets here...
Seven puppies were harmed during the making of this post.
You bring up a real issue, not from an end-user standpoint, but from major corporations. Shouldn't these companies get into serious legal trouble? I can think of two ways right off the top of my head.
First, if they're sticking adware on an illegal file and uploading it, don't the same laws apply to them uploading the illegal file? Is the **AA suing these companies along with 12-year-old kids? After all, it's adware-infested, but it's still an illegal file, right?
Second, if they are modifying warez software, not only does the previous apply, but doesn't it fall under the protection of software that outlaws modifying binary code and distributing it without the publisher's consent? I mean think about it, this kind of thing not only supposedly denies companies revenue, but it can give them a serious black eye. What if people get the incorrect impression that an adware-infested version of a respectable piece of software is the real thing? All of a sudden, you have a really bad--and undeserved--reputation for distributing spyware on everyone's computers.
If they're including their spyware into pirated software, why doesnt the BSA go after these guys and shut them down? Its seams like they're very low-hanging fruit on the tree of software piracy (since its easier to follow money and corporations than individuals and IP address from foreign countries).
The Doormat
If you're not outraged, then you're not paying attention.
Yeah...but those movie files tend to be .exe files, right? How can you install spyware if you're just playing an avi file? And when you're downloading a bittorrent file you can go into your directory and SEE what files you're getting! I sometimes click on torrent files and yes it might be an .exe even though I was expecting an .avi. but then I just cancel the download and grab something else.
Maybe this will get people who don't really know anything?
I think you meant to write illegal and thieving. Fact it, 90% of BT traffic was copyrighted material that was illegal to distribute.
You mean the about 60gigs of linux install images and live disks for x86 and amd64 I download monthly to keep an always uptodate collection is a unique event occuring only once a month on this planet and only I do it.
Ok, I know, I also get some series episodes from somewhere. Still, you and the like just LLLLove trashing the whole damn city out with the bathing water, not just the poor baby.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
That was until my brother showed me a ligitimate site (forget which) that required their own "player" to view a trailer or something. As far as I could tell (verified by ad/spyware checks afterwards) it didn't leave anything. So I guess there are companies stupid enough to make those things, and people stupid enough to use them, but at least now I have a connection.
The cool thing about bittorrent is that although it doesn't have a built in moderation system per se (although the trackers often do), you can generally tell if a file is the correct version or not based on how many people are downloading/seeding. Yeah, its not always accurate, but if you see several releases of a movie, and there's one or two seeds on one link, and over 500 on another, you'll pick the latter because you're going to get higher speeds, and presumably it is the correct file.
Buy Steampunk Clothing Online!
http://www.marketingmetrixgroup.com/ Ha that didn't take long.
You're right. There is only one person posting to all these accounts, so clearly he is both prolific and schizophrenic.
--File Transfer Protocol Used to Transfer Files. Story at 11.
Shhh....I'm working on that. Unfortunately, I had to leave the country due to the recent civil war, and I can not get the $10,000,000 in research money out.....
If you would like to help me recover this money....
You'll be my first beta tester.
Not just that, but 13-26 year olds who have *proven* that they'd rather steal stuff than buy it... but surely they'll want to pay for *your* product, right? Idiots.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Don't bother calling their office. Don't bother emailing them for help. And no matter what you do, don't run their uninstall utility myPCtuneup - it simply installs more crap.
Direct Revenue LLC is VC backed. Please, complain to the right guy.
Insite Venture Partners
Mr. Deven Parekh
His desk number is 212-230-9216 and his real email address is dparekh@insightpartners.com
May we waste as much of his time as he has of ours. How many people here spend hours "helping" their non-tech friends remove this crap . . .
The story says that torrent files are being bundled with adware programs, not BitTorrent clients.
How can this happen? Again RTFA.
If seeing is believing, look at this link from the news story:
Vitalsecurity
You'll see a RAR--not an exe--for an episode of Family Guy. When you try to open it, you're faced with a licensing annoucement, which if you agree to it, will pack your Windows system full of spyware.
Would this fool someone who knew what they were doing? No.
Would it fool a lot of users just looking for a cheap thrill? Oh yeah.
Does this make it a real problem--as the article suggests--I certainly think so.
Maybe not for me, maybe not for you, but for those millions of clueless users, yes, oh yes it does.
Steven
It's not a Windows problem.
First of all, I can't think of anything stopping the same thing from happening with Linux software. Although it's ever elusive, if Linux does eventually become the desktop standard, do you think that average Linux users will conscienciously check every MD5 hash for every binary they download? Probably not. Even if some external means of verification exists that a program is authentic, it adds a layer of complexity to using the system that most average people, given the choice, simply won't use.
Which brings me to my second point, that if you have to blame anything you mentioned, the emphasis should be on the USER, not the operating system. And personally, I don't blame the average user because I think that there's no excuse for computers and software not being easy and intuitive enough for average users to use without having to spend hours and hours learning it. So who does the blame lie with? Primarily, the developers of virii and adware. Secondarily, the developer community (closed AND open source) for not putting enough emphasis on security with ease of use. And the problem with feeling that they "deserve their pop-ups" is that they're not just hurting themselves by throttling their own bandwidth, they are collectively throttling the bandwidth of the entire Internet, and that makes it your and my problem, too.
Third, I am a Windows user for around twelve years, and a damn competent one, if I do say so myself. I have never once been hacked, infected, or adwared (can that be used as a verb?) without it being a deliberate action on my part for academic purposes. If Windows were such an insecure operating system, it seems that no amount of virus and adware protection would prevent me from eventually getting some nasty bug. The fact is that with a few simple actions, Windows is as safe and secure for an average user as any other OS.
In addition to pointing out the obvious (which I'm not criticizing you for, sometimes things need to be said), please do something about it. A nice start might be what I did: Buy a spindle of CD-R's and burn a copy of a FOSS antivirus program, adware detector/remover, Firefox, etc. and start handing it out to your friends and family, and offer to help out in giving their machines a periodic tune-up (or overhaul, as the case may be) to make their lives--and by extension, your life--a little easier and better.
Although this is not a tech support forum...
A simple solution is to remove execute permissions on the file. I've run across malware that doesn't like you accessing the permissions dialog, so I typically use the command line CACLS.exe. Then I reboot, get a few errors since it is trying to execute a file that no account has permission to access. Now you can restore the delete permission and remove the file since it's not locked.
If I drive fast enough at the red light, it'll appear green.
how an executable could be run if you downloaded a nonexecutable (e.g., a .mov or .avi file) .mov or .avi file for the user to watch. I'm not sure if windows even looks at the file extention anymore
It can't but that's not what's happening, people are used to downloading ZIP files, which are often self-extracting; so double click the file, which is executable i.e. self-extracting, the custom extractor, throw up a alert-box says extracting "suzie does donkies" checkbox "I agree to terms" and ok. users never actually reads the terms which says something like I agree to install software, give my first born son ect. then the extractor installs the spyware, and then extract the
Apocalypse Cancelled, Sorry, No Ticket Refunds
Or is it the new "trackerless" BT that has opened this door?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I guess no one has suggested this yet: use Process Explorer and search for any open handles to the file. Once all the handles are closed, you can delete it safely because it won't be in use.
This technique is a little shaky because those running programs that have handles to the DLL might be a little upset that it the handle is suddenly closed, but just reboot after you complete the process if something breaks or crashes.
-fren
"Where are we going, and why am I in this handbasket?"
Looks like the company responsible for pushing the adware has already got some negative attention: http://www.marketingmetrixgroup.com/ (hacked)
What the hell's a "gewie?"
Many users of BT are still quite unaffected by this simply because they use membership-based trackers.
I don't see that changing - as long as someone's accountable for the content (and can lose tracker privileges for bad content), I don't think it will.
Not just that, but 13-26 year olds who have *proven* that they'd rather steal stuff than buy it...
Of course, how does that explain Coldplay selling 740,000 copies of their new album in the first week. Who is buying these, all the damn 40 year olds? Wonder if my grandma's picked up her copy yet?
Maybe X&Y isn't out on the torrent sites yet.... nope, there it is. My favorite torrent search engine has at least 5 very active trackers. Strange, why would ANYONE purchase it, especially those evil 13-26 year olds???
Find coupons in Greeley
Please read my entire post before modding me Troll....
I recently installed Linux on my computer.
The final trigger for installing it was the stupid Aurora adware mentioned in TFA. As an IT guy by profession, I found it insanely difficult to get rid of that one. I am very diligent with my computer (firewall, adware scanning and virus scanning, Firefox etc..) when it comes to anything I download, and I am almost usually completely ad/spy/vrius-ware free. But in the end, some do slip through my defenses.
About a year ago I did run Linux and then went back to Windows because I just wanted to have a computer that runs common software and apps that you run into instead of the ones to have to look for, and also having software install itself painlessly more often than not, which is usally the case for me on Linux since I am just mediocore with it.
But why do I not want Linux to be used more and become a new standard? Because right now I like my Linux system. The fact that it is COMPLETELY adware free (other than www) is why I love it so much. If Linux became more standardized, the Adware/Spyware creating bastards would then consider it a new target market and we would have to go through all of the growing pain bullshit with viruses and adware as Windows is discovering right now. Because the user base of Linux is so small, the creating adware for it is not worth the effort.
I like it that way.