Third of Content On Popular BT Portals Are Fake

siliconbits writes "A study published by a group of researchers, most of them based in Europe, analysed the publishers of content on two major BitTorrent portals, Pirate Bay and MiniNova, and found out that almost a third of all files on the two sites were fake."

Same ratio as /.

Same ratio /. has for how many stories are real.

Re:Same ratio as /.

[HermMunster]

I believe the Pirate Bay site has "flags" for trusted content and respected uploaders. Does it not?

Re:Same ratio as /.

[piripiri]

I believe the Pirate Bay site has "flags" for trusted content and respected uploaders. Does it not?

Of course, other trackers have them also. And checking the number of seeders/leechers helps, too. As well as having a quick look on the comments to see if someone reported nasty stuff.

Re:Same ratio as /.

[Firkragg14]

Ive seen this news story a few times today on different sites and im as baffled as you. If im downling from somewhere like piratebay i tend to just sort by seeds and see which is popular then read the comments. Just because theres no automated way to weed out the fakes doesnt mean its impossible to find what your after since the crowd sourcing approach means that the best options tend to float to the top.

Re:Same ratio as /.

[hey]

Why can't the comments be fake too?

Re:Same ratio as /.

[mobby_6kl]

They can, of course. But from what I've seen on, say, ISO Hunt, real torrents usually don't have any comments at all, while fake ones get negative comments. So unless the fakers can delete existing comments, they're pretty reliable.

Re:Same ratio as /.

[NFN_NLN]

I believe the Pirate Bay site has "flags" for trusted content and respected uploaders. Does it not?

Of course, other trackers have them also. And checking the number of seeders/leechers helps, too. As well as having a quick look on the comments to see if someone reported nasty stuff.

What?

Are you saying the copy of "Matrix 4 Leaked - DVDRip", with 1 seeder, 6 negative votes, a comment saying "This is a VIRUS - don't download", a file size of 30MB, a file listing with a single .exe file... that this isn't legit?

I don't believe it, but I guess I'll find out after I download and EXECUTE the video file myself... now good day sir!

Re:Same ratio as /.

[Pentium100]

Also, send it to virustotal.com. If it comes back clean, great, if not, find out the the detections are real or just "virus, I mean, keygen".

I suggest

[Dunbal]

Considering that I have not once downloaded a fake on TBP in the past 10 years or so that I have been using it, I think that either the "researcher" is fiddling with the numbers or has no idea how to download something.

Re:I suggest

[godrik]

on tpb, there is a tag that tells if the uploader is an official tpb member. That helps a lot in my choice.
You can also check the seed,leech numbers. Thousands of seeders and thousand of leecher are likely to be a valid torrents.

Re:I suggest

[IamTheRealMike]

Or you got a bot on your machine and you don't know it.

I saw an interesting talk on security/malware once. It had some screenshots of one of the top downloads from TPB (a Photoshop keygen or something). There were hundreds of comments saying it was clean, that the uploader was trusted etc. At time of release no virus scanners flagged it. In fact it uploaded all the passwords it could find on your computer to a machine in China and then generated a Photoshop key.

I walked away from that talk with the powerful impression that if you trust crap you get off piracy sites, you're asking to be owned.

Re:I suggest

[Kjella]

Considering that I have not once downloaded a fake on TBP in the past 10 years or so that I have been using it, I think that either the "researcher" is fiddling with the numbers or has no idea how to download something.

That, and the fact that including any URL anywhere is a sign of "financial profit". Who cares if it's called "Some.Popular.TV.Show.S02E23.x264-L4M3.[btjunkies.com].torrent"? As long as they deliver who cares? And particularly trying to lump those together with the relatively few that try propagating malware - for example unheard of in movies, tv, music and a bunch of other categories. Yes, downloading random executables off the Internet is still a bad idea but not hardly as big a problem as this makes it sound.

Re:I suggest

[localman57]

They don't have to be there long... only as long as it takes to type in a password or credit card number. My advice is to use multiple VMs, running linux. One for your naughty activities, and one for your trusted activities. Only use the trusted VM to do banking or personal information related stuff, only accessing trusted sites. And, as you say, wipe it periodically, potentially as often as every use.

Re:I suggest

[russotto]

OK - but what is the point of this claim if everyone is ignoring the fakes anyway? Just because there are more fakes listed doesn't mean that there will be more fakes downloaded.

It means TPB is useless because there are too many fakes and therefore the MPAA and RIAA need not worry about it.

Re:I suggest

[Monkeedude1212]

Woah now - there's a difference between a fake and Malware.

Essentially, a photoshop keygen that works while stealing your password isn't a fake, even though its malware.

Poster might very well have a bot on his machine - but he still hasn't come across any fakes.

Re:I suggest

[putch]

The methodology says that they monitored for new torrents via rss and immediately scraped the .torrents and processed the files. And, if you've ever tracked a category on TPB via RSS you'll know that there's a TON of spam that constantly comes in and is usually flagged for deletion and removed fairly promptly. So, really, it's more appropriate to say that a third of all .torrents uploaded to BT portals are fake.

Re:I suggest

[EdIII]

I'm surprised that it was only a third. I have used a throw away computer isolated from network to mess around with Kazaa, Shareaza, Limewire, TPB, etc. My computer was a diseased smoking husk in about two weeks. I would not trust a music MP3 from those distribution channels, much less a keygen.

That's just it too. You can trust the piracy groups themselves that make the cracks and "publish" their releases, since they are in it for their principles (whether you agree with them or not). You can't trust the public distribution channels. It's ripe for abuse, just like stealing money from the Mob. Who is the Mob going to complain too? Of course in this case it is more like stealing money off a crack addict since they can't hire goons to come after you with a baseball bat.

The solution has always been very private trackers that are invite only. Generally, the only people allowed to upload, or publish a torrent, are known and highly respected members of the private tracker. When those are the only torrents you download you are getting the real releases and in most cases those uploaders are what the couriers use to be. Meaning, they are getting their stuff from private FTP sites that are a few "hops" away from the pirate groups release channels.

Another added benefit of a private tracker is that it makes harder, not impossible, for the RIAA to track the activity. The ISPs can inspect all the packets of course and still see the torrents, but the RIAA can't access the trackers to get a list of all the IP addresses of the peers.

I had been pirating back in the days of 2400 baud modems and BBS boards. What is interesting now, is that I don't pirate at all. Of course, I don't consider getting torrents of commercial free broadcasted TV shows piracy so... some may disagree. However, I have Netflix and a Zune subscription. Everything I do professionally has transitioned into open source. What do I even need to pirate at this point? Some games? Why? I can afford a modded console from Canada and actually purchased all my games and played them from the backups, and later on direct from hard drives.

99% of everything out there is crap and I suspect some people pirate simply because it is one click away and they probably never even use what they download. The biggest thing I tell people is why take the risk when there is no reward at this point? Get Netflix and Zune and just pay the 99c per track when you find something you really really love and want to keep.

As for the people addicted to Windows and Adobe crap, via con dios. My sympathies, and I understand if you can't afford thousands of dollars, sometimes tens of thousands of dollars, and yet still want the software.

Re:I suggest

[h00manist]

the very fact that we spend time and effort to pick through the files choosing which one we want shows there is a lot of crap you will download, if you are not careful. there is no expectation that the first one or any one is authentic, good, complete, etc.

Re:I suggest

[InlawBiker]

At some point isn't it easier to just buy the software?

Re:I suggest

[mlts]

I'd add four things to using a VM for untrusted stuff:

1: Roll back the VM, back it up if you so choose, then run Windows/Microsoft update and update the other programs at least monthly. Then back up the .vmdk files again.

2: Buy a copy of sandboxie for the VM. This way, the malicious software would have to get through that before being able to use kernel level abilities in case there is a 0-day to allow malware to get out past the hypervisor.

3: Run the potentially nasty stuff as a user with no admin rights. Bonus points for running DropMyRights for even less privileges given to the process.

4: Use a proxy (or at least yank the VM's access to the network), so if stuff phones home, it doesn't have your real IP address.

Untrusted stuff isn't just keygens. I tend to run tools which I download for one purpose in a VM just so I know they do the job at hand with a file, and no more. For example, if I'm using a utility I downloaded to strip off the EXIF data from a number of pictures for privacy reasons, I stick the pictures in the VM, run the utility, power off the VM, mount the disk image, yank off the processed photos, unmount the image, and then roll it back. This way, if the utility were malicious, the only persistent data it could affect would be the picture files.

Re:I suggest

[similar_name]

I would not trust a music MP3 from those distribution channels

I'm just asking because I don't know, but can .mp3s contain a virus? How does that work?

Re:I suggest

[oldmac31310]

Not if you don't have any money!

The point..

[minorproblem]

One of the biggest benefits of torrents is that the fake crap gets weeded out quickly and the real torrents rise to the top with a high number of seeders. So it doesn't matter if its fake because it dies off quicker, than normal as people stop uploading it.

Re:The point..

[Covalent]

Agreed. If you sort by seeders, you probably get something more like 1% "fake". But if you just randomly download material, it's probably higher (though 50% seems high, even for random downloading.)

So I get sued for downloading a fake file can I be

[Joe+The+Dragon]

So I get sued for downloading / uploading a fake file can I beat it based on that they are calming that I downloading / uploading the real file?

Is this like that professor sued for haveing a mp3 file in name only?

Don't have a problem

[Enderandrew]

Ultimately I don't have a problem with leaking fakes, so long as you're not intentionally trying to distribute viruses or anything like that.

Apparently Batman: Arkham Asylum had a leaked version that was basically a demo. There was a level you couldn't get past because of an intentionally crippled feature. When people were screaming and complaining about a "bug" in the product they purchased on the support forums, they were informed that "bug" was only present in an intentionally leaked version on torrent sites. They knew people were going to pirate their game, and they tried to get in front of it and turn it into a scenario where the pirated copy did act as a demo, perhaps convincing people to pay for the real thing.

But the bigger issue is that game studios, music companies and Hollywood still haven't seen the bigger picture.

It is to your benefit to pirate rather than deal with DRM nightmares. And corporate America is more focused on punishing their customers than trying to attract new ones.

Re:Don't have a problem

[The+MAZZTer]

I find it amusing people go to official channels for support for their pirated products.

Re:Don't have a problem

[WeatherServo9]

when it gets to the "good part" suddenly cut off the audio and/or video?

Ah, so most movies play all the way through with no problems then!

Re:Don't have a problem

[mlts]

From what I have seen with Steinberg's stuff, I have not encountered any musicians who really like it. First, there is the dongle/VST plugin aspect. Start setting up at a gig, and some crackhead makes off with your dongle? From what I know, a musician either has to hit the warez/crack sites, or re-buy everything. To prevent this from happening, I have had made at a metal shop custom 1U locking rack drawers that had a powered USB hub mounted in the back, just so people could have their license key stuff secured at a concert.

I wonder why Steinberg continues to do dongles, especially with pro-quality tools like ACID Pro on the Windows side, and Logic Studio on the Mac side being so relatively inexpensive. The only way I see Steinberg's offerings being relevant these days is if someone needed a certain VST plugin that didn't work on other VST hosts.

Not just bittorrent - alt.binaries too

[jaymz2k4]

I've become so used to the alt.binaries being polluted with either passworded inner-rars or corrupt/scrambled files that I'm now used to just grabbing the first couple of rar's and extracting them just to make sure. I'm not too surprised to hear this. What does surprise me a little is the amount of people that continue seeding this crap on BT. Do they not open the damn files as they come down? If only for a cursory glance to confirm.

Re:Not just bittorrent - alt.binaries too

[ErikZ]

The great thing about pirating movies is that you're not subjected to forced commercials, FBI warnings, and other things that the producers decided.

Find movie file, play. Done.

It would be great if disk-based movies were this easy.

I sincerly hope

[Haedrian]

That this research didn't involve taking a random sample, and working out that 1/3rd is fake.

The strength of Bittorrent is that if there are:

1. Low seeds
2. Bad comments

Then its fake.

If you have a file with a few thousand seeders, then you can be sure that its real. Nobody is going to continue to seed a fake/virus ridden file unless its on purpose - but that requires a ton of resources.

And most admins will take down any files reported in that manner.

Re:I sincerly hope

[savanik]

If you have a file with a few thousand seeders, then you can be sure that its real.

Or it's actually malware propagating through BitTorrent. I've seen a number of torrents with tens of thousands of seeders on relatively small files, usually with something like 'SEXSEXSEX' in the titles - those are zombie botnets.

Re:I sincerly hope

[MrNemesis]

Anecdotal, but this isn't my experience. I was trying to find a copy of Four Lions (easily the best comedy about suicide bombers from 2010) to clarify a scene that I'd remembered one way and a fellow TV Troper had remembered another; the DVD wasn't yet out and it was no longer on in the cinema (and in case you were wondering I paid money for both) and was delighted to find torrent sites awash with copies of the film, some with upwards of a hundred seeds. Yay! Downloaded the torrent and it started coming down at a 16Mb.

About 33% through the download, MS security essentials on my laptop (connected to the share on the linux box doing the download) that the file was infected with some trojan or other; waited for the file to finish and played it back on a linux VM. Got a message that said "you need to play this back in Windows Media Player!"; put it on a (unpatched) windows VM, played back in MPC and got the same message, played back in windows media player and lo and behold got the trojan payload. Didn't really bother to see what the trojan did, but tried a couple of the other seeds for different files. Downloaded those (again, quickly) and they were also trojaned. What surprised me the most was the complete lack of comments in any of the files I saw, even when I tracked down multiple tracker sites.

It might just be I was unlucky and started looking for it on the same day the first rips from the screener copies came out, but someone, somewhere, was providing a lot of bandwidth and servers for providing fake copies of what I thought was a non-blockbuster indie movie.

Ironically...

[Damek]

Ironically, it's the two-thirds of US users without fast broadband who are responsible for supplying the two-thirds non-fake content. It's a tough job...

Not Only

[DaMattster]

are they fake but most of the files advertising pirated software or movies are actually viruses and other malware.

Re:Yup

[Fibe-Piper]

I don't think you are required to have a login to use demonoid anymore. Though you won't get a membership without an invite.

That's actually a question I've had

[jollyreaper]

I can understand someone creating spam pages for popular search terms but I've never understood quite how they manage to come up with really obscure shit, like if I type in "three inch frange demodulator" and there's the first hit proudly declaring "Internet's leader for three inch frange demodulators!" I just made that term up two seconds ago. How do they get that cached into google? A few years back they were doing that with porn text and it would be "'Harder!' she cried, and I thrust my three inch frange demodulator deep inside." I have two questions: how did they do that and is it even doing anything useful for them? Surely they couldn't generate real ad revenue off of banner cruft on that sort of page, right?

I'm not sure of the utility of the torrent spams, either. I know never to download video files that are compressed archives because it's just going to be a scam to get you to sign up for something or pay to get the password but those are few and far between. Pirate Bay and kickasstorrents are usually pretty good. It's the other oddball sites that don't even have the damn file you're looking for but give you a dozen "sponsored links" that pretend like they do and don't. Do they live off of money made from drive-by malware?

First Fake Post

[Skelde]

Frist_Plake_OST_Flak_by_GR34Torz.zip 245 Mb

Download Torrent HERE

!!Super Fast DDL Usenet Just a click away!!!!
SUBSCRIBE TODAY!!!!!!!

>Da biggu da betta for u V14GR4 Klick here

1. DISSS toRRENtz is GREATOOOOORRRRzz1111

2. Cool Bro

3. Dont Download VIRUS!!!!!!

4. ou area l fags and ned o die!!!!!11111

5. P3NIS P3NIS P3nis P3Ni5 P3Nis P3niS

5. I hate my life

6. emofag

7. lol

mininova?

[ampathee]

Mininova has been legal "content-distribution" only for a long time. How old is this research?

Re:hmm

[oracleguy01]

I've never gotten a fake or malware-infected file; oh wait, I actually pay for the software, music, and movies that I want to watch. Maybe that's why.

While you have a point, as history has proven, buying legit doesn't always protect you from malware. And haven't there been cases where viruses and malware has gotten onto the installation discs of legit software at the CD factory?

That isn't an argument against buying legit software; my point is even with legitimate software you need to keep an eye out.

Re:So I get sued for downloading a fake file can I

[T-Bone-T]

No because no one is forcing you to download it. It is just like the police using bait cars to catch car thieves. They lure you in but you are the one that ultimately makes the choice to proceed.

Bonus Footage!

[LSDelirious]

The only "fake" I can recall getting from TPB was one time I downloaded Spiderman 3, and towards the end where there's the fight scene with Venom in the skyscraper frame, someone from an animal rights group had edited over the "breaking news" portion with a really bizarre "meat is murder" clip that went on for about 1 minute, showing cows and pigs being tortured and slaughtered. I wasn't even mad thought, it was so trippy, the whole "wtf just happened??" moment was more entertaining than what was happening in the movie

Re:So I get sued for downloading a fake file can I

[pclminion]

Entrapment isn't about who makes the choice to commit criminal activity. If you are made to do something that you would not choose to do yourself, then the crime committed is not entrapment, it is coercion.

Entrapment is anything which induces a person to commit a crime that they would NOT have otherwise committed. Baiting a car thief is not entrapment because the car thief is a car thief, and stealing cars is what he does. But if you're a cop sitting in a bar listening to a woman complain about her abusive husband, and you offer to "take care of the problem" and flash a gun, you're committing entrapment because the woman would not have considered murdering her husband otherwise.

It's not about who makes the choice, it's about influence.

Re:Trusted? Uploader LMAO!

[number11]

Have you ever bought a SONY gadget on the internet?? How do you know it was not fake, inferior junk, knockoff from China? You do not, not unless you buy the product from an original, authorized seller. Deal with it.

Have you ever bought a SONY CD from an original, authorized seller, to discover that it's rootkitted your computer? Have you ever bought a digital picture frame at Target, to discover that the original-equipment virus lurking in it has infected your flash drives?

The fact is, buying original, genuine merchandise from reputable vendors does not in any way protect you from negligent (Target) or criminal (SONY) acts on the part of those in the manufacturing and distribution chain.

There is no honor among corporations, either.
Buying from an original, authorized seller does not protect you.
Deal with it.

Re:That's what insurance is for.

[mlts]

Good luck finding an insurance company that does cover loss or theft dongles for more than their replacement value (and that is the value of the hardware, not the hardware + the keys that make the software work.) This is something I have seen a good number of musicians look for, and not find. Convincing an insurance adjuster to cut a check for the thousands it costs to replace Cubase + the plugin licenses will be almost impossible, even with proper receipts at hand. I have yet to find a single musician who has been successful at finding an insurance company that will insure those things. Other gear, sure. Insurance will cover a lost Macbook or a stolen keyboard while a band is on the road.

So far, the only "insurance" that works in this case is what I did for a couple musicians with the locking 1U rack. Other musicians just use crack the software so their whole gig doesn't depend if some DRM chooses to run or not.