Demonoid Down For a Week, Serving Malware Laden Ads

hypnosec tipped us to reports that Demonoid is still down after a suffering a massive DDoS last week, and that the domain is now redirecting to a malware-ridden spam site. Notable for surviving a CRIA mandated shutdown, this may be lights out for the torrent tracker: "To begin, while Demonoid’s admin told us that he would eventually bring the site back online, he clearly has other things on his mind. A really important family event puts a torrent site nowhere near the top of his priorities. ... Demonoid has been experiencing staffing issues this year. As we mentioned in an earlier article, there were rumors that one or maybe more Demonoid staffers had been questioned by authorities about their involvement in the site."

demonoid.me points to 127.0.0.1

[RockoW]

For me demonoid.me points to localhost so if you're being redirected to a malaware website your system is compromised.

Re:I supplement custom hosts files w/ better DNS t

[LodCrappo]

good info and something I'll have to check out, but I'd add that at least OpenDNS is practically malware in itself due to their screwing around with dns records to advertise to you. they even break SMTP by returning MX results for *everything*, which point to them.... a user on your network fat fingers an email address and the message ends up with opendns? I don't think so.

the others might be great tho, will try them.

Update

[twocows]

According to the article in TFA, which has been updated, the ads were put in place deliberately by the site admin to recoup some of his costs. Presumably, he didn't know they were full of malware.