Slashdot Mirror

← Back to Stories (view on slashdot.org)

Demonoid Down For a Week, Serving Malware Laden Ads

Posted by Unknown on from the don't-copy-that-floppy dept.

hypnosec tipped us to reports that Demonoid is still down after a suffering a massive DDoS last week, and that the domain is now redirecting to a malware-ridden spam site. Notable for surviving a CRIA mandated shutdown, this may be lights out for the torrent tracker: "To begin, while Demonoid’s admin told us that he would eventually bring the site back online, he clearly has other things on his mind. A really important family event puts a torrent site nowhere near the top of his priorities. ... Demonoid has been experiencing staffing issues this year. As we mentioned in an earlier article, there were rumors that one or maybe more Demonoid staffers had been questioned by authorities about their involvement in the site."

3 of 144 comments (clear)

  1. Don't I know it (warning post contains grumpiness) by RogueyWon · · Score: 0, Offtopic

    I've always been forced (by means of parental guilt-trip) to act as tech-support for family, which basically means being the guy who gets roped into decontaminated malware-laden PCs for them, despite the fact I'm in a full time job and earn more than most of them. Yes, the whole "being the guy who knows PCs" thing is really starting to grate as I move further into my 30s, not least because my knowledge is nowhere near as fresh or as deep as it was a decade ago.

    Anyway, rant aside, I've been used to dealing with calls about stuff like this maybe 3 or 4 times a year. And now in the last week, I've had two calls from extended family, both relating to infections acquired from the redirected Demonoid. I'm really seething about this - we're talking about people a generation older than I am, with jobs, who are still getting infections from piracy sites. For a decade now, I've been operating on the basis of "Do I need it? If not, do I want it? Can I justify spending money on it? And if not, is there a free-as-in-beer legal alternative available?"

    Anyway, I've said I'll "help" with these infections at the weekend. But I'm not going to be spending hours running malware removal kits and trawling through registries. If they have legal Windows reinstall discs, then fine. If not (and I'll bet they don't), they'll be going out to the shops to buy them and then doing format/reinstalls. Backups? Any that they hadn't made pre-infection (and they won't have done any) will, I shall argue, pose too much of a risk of reinfection (which might even be true).

    Might encourage them to think twice next time. But probably won't.

  2. Anyone wonder WHY I do custom HOSTS files? by Anonymous Coward · · Score: -1, Offtopic

    I use hosts in the following ways (see my 'p.s.' below, in detail, for your reference) to COMPLIMENT & OVERCOME THOSE PROBLEMS IN DNS & OTHER MECHANISMS LARGELY!

    Custom hosts files gain me the following benefits (A short summary of where custom hosts files can be extremely useful):

    ---

    1.) Blocking out malware/malscripted sites
    2.) Blocking out Known sites-servers/hosts-domains that are known to serve up malware (currently, I have 1,797,207++ blocked & growing @ roughly 250-5,000 per day added)
    3.) Blocking out Bogus DNS servers malware makers use
    4.) Blocking out Botnet C&C servers
    5.) Blocking out Bogus adbanners that are full of malicious script content
    6.) Getting you back speed/bandwidth you paid for by blocking out adbanners + hardcoding in your favorite sites (faster than remote DNS server resolution)
    7.) Added reliability (vs. downed or misdirect/poisoned DNS servers).
    8.) Added "anonymity" (to an extent, vs. DNS request logs)
    9.) The ability to bypass DNSBL's (DNS block lists you may not agree with).
    10.) More screen "real estate" (since no more adbanners appear onscreen eating up CPU, Memory, & other forms of I/O too - bonus!)
    11.) Truly UNIVERSAL PROTECTION (since any OS, even on smartphones, usually has a BSD drived IP stack).
    12.) Faster & MORE EFFICIENT operation vs. browser plugins (which "layer on" ontop of Ring 3/RPL 3/usermode browsers - whereas the hosts file operates @ the Ring 0/RPL 0/Kernelmode of operation (far faster) as a filter for the IP stack itself...)
    13.) Blocking out TRACKERS
    14.) Custom hosts files work on ANY & ALL webbound apps (browser plugins do not).
    15.) Custom hosts files offer a better, faster, more efficient way, & safer way to surf the web & are COMPLETELY controlled by the end-user of them.

    ---

    * & FAR more... read on below IF you are interested (for detail).

    AND, for those of you that run Microsoft Windows 32 or 64 bit? An automated hosts file creation & mgt. program:

    http://securemecca.com/public/APKHostsFileInstaller/2012_06_01/APKHostsFileEngineInstaller32_64bit.exe.zip

    (You simply extract its files to ANY folder you like (usually one you create for it, doesn't matter where, but you MUST run it as administrator (simple & the "read me" tab shows how easy THAT is to do))

    What's it do for you?

    It's a custom hosts file mgt. program that does the following for end users (Calling it "APK Hosts File Engine 5.0++") after it obtains custom hosts file data from 12 of the reputable & reliable sources listed below:

    ---

    1.) Offers massively noticeable increased speed for websurfing via blocking adbanners

    2.) Offers increased speed for users fav. sites by hardcoding them into the hosts file for faster IP address-to-host/domain name resolutions (which sites RARELY change their hosting providers, e.g.-> of 250 I do, only 6 have changed since 2006 - & when sites do because they found a less costly hosting provider? Then, they either email notify members, put up warnings on their pages, & do IP warnings & redirectors onto the former IP address range to protect vs. the unscrupulous criminal bidding on that range to buy it to steal from users of say, online banking or shopping sites).

    3.) Better "Layered-Security"/"Defense-In-Depth" via blocking host-domain based attacks by KNOWN bad sites-servers that are known to do so (which IS, by far, the majority of what's used by both users (hence the existence of the faulty but for most part working DNS system), AND even by malware makers (since host-domain names are recyclable by they, & the RBN (Russian Business Network & others)) were doing it like mad with "less than scrupulous", or uncaring, hosting providers)

    4.) Better 'anonymity' to an extent vs. DNS request logs (not vs. DPI ("deep packet inspection"))

  3. Unjustified downmod, eh? Disprove my points! by Anonymous Coward · · Score: -1, Offtopic

    See subject-line: Your bogus downmod can't disprove my points in the list about custom hosts files, OR the one below it regarding filtered DNS servers (they screen out most all types of malicious content to supplement local control by hosts files, browser options like Opera has for Javascript, NoScript, IE TPL's, & even browser addons like AdBlock).

    * I challenge ANY of the cowardly trolls that downmodded my post to disprove points in my initial post I am replying to that prove the points in it outright wrong/incorrect...

    APK

    P.S.=> Of course, THAT is never going to happen, as the trolls around here have tried for ages & have never managed it in oh, roughly 5++ yrs. I've been posting that material... & thus? Well, you KNOW I've just GOTTA SAY IT, as-is-per-my-usual "inimitable style":

    This? This was just "too, Too, TOO EASY - just '2EZ'", and I am utterly confident in the material I posted - which only makes me laugh @ the troll worms that downmoderated the material in my 1st post (they're probably malware makers, disgruntled advertisers &/or webmasters losing revenues by blocked ads (quit eating up my CPU time, bandwidth, electricity, and more I pay for ontop of the subject of this article then - malware in ads!))...

    ... apk thus? Well, you KNOW I've just GOTTA SAY IT, as-is-per-my-usual "inimitable style":

    This? This was just