Slashdot Mirror

← Back to Stories (view on slashdot.org)

Former Demonoid Members Receive Email Claiming Resurrection, Get Malware Instead

Posted by Unknown on from the probably-riaa-conspiracy dept.

New submitter giveen1 writes "I recieved this email as a former Demonoid.me user. I tried to go to the website and link is dead. ... 'Dear Demonoid Community Member, We have all read the same news stories: The Demonoid servers shut down and seized in the Ukraine. The Demonoid admin team detained in Mexico. The demonoid.me domain snatched and put up for sale. The Demonoid trackers back online in Hong Kong, but then disappearing. ... Now for some good news: The heart and soul of Demonoid lives on! Through an amazing sequence of unlikely events, the data on those Ukrainian servers has made its way into the safe hands of members of our community and has now been re-launched as d2.vu.'" But it turns out that the site was distributing malware, hosted on an American VPS, and quickly shut down after the provider discovered this. No word yet on how the Demonoid user database was acquired, but if you did make the mistake of trying to log in Torrent Freak warns: "New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

62 comments

  1. sad pants by Anonymous Coward · · Score: 2

    I miss Demonoid

    1. Re:sad pants by Anonymous Coward · · Score: 0

      I don't... got better things to do than try to get on their membership list to access the private tracker for the six seconds they might deign to offer some type of enrollment to the unwashed masses. That, or find some warez hound that is in with the admins enough.

      Easier to use the Source That Is Not To Be Mentioned... and one won't get a motion of discovery request from the RIAA/MPAA/BSA either. The warez scene got old in the days of 2 digit #warez channels on IRC.

    2. Re:sad pants by Anonymous Coward · · Score: 1

      If you had some friends, they could have sent you an invite

      Being an anonymous internet troll, apparently you didn't have any.

    3. Re:sad pants by bmo · · Score: 1

      Or you could have just signed up on Thursdays when registration was completely open.

      Or if you weren't a complete dick, people would have fired invites over to you. I had more than I knew what to do with.

      --
      BMO

    4. Re:sad pants by Anonymous Coward · · Score: 0

      Try demoniod.mk. It has been running for about 6 months.

  2. Not much to speculate about by Anonymous Coward · · Score: 0

    No word yet on how the Demonoid user database was acquired

    Well, it's either the law enforcement or the record companies got hold of the user database. Whoever it was decided to sell the database to scammers.
    I don't know about the Ukrainian police but I know that many record companies have done even sketchier stuff in the past (As in outright illegal.) so I'm not really surprised.

    1. Re:Not much to speculate about by gsslay · · Score: 0

      Yeah, cos no-one else would dream of infecting the community members of Demonoid. And every single person who wandered within snatching distance of that data, as it was pushed from one backstreet ISP to another, all have impeccably highest of high morals. It must be the feds or the evil record companies. No doubt.

    2. Re:Not much to speculate about by westlake · · Score: 1

      Well, it's either the law enforcement or the record companies got hold of the user database.

      More likely to be an inside job. More likely and more profitable.

  3. Good Advice by DarthBling · · Score: 4, Insightful

    "New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

    Yup. After all those LinkedIn passwords were leaked last year, I wised up and changed the passwords to all the websites I visit each to something different. So now if my username/password combo is compromised, it's only good for that one particular website.

    1. Re:Good Advice by gstoddart · · Score: 1

      I'm more shocked that people have been doing that all along.

      This has been good security practice for a very long time.

      Re-using login/password combos has always been a bad idea.

      --
      Lost at C:>. Found at C.
    2. Re:Good Advice by war4peace · · Score: 3, Funny

      Depends. If your password is complex enough, then you can use one for a core of websites (2-3 most secure).
      And for all the ever-so-many bullshit websites you don'r care about, you can have the same U/P combo; if it gets hacked, you lose access to many bullshit sites you don't care about. Good. Losing my miniclip account would only translate as more free time and better productivity :)
      That's why my password there is "12345" - same as my luggage's...

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    3. Re:Good Advice by Pentium100 · · Score: 1

      Not everybody can remember many different passwords that do not follow some pattern (like "asd!@#slashdot"). So, you either need to use some sort of password database (hope it's accessible from any device and that its password is not compromised) or only a few passwords.

    4. Re:Good Advice by Noughmad · · Score: 1

      That's why it's good practice to use password patterns. They are easy to remember, and offer reasonable security against automated attacks. Anyone who sees one of your passwords can easily deduce the others, but it takes just enough effort to require a targeted attack.

      --
      PlusFive Slashdot reader for Android. Can post comments.
    5. Re:Good Advice by neminem · · Score: 1

      This. This isn't at all similar to my password to anything, but the sort of thing I switched to doing a few years ago, after some other site I used my (at the time) "more secure" password got hacked - if, for instance, my old password I'd used for everything was asdf!!11, I might have changed it to gasdf!!11l for gmail, sasdf!!11t for slashdot, etc. Something like that. (That isn't the actual pattern I use, either. :p) Just as easy to remember, but a hacker would have to have a reason to specifically want *your* account info, rather than just hitting easy targets.

    6. Re:Good Advice by FictionPimp · · Score: 1

      lastpass.com

    7. Re:Good Advice by Salgak1 · · Score: 2

      PassWORDs ??? Stopped using those years ago, PassPHRASES are the way to go. . .

  4. The next step. by Anonymous Coward · · Score: 0

    Is to get this information into the hands of a Nigerian Music Executive.

  5. Obligatory XKCD by Anonymous Coward · · Score: 5, Funny

    What has not been covered by It.

    1. Re:Obligatory XKCD by flayzernax · · Score: 0

      Call of duty sucks and I call shenanigans on anyone cool at google who's been alive for more then 15 years thinking call of duty is any good.

    2. Re:Obligatory XKCD by zlogic · · Score: 1

      They should revise Google's punchline to "Now let's shutdown everything and watch civilization collape".

    3. Re:Obligatory XKCD by chromas · · Score: 1

      WRONG!

    4. Re:Obligatory XKCD by Anonymous Coward · · Score: 0

      Let civilization collapse... or use Bing?

  6. People still use common credentials? by Anonymous Coward · · Score: 2, Insightful

    Look, I know credential soup is a pain in the rear, but if you want to protect yourself online, it's essential these days. I follow an approach like this:

    Tier 1 - For ultra important stuff, such as banks, online merchants, and credit cards. These credentials are very, VERY long and random. Good luck cracking those while I'm still alive.

    Tier 2 - For less important stuff, like MMOs and websites I frequent. They'll still be fairly unique, but I'll use some mnemonics to aid myself here and reduce the headache without sacrificing too much security.

    Tier 3 - For everything else, especially those damn one-off sites that demand you create an account before you use them. These credentials are usually pretty common, as they're mostly disposable junk anyway and not connected at all to my main stuff.

    Oh, and one more thing: use yahoo or other disposable email addresses for Tier 2 or Tier 3 sites. Banks and credit cards should use a unique e-mail address that is not connected in any way to anything else to limit the effectiveness of keyloggers and phishing attempts.

    1. Re:People still use common credentials? by hedwards · · Score: 5, Insightful

      Or just use something like keepass and give them all strong passwords. It's not like you're going to be remembering hundreds of passwords anyways. Last count I had over 400 log ins and little or no clue as to how many of them I actually will ever need to use again. For most people, even a dozen passwords is more than they can reliably remember.

    2. Re:People still use common credentials? by gstoddart · · Score: 1

      Last count I had over 400 log ins and little or no clue as to how many of them I actually will ever need to use again

      Holy crap, that's a lot ... I'm not sure I've had 400 different logins over the last 25 years.

      --
      Lost at C:>. Found at C.
    3. Re:People still use common credentials? by Anonymous Coward · · Score: 0

      I don't use anything like that because if it fails due to corruption or something else, you're now locked out of everything and have to do a LOT of work to recover.

      If you use a password regularly, you will memorize it.

      If you don't, you won't.

    4. Re:People still use common credentials? by hedwards · · Score: 1

      Well, keep in mind that everybody demands a log in these days and often times just to view something that you might not want to ever use again. That's probably 15 or so years worth of accounts that I've created and many of them are probably no longer usable, but it's not really worth going back through all of them on a regular basis.

    5. Re:People still use common credentials? by hedwards · · Score: 1

      That's what backups are for. You're not going to memorize more than a dozen good passwords, and especially not if you're changing them regularly. I can back up my password database every day and then I don't have to worry about corruption or something else.

      The only real downside to it is if my password to the database is stolen. But, then again, they would also have to steal the file itself and the 2nd factor to it.

    6. Re:People still use common credentials? by flimflammer · · Score: 1

      I've found myself using that program only because sites like to enforce their own ideals about what a secure password is, rendering my actually secure password "weak" by their standards. So I keep track of those rogue sites by recording which variant I need to use for that special snowflake website.

    7. Re:People still use common credentials? by Anonymous Coward · · Score: 1

      For those random accounts on random website, better to use a site like bugmenot.com. If they don't have a login for the site, post yours there. A good practice is to also use a disposable email address that others can access. That way when some jerk changes the password another user can reset it back.

    8. Re:People still use common credentials? by Kanasta · · Score: 1

      Or better yet, a keepass that holds keys to other keepass databases. Seeded with fake logins.

  7. I remember Demonoid by Anonymous Coward · · Score: 0

    Wasn't that the site where you never sign up, because the sign-ups were always "closed for the week"? Or they had permanently run out of user space or something? I could never get a login, so I rarely used the site. Bah, good riddance.

    1. Re:I remember Demonoid by X0563511 · · Score: 1

      You just needed an invitation from someone who had an account.

      The reason those didn't get tossed around willy-nilly is that you were held accountable for the problems caused by people you invited.

      For example, had I invited you, and you got banned for uploading porn torrents, I would be banned as well (and perhaps everyone else I invited)

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    2. Re:I remember Demonoid by neminem · · Score: 1

      I had an account there, used it occasionally (when my primary private torrent site didn't have something). I'm curious how you "rarely" used it, if you didn't have an account... wouldn't that be "never"?

      Relying primarily or entirely on invites for new members is pretty common for sites like that. Demonoid was just a lot more *famous* than most of them. Which explains why it got axed, and a bunch of other, smaller, less famous (but still highly active) torrent sites are still up.

  8. What kind of malware? by K.+S.+Kyosuke · · Score: 1

    As in, would it justify renaming the site as 'Daemonoid'?

    --
    Ezekiel 23:20
    1. Re:What kind of malware? by Freshly+Exhumed · · Score: 3, Funny

      All I wanna know is if downloading the malware affects my ratio?!!!

      --
      I deny that I have not avoided attaining the opposite of that which I do not want.
  9. Oh Well by Oronar · · Score: 1

    Supposed I should have been more suspicious that searches failed. But I was hopeful it was just some sort of database failure explaining why I couldn't login. Whatever. I didn't use that password for anything else, spammers. Have fun with it.

    Although this raises the question why even make a functional password reset form? I tried it after my login didn't work and they sent me a new one.

    --
    1 4/\/\ 1337
    1. Re:Oh Well by Anonymous Coward · · Score: 0

      Hahah, noob. ;)

      Yeah, I got there too late and the site was already down... but I was actually planning to look around, then wait 24 hours (to see if reports popped up that it was some sort of MAFIAA scam) before trying to login with my demonoid account, honest! (Actual truth, not that anybody should believe me.)

    2. Re:Oh Well by wagnerrp · · Score: 1

      Perhaps they were expecting you to log in with it, and set it back to your original password?

    3. Re:Oh Well by Oronar · · Score: 1

      Except there was no logging in. Just the form to phish passwords.

      --
      1 4/\/\ 1337
  10. Think About IT by Anonymous Coward · · Score: 0

    So, Demonoid was shut down, and no one has any idea who might want to distribute malware to its former users computers?

    Shocked! I'm shocked to find such and unworthy lack of speculation on Slashdot.

    Just as shocked as Claude Reins was in Casa Blanca when he feined ignorance of gambling and took his "pot-de-vin."

  11. Actually... by giveen1 · · Score: 3, Informative

    I never actually logged into the website, nor got my password stolen, nor got malware. Links are always checked out, email header completely read, domain looked up in WHOIS, and link opened in a VM.

  12. Afghan by Anonymous Coward · · Score: 0

    /9j/4AAQSkZJRgABAQEASABIAAD/2wBDACgcHiMeGSgjISMtKygwPGRBPDc3PHtYXUlkkYCZlo+A
    jIqgtObDoKrarYqMyP/L2u71////m8H////6/+b9//j/2wBDASstLTw1PHZBQXb4pYyl+Pj4+Pj4
    +Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj/wAARCAAQABADASIA
    AhEBAxEB/8QAFgABAQEAAAAAAAAAAAAAAAAAAgAD/8QAHBAAAgIDAQEAAAAAAAAAAAAAAQIDEQAE
    IRIF/8QAFAEBAAAAAAAAAAAAAAAAAAAAAv/EABcRAAMBAAAAAAAAAAAAAAAAAAAREyH/2gAMAwEA
    AhEDEQA/AMoND3rpIVSioNnLY0vEDsFTgJ5gj+i666RWlBQKrDJvO0Dx2lMK5hFHGz//2Q==

    1. Re:Afghan by Anonymous Coward · · Score: 0

      I can never understand those foreign fuckers...

    2. Re:Afghan by Anonymous Coward · · Score: 0

      base64, but Iran, not Afghan

  13. Sounds like demonoid used bcrypt. Yay! by Sloppy · · Score: 5, Insightful

    Someone has the database, but it's not enough: they want people to send them passwords associated with the records. That leads me to one conclusion, to the old Demonoid's credit.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  14. Saw it coming by HairyNevus · · Score: 1

    I saw this e-mail on my phone this morning, and my first thought was "Sounds pretty sweet... so I bet it's not real". Then I came in and saw this headline before I even remembered it. Oh well... kat.ph is everything Demonoid was, maybe more.

    --
    You were critically hit for no damage. The bruise will look nice, and maybe the scars will make good party talk.
    1. Re:Saw it coming by runeghost · · Score: 1

      Not quite. Demonoid had a ton of ancient and obscure movies, tv shows, and books, many of which were obtainable literally no where else. Kat.ph appears to be a nice torrent site, but it's far more focused on popular stuff than demonoid was.

    2. Re:Saw it coming by zerocommazero · · Score: 1

      Yeah, Demonoid was a geek's dream. You could find just about anything niche related (well at least the niches I liked) and the search interface/categories were easy to use to find obscure related things.

    3. Re:Saw it coming by Linsaran · · Score: 1

      Amen to that, I've yet to see a torrent site with the same level of Niche stuff that Demonoid used to have. If ever I found another site with that same quality of content I'd join in an instant.

      --
      In a bit of shameless internet panhandling, I accept Litecoin Donations at Lbd2oH9QsthD1GfuUXPyka12YxvWJYnBVf
    4. Re:Saw it coming by bBarou · · Score: 1

      I wish I had mod points. Demonoid was one of my favorite place for hard to find stuff. Is there anything close to it nowadays?

    5. Re:Saw it coming by Anonymous Coward · · Score: 0

      Private trackers.

    6. Re:Saw it coming by Anonymous Coward · · Score: 0

      Same here. Demonoid was the place I found many TV pilots (the two Three's Company pilots with different actors being a favorite,) obscure movies, band demos, and basically everything you can't buy off the shelf legally, but would if I could. They are missed!

      I was skeptical about that e-mail, so I waited to see what story would inevitably pop up here. I figured it was some "forces of evil" trying to get info on us former members. Pirate Bay is okay, but I'm starting to feel like going back to the old place-of-no-mention that predates the WWW, but unfortunately requires one to subscribe to a service to reach now.

    7. Re:Saw it coming by Anonymous Coward · · Score: 0

      Private trackers.

      Bullshit. A private (or public) tracker is as good as its members.

      Fill a tracker with people who want to donate their bandwidth and who also have extensive collections of whatever, and a great community is born. Just look at the pirate bay. What you can't find you can probably request, and for the most part things come down pretty quickly.

      OTOH sign up for a supposedly exclusive high end private tracker with 1,000 members and you'll be greeted with snobbery and dead torrents. Good luck getting something after the initial seeder pulls the seedbox off. That takes about 2 days on average, and there will be no swarm to speak of because maybe 5 people grab the thing in the first place.

      Get on a big private tracker and things are better. The problem with those is they're starting to become prime targets for the copyright nazis and their never ending genocide of internet freedoms.

  15. *Be-beep!* Error! by Anonymous Coward · · Score: 0

    Your password must be 8-12 characters long. PassPHRASES, ha!

    PS: It must also contain at least one digit and symbol, not contain spaces, not repeat any of your previous 5 passwords, can't contain swearwords (or any dictionary words at all, if we're at it) or use name or surname of any of your relatives up to three degrees removed. Have a nice day.

    1. Re:*Be-beep!* Error! by mark-t · · Score: 1

      Interesting requirements. Most of them are even practical... other than the one about surnames of relatives, because that would be impossible to do without already having an exhaustive list of all relatives within 3 degrees of the individual, not the least problem of which that it is not necessarily a static list, and the logistics behind keeping it up to date alone would probably make the endeavor infeasible.

      --
      File under 'M' for 'Manic ranting'
  16. Re:Sounds like demonoid used bcrypt. Yay! by Anonymous Coward · · Score: 0

    Someone has the database, but it's not enough: they want people to send them passwords associated with the records. That leads me to one conclusion, to the old Demonoid's credit.

    Or that they figured they could phish more passwords out of their userbase regardless.

  17. Re:Sounds like demonoid used bcrypt. Yay! by Anonymous Coward · · Score: 0

    "Demonoid's back! Just log in here! But now you have to change your password, because the old one was compromised."

    Now you have their latest omniuse password!

  18. Didn't go to all users by Anonymous Coward · · Score: 0

    Hmm, I would suggest they either didn't get a full membership database or they were selective as to who they sent it to - I didn't get an e-mail, and I was a user.

  19. Lastpass by bmo · · Score: 1

    "New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

    Password sharing is bad. I've moved all my passwords and password generation over to Lastpass. All my web passwords are 20 char random alphanumeric/symbol/randomcase automatically generated by Lastpass' randomizer. They are all completely different from each other - none are shared. Even I can't remember them. They require entry by Lastpass or copy-paste from a text tile or typed from dead tree archive.

    There are other password tools that do similar things, and I highly recommend this style of password generation and usage.

    --
    BMO

  20. hoping by Anonymous Coward · · Score: 0

    Welcome back to d2.vu
    Its using your old demoniod user name and pass word hope its legit. Worked for me