Slashdot Mirror

← Back to Stories (view on slashdot.org)

Former Demonoid Members Receive Email Claiming Resurrection, Get Malware Instead

Posted by Unknown on from the probably-riaa-conspiracy dept.

New submitter giveen1 writes "I recieved this email as a former Demonoid.me user. I tried to go to the website and link is dead. ... 'Dear Demonoid Community Member, We have all read the same news stories: The Demonoid servers shut down and seized in the Ukraine. The Demonoid admin team detained in Mexico. The demonoid.me domain snatched and put up for sale. The Demonoid trackers back online in Hong Kong, but then disappearing. ... Now for some good news: The heart and soul of Demonoid lives on! Through an amazing sequence of unlikely events, the data on those Ukrainian servers has made its way into the safe hands of members of our community and has now been re-launched as d2.vu.'" But it turns out that the site was distributing malware, hosted on an American VPS, and quickly shut down after the provider discovered this. No word yet on how the Demonoid user database was acquired, but if you did make the mistake of trying to log in Torrent Freak warns: "New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

39 of 62 comments (clear)

  1. sad pants by Anonymous Coward · · Score: 2

    I miss Demonoid

    1. Re:sad pants by Anonymous Coward · · Score: 1

      If you had some friends, they could have sent you an invite

      Being an anonymous internet troll, apparently you didn't have any.

    2. Re:sad pants by bmo · · Score: 1

      Or you could have just signed up on Thursdays when registration was completely open.

      Or if you weren't a complete dick, people would have fired invites over to you. I had more than I knew what to do with.

      --
      BMO

  2. Good Advice by DarthBling · · Score: 4, Insightful

    "New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

    Yup. After all those LinkedIn passwords were leaked last year, I wised up and changed the passwords to all the websites I visit each to something different. So now if my username/password combo is compromised, it's only good for that one particular website.

    1. Re:Good Advice by gstoddart · · Score: 1

      I'm more shocked that people have been doing that all along.

      This has been good security practice for a very long time.

      Re-using login/password combos has always been a bad idea.

      --
      Lost at C:>. Found at C.
    2. Re:Good Advice by war4peace · · Score: 3, Funny

      Depends. If your password is complex enough, then you can use one for a core of websites (2-3 most secure).
      And for all the ever-so-many bullshit websites you don'r care about, you can have the same U/P combo; if it gets hacked, you lose access to many bullshit sites you don't care about. Good. Losing my miniclip account would only translate as more free time and better productivity :)
      That's why my password there is "12345" - same as my luggage's...

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    3. Re:Good Advice by Pentium100 · · Score: 1

      Not everybody can remember many different passwords that do not follow some pattern (like "asd!@#slashdot"). So, you either need to use some sort of password database (hope it's accessible from any device and that its password is not compromised) or only a few passwords.

    4. Re:Good Advice by Noughmad · · Score: 1

      That's why it's good practice to use password patterns. They are easy to remember, and offer reasonable security against automated attacks. Anyone who sees one of your passwords can easily deduce the others, but it takes just enough effort to require a targeted attack.

      --
      PlusFive Slashdot reader for Android. Can post comments.
    5. Re:Good Advice by neminem · · Score: 1

      This. This isn't at all similar to my password to anything, but the sort of thing I switched to doing a few years ago, after some other site I used my (at the time) "more secure" password got hacked - if, for instance, my old password I'd used for everything was asdf!!11, I might have changed it to gasdf!!11l for gmail, sasdf!!11t for slashdot, etc. Something like that. (That isn't the actual pattern I use, either. :p) Just as easy to remember, but a hacker would have to have a reason to specifically want *your* account info, rather than just hitting easy targets.

    6. Re:Good Advice by FictionPimp · · Score: 1

      lastpass.com

    7. Re:Good Advice by Salgak1 · · Score: 2

      PassWORDs ??? Stopped using those years ago, PassPHRASES are the way to go. . .

  3. Obligatory XKCD by Anonymous Coward · · Score: 5, Funny

    What has not been covered by It.

    1. Re:Obligatory XKCD by zlogic · · Score: 1

      They should revise Google's punchline to "Now let's shutdown everything and watch civilization collape".

    2. Re:Obligatory XKCD by chromas · · Score: 1

      WRONG!

  4. People still use common credentials? by Anonymous Coward · · Score: 2, Insightful

    Look, I know credential soup is a pain in the rear, but if you want to protect yourself online, it's essential these days. I follow an approach like this:

    Tier 1 - For ultra important stuff, such as banks, online merchants, and credit cards. These credentials are very, VERY long and random. Good luck cracking those while I'm still alive.

    Tier 2 - For less important stuff, like MMOs and websites I frequent. They'll still be fairly unique, but I'll use some mnemonics to aid myself here and reduce the headache without sacrificing too much security.

    Tier 3 - For everything else, especially those damn one-off sites that demand you create an account before you use them. These credentials are usually pretty common, as they're mostly disposable junk anyway and not connected at all to my main stuff.

    Oh, and one more thing: use yahoo or other disposable email addresses for Tier 2 or Tier 3 sites. Banks and credit cards should use a unique e-mail address that is not connected in any way to anything else to limit the effectiveness of keyloggers and phishing attempts.

    1. Re:People still use common credentials? by hedwards · · Score: 5, Insightful

      Or just use something like keepass and give them all strong passwords. It's not like you're going to be remembering hundreds of passwords anyways. Last count I had over 400 log ins and little or no clue as to how many of them I actually will ever need to use again. For most people, even a dozen passwords is more than they can reliably remember.

    2. Re:People still use common credentials? by gstoddart · · Score: 1

      Last count I had over 400 log ins and little or no clue as to how many of them I actually will ever need to use again

      Holy crap, that's a lot ... I'm not sure I've had 400 different logins over the last 25 years.

      --
      Lost at C:>. Found at C.
    3. Re:People still use common credentials? by hedwards · · Score: 1

      Well, keep in mind that everybody demands a log in these days and often times just to view something that you might not want to ever use again. That's probably 15 or so years worth of accounts that I've created and many of them are probably no longer usable, but it's not really worth going back through all of them on a regular basis.

    4. Re:People still use common credentials? by hedwards · · Score: 1

      That's what backups are for. You're not going to memorize more than a dozen good passwords, and especially not if you're changing them regularly. I can back up my password database every day and then I don't have to worry about corruption or something else.

      The only real downside to it is if my password to the database is stolen. But, then again, they would also have to steal the file itself and the 2nd factor to it.

    5. Re:People still use common credentials? by flimflammer · · Score: 1

      I've found myself using that program only because sites like to enforce their own ideals about what a secure password is, rendering my actually secure password "weak" by their standards. So I keep track of those rogue sites by recording which variant I need to use for that special snowflake website.

    6. Re:People still use common credentials? by Anonymous Coward · · Score: 1

      For those random accounts on random website, better to use a site like bugmenot.com. If they don't have a login for the site, post yours there. A good practice is to also use a disposable email address that others can access. That way when some jerk changes the password another user can reset it back.

    7. Re:People still use common credentials? by Kanasta · · Score: 1

      Or better yet, a keepass that holds keys to other keepass databases. Seeded with fake logins.

  5. What kind of malware? by K.+S.+Kyosuke · · Score: 1

    As in, would it justify renaming the site as 'Daemonoid'?

    --
    Ezekiel 23:20
    1. Re:What kind of malware? by Freshly+Exhumed · · Score: 3, Funny

      All I wanna know is if downloading the malware affects my ratio?!!!

      --
      I deny that I have not avoided attaining the opposite of that which I do not want.
  6. Oh Well by Oronar · · Score: 1

    Supposed I should have been more suspicious that searches failed. But I was hopeful it was just some sort of database failure explaining why I couldn't login. Whatever. I didn't use that password for anything else, spammers. Have fun with it.

    Although this raises the question why even make a functional password reset form? I tried it after my login didn't work and they sent me a new one.

    --
    1 4/\/\ 1337
    1. Re:Oh Well by wagnerrp · · Score: 1

      Perhaps they were expecting you to log in with it, and set it back to your original password?

    2. Re:Oh Well by Oronar · · Score: 1

      Except there was no logging in. Just the form to phish passwords.

      --
      1 4/\/\ 1337
  7. Actually... by giveen1 · · Score: 3, Informative

    I never actually logged into the website, nor got my password stolen, nor got malware. Links are always checked out, email header completely read, domain looked up in WHOIS, and link opened in a VM.

  8. Re:I remember Demonoid by X0563511 · · Score: 1

    You just needed an invitation from someone who had an account.

    The reason those didn't get tossed around willy-nilly is that you were held accountable for the problems caused by people you invited.

    For example, had I invited you, and you got banned for uploading porn torrents, I would be banned as well (and perhaps everyone else I invited)

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  9. Sounds like demonoid used bcrypt. Yay! by Sloppy · · Score: 5, Insightful

    Someone has the database, but it's not enough: they want people to send them passwords associated with the records. That leads me to one conclusion, to the old Demonoid's credit.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  10. Re:Not much to speculate about by westlake · · Score: 1

    Well, it's either the law enforcement or the record companies got hold of the user database.

    More likely to be an inside job. More likely and more profitable.

  11. Re:I remember Demonoid by neminem · · Score: 1

    I had an account there, used it occasionally (when my primary private torrent site didn't have something). I'm curious how you "rarely" used it, if you didn't have an account... wouldn't that be "never"?

    Relying primarily or entirely on invites for new members is pretty common for sites like that. Demonoid was just a lot more *famous* than most of them. Which explains why it got axed, and a bunch of other, smaller, less famous (but still highly active) torrent sites are still up.

  12. Saw it coming by HairyNevus · · Score: 1

    I saw this e-mail on my phone this morning, and my first thought was "Sounds pretty sweet... so I bet it's not real". Then I came in and saw this headline before I even remembered it. Oh well... kat.ph is everything Demonoid was, maybe more.

    --
    You were critically hit for no damage. The bruise will look nice, and maybe the scars will make good party talk.
    1. Re:Saw it coming by runeghost · · Score: 1

      Not quite. Demonoid had a ton of ancient and obscure movies, tv shows, and books, many of which were obtainable literally no where else. Kat.ph appears to be a nice torrent site, but it's far more focused on popular stuff than demonoid was.

    2. Re:Saw it coming by zerocommazero · · Score: 1

      Yeah, Demonoid was a geek's dream. You could find just about anything niche related (well at least the niches I liked) and the search interface/categories were easy to use to find obscure related things.

    3. Re:Saw it coming by Linsaran · · Score: 1

      Amen to that, I've yet to see a torrent site with the same level of Niche stuff that Demonoid used to have. If ever I found another site with that same quality of content I'd join in an instant.

      --
      In a bit of shameless internet panhandling, I accept Litecoin Donations at Lbd2oH9QsthD1GfuUXPyka12YxvWJYnBVf
    4. Re:Saw it coming by bBarou · · Score: 1

      I wish I had mod points. Demonoid was one of my favorite place for hard to find stuff. Is there anything close to it nowadays?

  13. Re:*Be-beep!* Error! by mark-t · · Score: 1

    Interesting requirements. Most of them are even practical... other than the one about surnames of relatives, because that would be impossible to do without already having an exhaustive list of all relatives within 3 degrees of the individual, not the least problem of which that it is not necessarily a static list, and the logistics behind keeping it up to date alone would probably make the endeavor infeasible.

    --
    File under 'M' for 'Manic ranting'
  14. Lastpass by bmo · · Score: 1

    "New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

    Password sharing is bad. I've moved all my passwords and password generation over to Lastpass. All my web passwords are 20 char random alphanumeric/symbol/randomcase automatically generated by Lastpass' randomizer. They are all completely different from each other - none are shared. Even I can't remember them. They require entry by Lastpass or copy-paste from a text tile or typed from dead tree archive.

    There are other password tools that do similar things, and I highly recommend this style of password generation and usage.

    --
    BMO