Slashdot Mirror

← Back to Stories (view on slashdot.org)

Demonoid Resurrection Dismissed As Malware Was Legitimate

Posted by timothy on from the not-exactly-intuitive dept.

wo1verin3 writes "Previously reported on Slashdot was a story about a malware attempt masquerading itself as a Demonoid resurrection. It turns out this really was Demonoid making a comeback. With the site now back online with a new host, TorrentFreak caught up with its admins who tell us they have no malicious intent and simply want to bring a community back to together. While there is still uncertainty, one thing is absolutely clear – they do have the old Demonoid database."

83 comments

  1. Hey Kids, want to get a letter from your isp? by Anonymous Coward · · Score: 0

    Then keep using Demonoid and other public trackers. Mostly only applicable to the US and a couple other countries (germany/japan come to mind)

    1. Re:Hey Kids, want to get a letter from your isp? by Anonymous Coward · · Score: 1

      Nonsense. Just be careful about what you're downloading; brand new garbage is more likely to get them to extort you than older garbage.

    2. Re:Hey Kids, want to get a letter from your isp? by Anonymous Coward · · Score: 1

      Understand, even in other countries it can be risky.
      See, in lost of places there is non-enforcement.
      Except, downloading (or uploading, in some cases, is still illegal.
      Never think that just because the police are ignoring you now, that they will continue to.
      Every time you commit a crime, protect yourself, even if the crime is just.
      This can mean obfuscating or just plain hiding.

    3. Re:Hey Kids, want to get a letter from your isp? by Anonymous Coward · · Score: 0

      Demonoid isn't a public tracker. Either you are able to coddle some warez hound friend for an account, or you are lucky enough to get access on Thursdays when they allow 1-2 accounts a week to be thrown to the unwashed masses, which are usually snapped up before one can click on the refresh button.

      Demonoid is history, just like trying to get into #warez without having an O-line to find something useful is dead. With the advent of magnet links, having to beg, borrow, or blow for access to a private tracker is so last year.

    4. Re:Hey Kids, want to get a letter from your isp? by AK+Marc · · Score: 1

      Except, downloading (or uploading, in some cases, is still illegal.

      Downloading is illegal almost nowhere. Uploading is illegal almost everywhere.

      Much of the non-enforcement is that a complaint must be lodged before prosecution can happen, and the content owners and rights defenders are waiting for the "best" test cases for their agendas.

      --
      Learn to love Alaska
  2. umm by trifish · · Score: 0

    WTF is Demonoid resurrection? And why did Slashdot editors not recognize TWO slashvertisments (or "viral ads" or whatever you want to call it) in a row?

    1. Re:umm by The+Rizz · · Score: 5, Funny

      WTF is Demonoid resurrection?

      It's the fourth installment in the Demonoid series, coming after Demonoids and Demonoid^3.

    2. Re: umm by Anonymous Coward · · Score: 5, Informative

      Demonoid was/is an extremely popular torrent tracker that was shut down a while ago. There was always speculation that the site would return, as it had after past interruptions.
      Also, as it's a semi-private tracker, it doesn't gain much from "slashvertisements".

    3. Re:umm by Anonymous Coward · · Score: 0

      WTF is Demonoid resurrection?

      Come on, it was only three days ago. If you have a longer memory than a goldfish, you should remember this.

      What? You are a goldfish?? Oh my...I am an insensitive clod, aren't I?

    4. Re:umm by Anonymous Coward · · Score: 0

      I demand entry into your rancid asshole! I demand it! Give me access to your disgusting, foul asshole right now! I command you! What say you?

      Have you tried asking nicely?

    5. Re:umm by Mikkeles · · Score: 4, Funny

      Who is Ass King Nicely?

      --
      Great minds think alike; fools seldom differ.
    6. Re:umm by Jane+Q.+Public · · Score: 1

      "Who is Ass King Nicely?"

      SO so tempting to put one of a list of /. users' names here!

    7. Re:umm by Jane+Q.+Public · · Score: 2

      Demonoid was known for its list of "filez" torrents (books, references, etc.) much more than for movies and the like. Its list of such was far more extensive than most other trackers.

    8. Re:umm by RoboRay · · Score: 1

      What happened to Demonoid - the Search for More Money?

    9. Re:umm by Anonymous Coward · · Score: 0

      It was abandoned in favor of Demonoid 2: Electric Boogaloo,

    10. Re:umm by Anonymous Coward · · Score: 0

      there is no Demonoid^3.

  3. A link to it by tebee · · Score: 5, Informative

    To save having to read the linked articles it's here http://www.d2.vu/

    --
    N.B. this user is far too lazy to write a witty and intelligent sig.
  4. No Seeders anymore? by Silpher · · Score: 1

    Obviously not an expert but Demonoid was dead for so long who is still seeding these old files?
    Isn't this ressurrection almost totaly D.O.A.?

    1. Re:No Seeders anymore? by The+Rizz · · Score: 4, Informative

      Obviously not an expert but Demonoid was dead for so long who is still seeding these old files?

      Most torrents seed across multiple trackers and sites nowadays. Even if one site goes down, the same torrent may exist on dozens of other sites, and list the trackers for each of them.

    2. Re:No Seeders anymore? by thegarbz · · Score: 2, Interesting

      Obviously not an expert but Demonoid was dead for so long who is still seeding these old files?

      Most torrents seed across multiple trackers and sites nowadays. Even if one site goes down, the same torrent may exist on dozens of other sites, and list the trackers for each of them.

      Yes but how do new trackers announce themselves to existing seeds? Sure if the files were spread to other trackers and Demonoid brought back their tracker on the old domain then the system will just pick up where it left off. However, Demonoid is now restarting on the d2.vu domain so how would any of the current seeded files from Demonoid pick up on this tracker?

      They effectively will be starting from scratch, their only benefit is their name, goodwill, and the existence of a database of potential users to which they can direct their marketing.

    3. Re:No Seeders anymore? by Anonymous Coward · · Score: 1

      Each torrent has a hash, if you want you can feed said hash to a recent enough client and it will make a general cattle call about more info. If the info is available it will then use said info to bootstrap the actual torrent download.

      This allow the same torrent to be handled by multiple overlapping torrents.

      Also, Demonoid operated both public and private tracking. Some of the more obscure stuff was usually only seeded on the private side and that tracker was never apparently shut down.

      ovo -hoot

    4. Re:No Seeders anymore? by willaien · · Score: 1

      It looks like this iteration won't even have a tracker, so, there will be no need to announce the tracker.

    5. Re:No Seeders anymore? by flimflammer · · Score: 1

      Sure, sites that used demonoid as the sole tracker will be harmed by this, however many torrents that were on demonoid had multiple trackers. Those are still working quite well. It will take some take for a relaunch to get back on its feet, but it is certainly nice to see.

    6. Re:No Seeders anymore? by Anonymous Coward · · Score: 0

      If the site is reputable, then it will be provided seeds by the scene and/or the couriers for the scene. Seeds are not magical people, they are the people who make the pirated content in the first place, the release groups. You don't want to download a torrent uploaded by 'some random guy', you want the one uploaded by the group that has a reputation to uphold

    7. Re:No Seeders anymore? by Anonymous Coward · · Score: 0

      Original seeders, perhaps, but the entire system would be no better than rapidshare if it worked the way you describe. Seeders /are/ magical people who give back to the community that gave to them, ensuring that content is always available.

    8. Re:No Seeders anymore? by Jane+Q.+Public · · Score: 1

      "Isn't this ressurrection almost totaly D.O.A.?"

      First, it hasn't been gone long at all. 8-9 months only. But it did move around a bit before it disappeared.

      Second, as for DOA: that's kind of like asking whether a library is DOA because it hasn't added any books in the last few months. Kind of a silly question, really.

  5. It's a trap? by collet · · Score: 5, Informative

    Maybe. From the old official IRC channel on p2p-network.net:

    "Topic for #demonoid is: OPEN REGS:UNKNOWN; SITE: DOWN; FORUM: DOWN; TRACKER: DOWN;| Welcome to #demonoid. | d2.vu is not demonoid, not run by demonoid admin or staff, and should not be supported. The site could be used to collect your usernames/passwords for their own use. Use at your own risk."

    1. Re:It's a trap? by Anonymous Coward · · Score: 0

      Mod parent up, please.

    2. Re:It's a trap? by uberbrainchild · · Score: 2

      I agree, let's just say that there are members that never got that email about it being up. I wouldn't trust that they have the old db and most likely they are just phishing basically.

      --
      Anveto
    3. Re:It's a trap? by Anonymous Coward · · Score: 5, Informative

      I agree, let's just say that there are members that never got that email about it being up. I wouldn't trust that they have the old db and most likely they are just phishing basically.

      It's the genuine database all right. I just logged in and all the details about my old account are there (including the good old up/dl ratio). I hope in the following weeks rare torrents will get seeded again. Not even pirate bay had the variety of rare torrents that demonoid had.

    4. Re:It's a trap? by Anonymous Coward · · Score: 0

      Those members might be the ones who registered after the date of the backup they got, for example.

      Still ain't trusting them. Good thing those old sci-fi torrents from demonoid were not marked as private - DHT works pretty well there and they live on on other trackers.

      Now if somebody'd make an archive of all those .torrents and put 'em up on TPB...

    5. Re:It's a trap? by Pubstar · · Score: 1

      Everything is there, but the fact that they first tried to host the site in the US makes me really leery of logging back into my account there. I'll just wait a few months and see where things go.

    6. Re:It's a trap? by EvilIdler · · Score: 4, Informative

      I had an account from 2005, and amazingly still remembered my password. Yep, it's the old DB. What sort of people are running the server is a whole different matter, though.

    7. Re:It's a trap? by geirlk · · Score: 1

      I did receive the mail. And I was able to login with old credentials.

    8. Re:It's a trap? by DKlineburg · · Score: 1

      Um, stupid question. What if they don't require a user password. So anything you put in gets accepted. And they log what you put in. They just stole your stuff. And you think they have old database? Just asking.

      --
      Memory is deceptive because it is colored by today's events. - Albert Einstein
    9. Re:It's a trap? by Lehk228 · · Score: 1

      This site brought to you by the letters F B and I

      --
      Snowden and Manning are heroes.
    10. Re:It's a trap? by Anonymous Coward · · Score: 5, Informative

      Because I entered the wrong password for my account first and it didn't let me in, then when I used the correct one it did. It also has the correct sign up date on my account profile.

    11. Re:It's a trap? by Anonymous Coward · · Score: 0

      It's also still got my avatar picture. Granted two of those things they could have got from a scrape of the original site, but it seems unlikely. So my guess is legitimate database, but as to who is actually running it, that's a better question.

    12. Re:It's a trap? by Anonymous Coward · · Score: 0

      Not terribly amazing. If your account was still active, I'm pretty sure it means you were active with your account with some regularity. Pirate! :-P

    13. Re:It's a trap? by EvilIdler · · Score: 1

      It took me 4-5 retries before I remembered the right password, of course. They also had my e-mail. At the very least they do have the original database with data going back 8 years. Whether we can trust the admins is still questionable - for all we know they could be setting up the biggest MAFIAA honeytrap yet ;) Also, there is nothing important or identifying on my profile, at least. The e-mail is an alias only used there, the domain is privacy-guarded to hell (and I'm the provider). Never use a real name, even if you just made a research account. Especially then :)

    14. Re:It's a trap? by Anonymous Coward · · Score: 0

      Yes, they seem to have the database - how else would they send all those emails to registered users? Who are they and what is their purpose is different question, especially considering they're hosted right in the copyright infringers haven known as the US of A.

      They still might be a honeypot and now that's one more hash they've got from that database they won't have to crack now. Good job!

    15. Re:It's a trap? by dissy · · Score: 4, Insightful

      Hopefully it's not a password you have used anywhere else.

      These people definitely have a copy of the old database, and thus salted password hashes.
      Anyone logging in right now is also providing their clear-text password and confirmation if it is the correct password, as well as their IP.

      Between the two facts that the government would have spent the time cracking the hashes without much concern over the cost, plus the banner ads that would complicate a sting type operation, it's looking less like a government honeypot.

      Still, we know very little about these new admins.
      We know the original admins are aware of this and do not approve, and we have been told (by the new admins) that they were given a backup of the database and website for safe keeping in case the original admins needed it to resurrect the site, which has not been disputed by the original admins.

    16. Re:It's a trap? by AbRASiON · · Score: 2

      I'm going to have to second this guys post - some of the obscure stuff on demonoid was fucking incredible. I could not only find rare foreign films, in the correct (foreign) language but with subtitles AND 720p AND with good seeds.... and often......... and even older ones.

      Seriously though, as a movie buff there were movies on demonoid, in good quality which where incredibly difficult to find anywhere, even legitimately. I do feel a bit bad about getting dodgy copies, I really do but damn it was useful for hard to find stuff, nothing has even come close since.

    17. Re:It's a trap? by Anonymous Coward · · Score: 0

      That right there. Even though they have the DB, it doesn't mean that they can prove who you are or obtain your password unless/until you you log in and effectively confirm it all for them.

    18. Re:It's a trap? by Anonymous Coward · · Score: 0

      But you just gave them 4-5 passwords that can be used to narrow-down brute-force attacks against accounts coming from your domain.

    19. Re:It's a trap? by Anonymous Coward · · Score: 0

      I actually thought about it as well. Use "password reset" functionality to get a new password sent to your old email. Then use a unique password.

    20. Re:It's a trap? by Anonymous Coward · · Score: 1

      pwgen'd password that isn't used anywhere else, why would I care?

    21. Re:It's a trap? by SeaFox · · Score: 2

      Hopefully it's not a password you have used anywhere else.

      These people definitely have a copy of the old database, and thus salted password hashes.
      Anyone logging in right now is also providing their clear-text password and confirmation if it is the correct password, as well as their IP.

      As it was pointed out in the TorrentFreak article comments, you could always choose to pretend you've forgotten your password and have Demonoid reset it. That provides no confirmation the password they had was correct. The password they have would only be useful on other sites that also use one's email address for username, and honestly anyone not using a spam or otherwise not-their-normal email address for registration for this kind of thing deserves to get hacked for their stupidity.

    22. Re:It's a trap? by MeepMeep · · Score: 1

      Same for me, my old account is still there and I logged in.

      However, when i checked for some rare torrents that I knew were there before, they were gone.

      I'm with you on hoping the rare torrents getting seeded again - that was Demonoid's niche in the torrent community

    23. Re:It's a trap? by Gallomimia · · Score: 1

      I can tell you they have the old DB. They remember my account login information. I tried several times before getting it to work. Why would they need to phish if they have the DB? Do they need people to login so they can unsalt the passwords from that database?

      --
      Sadly, a Libertarian cannot force his views on another, and freedom cannot spread as does the cancer known as religion.
    24. Re:It's a trap? by SD-Arcadia · · Score: 1

      If you think demonoid was good for rare foreign stuff just move over to https://karagarga.net/. Nothing else compares on the net. The catch is private tracker and need to keep ratio.

      --
      https://dalgamotor.wordpress.com/ - Elektronik beyinlere ozgurluk asisi (Turkish)
    25. Re:It's a trap? by Anonymous Coward · · Score: 0

      Hey, from one AC to another: how come you remembered your Demonoid pw for 8 years yet you forget your /. pw within about 2.5 hours?

  6. Okaaaay... by SeaFox · · Score: 4, Insightful

    So the Demonoid that was distributing malware was not a fake... so the admins really were sending malicious code to people in an effort to "bring a community back to together"?

    And now they want people to trust them?

    1. Re:Okaaaay... by PastTense · · Score: 3, Informative

      It' can happen on filesharing sites that advertisers have malware on their ads/sites--the firesharing site's administrators should check, but sometimes aren't very conscientious about it.

    2. Re:Okaaaay... by Anonymous Coward · · Score: 5, Informative

      Hell, we were Europe's leading portal site for years back in 2002, and even we sometimes had malware in our ads!

      It's a tricky business, because you usually have deals with advertising companies who themselves deal with thousands of clients automatically. It is impossible to prevent all malware that way. And it is impossible to manage it all by hand. (It would cost more that the ads earn you.)

      Of course we banned those ads quickly when we found out. But it was really a pointless battle. Even if we'd have done it all manually, the ads still came from foreign servers... by the thousands... and were sometimes changeable after going live. (E.g. Flash ads are unpredictable because closed-source.)
      And we'd be gone bankrupt.

      Hey... we went bankrupt anyway. ;))

      So: Deal with it. Cause it's not going away. Malware in ads is to be expected. Always.

    3. Re:Okaaaay... by Aighearach · · Score: 1

      according to the hosting company, the ads had a malware vendor.

    4. Re:Okaaaay... by EvilIdler · · Score: 1

      I don't remember how many years ago it was, but a major provider of sports ads in Europe had drive-by infections. The Flash hate really picked up steam in those days :)

    5. Re:Okaaaay... by aliquis · · Score: 1

      I'm curios what portal site.

    6. Re:Okaaaay... by Rob_Bryerton · · Score: 4, Insightful

      So: Deal with it. Cause it's not going away. Malware in ads is to be expected. Always.

      Or to put it another way, ads *are* malware, and as such, need to be blocked. Just as its standard fare to run AV on (Windows) PCs, all PCs regardless of OS should be running adblockers. Until the online advertising industry cleans up its act (don't hold your breath), everyone should be blocking their trojan-infused crap.

      Some may call this a dishonest justification for blocking ads; I call it safe and smart computing.

      Anybody have a car analogy? I couldn't come up with one. Extra points for working Natalie or Soviet Russia into the car analogy :)

    7. Re:Okaaaay... by Anonymous Coward · · Score: 0

      Ad blocking is like putting a radar scattering device in your car.

      Sure, it's great for you, but when everyone starts doing it the repercussions could be disastrous.

    8. Re:Okaaaay... by bmo · · Score: 1

      It' can happen on any site that advertisers have malware on their ads/sites

      Fixed.

      InvestorVillage once had a problem with malware. Blue now pays much more attention to who the advertisers are.

      --
      BMO

    9. Re:Okaaaay... by Mantrid42 · · Score: 1

      It's really jarring to use someone else's computer to browse the web. I'm running Opera with an extensive content blocker, and whitespace removal. I forget how loud the vanilla web is.

  7. Re:God by ron-l-j · · Score: 1

    binspam

  8. See this is why.... by Anonymous Coward · · Score: 0

    We need to embrace public key cryptography.

  9. Confusing Headline by Anonymous Coward · · Score: 3, Insightful

    I interpretted this as:

    The demonoid resurrection was dismissed
    because
    the malware was legitimate.

    Even after reading the summary I was stilll completely lost for about 5 more passes.

    Please write your headlines more clearly.

  10. Re: Stay away from Demonoid by Anonymous Coward · · Score: 0

    China?

  11. Not even making sense by Anonymous Coward · · Score: 3, Insightful

    What the fuck does "as soon as I logged in I was phished" mean? Do you even fucking understand what "phishing" means? How do you even decide you've been phished if this is your only place with this user and pass? (well, no, last one might get you a notice for failed attempt to log in to your mail box, though I don't think I've seen those from many services)

    tl;dr: parent's seemingly shilling for some shitty "very useful program", Go away and come with proper MyCleanPC success story.

    1. Re:Not even making sense by AK+Marc · · Score: 1

      What the fuck does "as soon as I logged in I was phished" mean?

      The only reasonable intrepretation I can think of is "Shortly after logging in, my (previously dormant) registered email received a phish-email."

      Why do you assume their error when there's a clear explanation that satisfies the description given?

      As far as I can tell, the shitty program he's hawking doesn't even exist. So none of that matters.

      --
      Learn to love Alaska
  12. PGP by Rinisari · · Score: 1, Interesting

    All this "is it real" crap could have been avoided with a single, PGP-signed message.

    --
    Colin Dean Go a year without DRM
    1. Re:PGP by flimflammer · · Score: 2

      What exactly would that avoid? It's not the original admins who are doing this, so who exactly among the people doing this, delivering a secure message, would you trust?

    2. Re:PGP by VortexCortex · · Score: 1

      What exactly would that avoid? It's not the original admins who are doing this, so who exactly among the people doing this, delivering a secure message, would you trust?

      The ones who had keys the original admins had signed as trusted...

  13. Re:God by frootcakeuk · · Score: 1

    Is it just me or are the trolls out in full force this spring/summer?

    --
    Remember kids: What's right isn't as important as what's profitable.
  14. Re:God by Anonymous Coward · · Score: 0

    Please don't do that.

  15. Re:God by Anonymous Coward · · Score: 0

    Netcraft comfirms you're a douche.. chill!

    Arrested development in two weeks!!!

  16. Re:God by Anonymous Coward · · Score: 0

    The trolls are always out in full force, mein herr.

  17. D2 by Anonymous Coward · · Score: 0

    It's real. I followed another poster's instruction to use the 'lost pass' link right away and got a new one instead of using any old info and it is my real account from before the troubles. Demonoid IS back!

  18. If you're concerned... (Re:It's a trap?) by Laebshade · · Score: 1

    Request a password reset. The password reset form requires only a valid username to be entered, and the email address associated with it will receive an option to reset the password.

  19. It's a trap. Really, it's a gov't honeypot. by Anonymous Coward · · Score: 0

    Don't be naive, folks.