Slashdot Mirror

← Back to Stories (view on slashdot.org)

Demonoid Resurrection Dismissed As Malware Was Legitimate

Posted by timothy on from the not-exactly-intuitive dept.

wo1verin3 writes "Previously reported on Slashdot was a story about a malware attempt masquerading itself as a Demonoid resurrection. It turns out this really was Demonoid making a comeback. With the site now back online with a new host, TorrentFreak caught up with its admins who tell us they have no malicious intent and simply want to bring a community back to together. While there is still uncertainty, one thing is absolutely clear – they do have the old Demonoid database."

22 of 83 comments (clear)

  1. A link to it by tebee · · Score: 5, Informative

    To save having to read the linked articles it's here http://www.d2.vu/

    --
    N.B. this user is far too lazy to write a witty and intelligent sig.
  2. Re:umm by The+Rizz · · Score: 5, Funny

    WTF is Demonoid resurrection?

    It's the fourth installment in the Demonoid series, coming after Demonoids and Demonoid^3.

  3. Re: umm by Anonymous Coward · · Score: 5, Informative

    Demonoid was/is an extremely popular torrent tracker that was shut down a while ago. There was always speculation that the site would return, as it had after past interruptions.
    Also, as it's a semi-private tracker, it doesn't gain much from "slashvertisements".

  4. Re:No Seeders anymore? by The+Rizz · · Score: 4, Informative

    Obviously not an expert but Demonoid was dead for so long who is still seeding these old files?

    Most torrents seed across multiple trackers and sites nowadays. Even if one site goes down, the same torrent may exist on dozens of other sites, and list the trackers for each of them.

  5. It's a trap? by collet · · Score: 5, Informative

    Maybe. From the old official IRC channel on p2p-network.net:

    "Topic for #demonoid is: OPEN REGS:UNKNOWN; SITE: DOWN; FORUM: DOWN; TRACKER: DOWN;| Welcome to #demonoid. | d2.vu is not demonoid, not run by demonoid admin or staff, and should not be supported. The site could be used to collect your usernames/passwords for their own use. Use at your own risk."

    1. Re:It's a trap? by uberbrainchild · · Score: 2

      I agree, let's just say that there are members that never got that email about it being up. I wouldn't trust that they have the old db and most likely they are just phishing basically.

      --
      Anveto
    2. Re:It's a trap? by Anonymous Coward · · Score: 5, Informative

      I agree, let's just say that there are members that never got that email about it being up. I wouldn't trust that they have the old db and most likely they are just phishing basically.

      It's the genuine database all right. I just logged in and all the details about my old account are there (including the good old up/dl ratio). I hope in the following weeks rare torrents will get seeded again. Not even pirate bay had the variety of rare torrents that demonoid had.

    3. Re:It's a trap? by EvilIdler · · Score: 4, Informative

      I had an account from 2005, and amazingly still remembered my password. Yep, it's the old DB. What sort of people are running the server is a whole different matter, though.

    4. Re:It's a trap? by Anonymous Coward · · Score: 5, Informative

      Because I entered the wrong password for my account first and it didn't let me in, then when I used the correct one it did. It also has the correct sign up date on my account profile.

    5. Re:It's a trap? by dissy · · Score: 4, Insightful

      Hopefully it's not a password you have used anywhere else.

      These people definitely have a copy of the old database, and thus salted password hashes.
      Anyone logging in right now is also providing their clear-text password and confirmation if it is the correct password, as well as their IP.

      Between the two facts that the government would have spent the time cracking the hashes without much concern over the cost, plus the banner ads that would complicate a sting type operation, it's looking less like a government honeypot.

      Still, we know very little about these new admins.
      We know the original admins are aware of this and do not approve, and we have been told (by the new admins) that they were given a backup of the database and website for safe keeping in case the original admins needed it to resurrect the site, which has not been disputed by the original admins.

    6. Re:It's a trap? by AbRASiON · · Score: 2

      I'm going to have to second this guys post - some of the obscure stuff on demonoid was fucking incredible. I could not only find rare foreign films, in the correct (foreign) language but with subtitles AND 720p AND with good seeds.... and often......... and even older ones.

      Seriously though, as a movie buff there were movies on demonoid, in good quality which where incredibly difficult to find anywhere, even legitimately. I do feel a bit bad about getting dodgy copies, I really do but damn it was useful for hard to find stuff, nothing has even come close since.

    7. Re:It's a trap? by SeaFox · · Score: 2

      Hopefully it's not a password you have used anywhere else.

      These people definitely have a copy of the old database, and thus salted password hashes.
      Anyone logging in right now is also providing their clear-text password and confirmation if it is the correct password, as well as their IP.

      As it was pointed out in the TorrentFreak article comments, you could always choose to pretend you've forgotten your password and have Demonoid reset it. That provides no confirmation the password they had was correct. The password they have would only be useful on other sites that also use one's email address for username, and honestly anyone not using a spam or otherwise not-their-normal email address for registration for this kind of thing deserves to get hacked for their stupidity.

  6. Okaaaay... by SeaFox · · Score: 4, Insightful

    So the Demonoid that was distributing malware was not a fake... so the admins really were sending malicious code to people in an effort to "bring a community back to together"?

    And now they want people to trust them?

    1. Re:Okaaaay... by PastTense · · Score: 3, Informative

      It' can happen on filesharing sites that advertisers have malware on their ads/sites--the firesharing site's administrators should check, but sometimes aren't very conscientious about it.

    2. Re:Okaaaay... by Anonymous Coward · · Score: 5, Informative

      Hell, we were Europe's leading portal site for years back in 2002, and even we sometimes had malware in our ads!

      It's a tricky business, because you usually have deals with advertising companies who themselves deal with thousands of clients automatically. It is impossible to prevent all malware that way. And it is impossible to manage it all by hand. (It would cost more that the ads earn you.)

      Of course we banned those ads quickly when we found out. But it was really a pointless battle. Even if we'd have done it all manually, the ads still came from foreign servers... by the thousands... and were sometimes changeable after going live. (E.g. Flash ads are unpredictable because closed-source.)
      And we'd be gone bankrupt.

      Hey... we went bankrupt anyway. ;))

      So: Deal with it. Cause it's not going away. Malware in ads is to be expected. Always.

    3. Re:Okaaaay... by Rob_Bryerton · · Score: 4, Insightful

      So: Deal with it. Cause it's not going away. Malware in ads is to be expected. Always.

      Or to put it another way, ads *are* malware, and as such, need to be blocked. Just as its standard fare to run AV on (Windows) PCs, all PCs regardless of OS should be running adblockers. Until the online advertising industry cleans up its act (don't hold your breath), everyone should be blocking their trojan-infused crap.

      Some may call this a dishonest justification for blocking ads; I call it safe and smart computing.

      Anybody have a car analogy? I couldn't come up with one. Extra points for working Natalie or Soviet Russia into the car analogy :)

  7. Confusing Headline by Anonymous Coward · · Score: 3, Insightful

    I interpretted this as:

    The demonoid resurrection was dismissed
    because
    the malware was legitimate.

    Even after reading the summary I was stilll completely lost for about 5 more passes.

    Please write your headlines more clearly.

  8. Re:No Seeders anymore? by thegarbz · · Score: 2, Interesting

    Obviously not an expert but Demonoid was dead for so long who is still seeding these old files?

    Most torrents seed across multiple trackers and sites nowadays. Even if one site goes down, the same torrent may exist on dozens of other sites, and list the trackers for each of them.

    Yes but how do new trackers announce themselves to existing seeds? Sure if the files were spread to other trackers and Demonoid brought back their tracker on the old domain then the system will just pick up where it left off. However, Demonoid is now restarting on the d2.vu domain so how would any of the current seeded files from Demonoid pick up on this tracker?

    They effectively will be starting from scratch, their only benefit is their name, goodwill, and the existence of a database of potential users to which they can direct their marketing.

  9. Not even making sense by Anonymous Coward · · Score: 3, Insightful

    What the fuck does "as soon as I logged in I was phished" mean? Do you even fucking understand what "phishing" means? How do you even decide you've been phished if this is your only place with this user and pass? (well, no, last one might get you a notice for failed attempt to log in to your mail box, though I don't think I've seen those from many services)

    tl;dr: parent's seemingly shilling for some shitty "very useful program", Go away and come with proper MyCleanPC success story.

  10. Re:PGP by flimflammer · · Score: 2

    What exactly would that avoid? It's not the original admins who are doing this, so who exactly among the people doing this, delivering a secure message, would you trust?

  11. Re:umm by Mikkeles · · Score: 4, Funny

    Who is Ass King Nicely?

    --
    Great minds think alike; fools seldom differ.
  12. Re:umm by Jane+Q.+Public · · Score: 2

    Demonoid was known for its list of "filez" torrents (books, references, etc.) much more than for movies and the like. Its list of such was far more extensive than most other trackers.