Slashdot Mirror

← Back to Stories (view on slashdot.org)

Torrent Sites Earned $70M After Dropping Malware On Visitors (softpedia.com)

Posted by Soulskill on from the all-about-the-benjamins dept.

jones_supa writes: One in three torrent sites is spreading malware, claims a recent joint report (PDF) from Digital Citizens Alliance and RiskIQ, which compiled data from over 800 sites. Most of the time, the sites expose visitors to drive-by attacks that silently download malicious files on computers without any user interaction. These types of attacks are usually carried out through malvertising campaigns. It turns out that this is actually a good business for the operators of the pirate sites: depending on traffic, they can make between $200 and $5,000 per day. In total it is estimated that this type of covert agreement between malware distributors and pirate site operators has pocketed the latter about $70 million per year.

44 of 91 comments (clear)

  1. Never trust torrent sites by Flavianoep · · Score: 2

    Now, there is a reason not to download pirated media. If only most of malware on internet were on illegal torrent sites!

    --
    Linux is for people who don't mind RTFM.
    1. Re:Never trust torrent sites by Anonymous Coward · · Score: 1

      It's also sad that the $70M goes to the malware business instead of the entertainment artists.

    2. Re:Never trust torrent sites by Anonymous Coward · · Score: 3, Insightful

      Just remember that $70M is calculated the same was the DEA calculates drug bust values and the RIAA/MPAA calculate piracy losses.

    3. Re:Never trust torrent sites by NotDrWho · · Score: 5, Insightful

      I would download something from the Pirate Bay any day over a site like CNET's download.com. At least with Pirate Bay, there is a CHANCE a program doesn't come with malware.

      --
      SJW's don't eliminate discrimination. They just expropriate it for themselves.
    4. Re:Never trust torrent sites by operagost · · Score: 4, Interesting

      ^ This. "Legitimate" sites inject malware into downloads and somehow escape the FTC year after year.

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
    5. Re:Never trust torrent sites by Anonymous Coward · · Score: 1

      You are talking about the MPAA/RIAA...right?

    6. Re:Never trust torrent sites by edtice1559 · · Score: 1

      Yesterday I suggested that Windows from a Torrent probably wasn't as secure as Linux and got toasted! Download Linux ISOs directly from the distributors web sites and verify the hashes.

    7. Re:Never trust torrent sites by fisted · · Score: 2

      Or torrent them, and verify the hashes.

      --
      CLI paste? paste.pr0.tips!
    8. Re:Never trust torrent sites by edtice1559 · · Score: 2

      The problem with that is the torrent site you use may have infected your machine with malware. That malware could frustrate your attempt to verify the signature. Torrent is a good solution if the tracker is hosted by the distributor. Not so much if you have to poke in dark corners of the interwebs. Of course you can move the download to another machine to verify the signature. There are (unfortunately) not enough people downloading Linux ISOs to even get better performance by torrenting them. :(

    9. Re:Never trust torrent sites by Flavianoep · · Score: 1

      That usually works for Mageia, especially on the days after a new release. Every time I torrented Mageia ISO (or a Mandriva ISO before Mageia) I could get the file in less than 4 hours.

      --
      Linux is for people who don't mind RTFM.
    10. Re:Never trust torrent sites by Anonymous Coward · · Score: 1

      Virtualization can go a long way with this. Create two VMs: VM1 is a PFSense appliance with firewalling, and VM2 is the VM for fetching and downloading torrents. This way, if VM2 gets infected, VM1 keeps it from affecting anything else, and a simple snapshot rollback kills all malware on VM2.

      If worried about a VM->hypervisor bug, run the web browser in a sandbox (sandboxie, for example.)

      Then, when done torrenting, fetch the files out (you can shut the VM down and fish them out of the disk image), roll back the snapshot, done. Then, before using the image, check the signatures to be completely sure.

      Disclaimer: I mainly have had to do this with downloads from a certain popular Windows download site, I've had to let it start the process of installing adware, then yank out the real installer for the utility I was needing (last time, a utility for Mac .dmg files.)

    11. Re:Never trust torrent sites by mlts · · Score: 2

      I have had a VM browser get nailed on legit sites as well. Malvertising has replaced spam as the #1 issue plaguing the Net.

      How are torrent sites that different from "top tier" websites that have had their ad servers dish out malware? Either way, it is wise to browse in a virtual machine, sandbox, or both.

      In fact, given a choice of a download from a torrent site versus a popular software download site, I'll take the torrent. The torrent has anti-tampering resistance by itself (assuming the torrent file wasn't changed), and I can compare the hash of the download with the torrent manifest, and hashes stored on VirusTotal for additional assurance. Plus, I can have my NAS download and seed the torrent so it isn't taking up CPU and I/O on my main computer.

      In fact, this is a lot easier on the Net as a whole doing this, (last download was Ubuntu Server for testing obnam, attic, borgbackup, and zbackup.) Faster too.

    12. Re:Never trust torrent sites by matbury · · Score: 1

      I wish the press would do a little fact-checking. They regularly report massive losses from unauthorised copying and sharing of commercial media running into $trillions if you add it all up. And still, the film industry is reporting increasingly higher box-office and sales profits for every movie they release. So who's suffering these losses? Which films are taking a cut in profit because of piracy?

  2. Okay, so... by U2xhc2hkb3QgU3Vja3M · · Score: 3, Insightful

    The websites send files to auto-download and it fills up my download folder a bit.

    If you're computer-saavy enough to use torrents, you should be smart enough to disable the "automatically run downloaded files" feature of your browser.

    Actually, one thing that really bugs me is those damn websites that force a file download when I try to view a PDF file inside my browser.

    1. Re:Okay, so... by Anonymous Coward · · Score: 3, Interesting

      I smell scaremongering rather than actual facts. There are no examples or case studies, just random numbers extrapolated to create a narrative and big money numbers.

      What I'm surprised about is no "tech" site picking up the mining code running in hidden iframes on websites. It's bad enough with auto-playing videos for "affiliates", but now sites are trying to steal CPU cycles on our machines so they can create a billionth of a bitcoin every other year.

    2. Re:Okay, so... by CCarrot · · Score: 1

      Browsers have an "automatically run downloaded files" feature?

      It's called Javascript and Flash...

      --
      "I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
  3. This is what kills piracy, not goverments by Ravaldy · · Score: 1

    I see this as a much bigger threat to piracy than any enforcement of copyrights on individuals. Just a though.

  4. Page one: "Digital Bait" by pegr · · Score: 3, Insightful

    "How Content Theft Sites and Malware Are Exploited By Cybercriminals to Hack Into Internet Users' Computers and Personal Data"

    And you've blown any credibility you may have had.

  5. Shocking Company funded by Movie Companies... by ZiakII · · Score: 4, Insightful

    Shocking Company funded by movie companies gives reason not to use torrents.

    1. Re:Shocking Company funded by Movie Companies... by Anonymous Coward · · Score: 1

      At least Softpedia doesn't pack downloads within their own binaries so they can shove adware down your throat like CNet. How ironic would that have been if it was a CNet... or even worse... Softonic, the main ransomware deliverer on the Internet :)))

    2. Re:Shocking Company funded by Movie Companies... by johannesg · · Score: 1

      Plus, how can this in fact be true? The torrent sites themselves aren't uploading any material, they are just hosting the .torrent files. Is it even possible to change those to also include malware (which would have to come from a different domain than the rest of the torrent), and if so, how would it get launched once on the users' machine?

    3. Re: Shocking Company funded by Movie Companies... by WarJolt · · Score: 2

      Once Torrent is served it is immutable. You cannot add things to it. The torrent could be infected during creation, but what really works is infecting the site that you use to download the torrent file. The easiest method is to trick users into thinking they need a browser plugin or something.

    4. Re:Shocking Company funded by Movie Companies... by Falos · · Score: 1

      TFS is referencing the webpage, not the torrent. They just keep repeating the latter for some reason. "One in three websites is spreading malware, claims a recent joint report" would probably still be accurate.

      Pretty sure the "free mp3s" pages of the 90's were laden more than 33%. Actually, I reckon that's still not a smart google to date.

    5. Re:Shocking Company funded by Movie Companies... by Dragonslicer · · Score: 1

      I know the quality has gone down a lot here at Slashdot, but believe it or not, sometimes the summary does still include useful information.

  6. Guiding force of the internet. by blueshift_1 · · Score: 3, Insightful

    Again it falls under - if you're not paying for it, then you're the product. From facebook to bit torrent, this is a guiding force of the internet.

  7. Who is the Digital Citizens Alliance? by PopeRatzo · · Score: 4, Informative

    This report is from something called the "Digital Citizens Alliance". Sounds good, right? Sounds like a bunch of pro-freedom net citizens protecting all of our rights, yes?

    Would it surprise you to learn that the DCA is a lobbying group involved in trying to get Google to take down search results? Here's a sentence from their materials:

    Creators aren't the only ones harmed by content theft...

    Does anyone else smell an agenda here?

    --
    You are welcome on my lawn.
    1. Re:Who is the Digital Citizens Alliance? by PopeRatzo · · Score: 1

      If you look at their about page

      They're a great organization. Just ask them!

      --
      You are welcome on my lawn.
  8. And this is why I will never trust ads ... by gstoddart · · Score: 3, Interesting

    These types of attacks account for 45% of all malware infections and are usually carried out through infected ads in so-called malvertising campaigns.

    And this shit is why I will never, ever be willing to treat ads as anything but malicious and dangerous affronts to my privacy and security.

    I lump all analytics and ads into the same bucket: evil greedy bastards who I will never trust, never allow to run scripts, and whose content I will block as long as I have the means. Because, quite frankly, I don't see the difference between the "legitimate" ones and the "shady" ones.

    The only way to win is not even play. Once you start running blocking stuff and realize the amount of shit embedded in every web page, you just treat them all as parasites or shit on your shoe: you remove them with extreme prejudice.

    --
    Lost at C:>. Found at C.
    1. Re:And this is why I will never trust ads ... by thegarbz · · Score: 1

      And this shit is why I will never, ever be willing to treat ads as anything but malicious and dangerous affronts to my privacy and security.

      When I scroll to the top of the page I am greeted with the following text on the right:

      "Ads Disabled: Tick
      Thanks again for helping make Slashdot great!"

      Rings true doesn't it, though I'm not sure that's the message that Dice intended.

  9. Re:More generally by Anonymous Coward · · Score: 1

    I think that's called "capitalism".

  10. qBittorrent by waspleg · · Score: 1

    There's no need to visit a site when your client has built in search across whatever you want to configure it with as well as sensible defaults and no malware included (I'm looking at YOU SourceForge).

    I highly recommend qBittorrent for that, as one reason among many. I've used it for years and is the best client I've encountered.

    Also, who visiting a torrent site doesn't use ad blocking? Why would you do that to yourself?

    1. Re:qBittorrent by Anonymous Coward · · Score: 1

      qBittorrent: hosted at.... SourceForge!

    2. Re:qBittorrent by angelbar · · Score: 1

      Rats!!

      --
      -no sig today-
    3. Re:qBittorrent by QRDeNameland · · Score: 1

      There's no need to visit a site when your client has built in search across whatever you want to configure it with as well as sensible defaults and no malware included (I'm looking at YOU SourceForge).

      I highly recommend qBittorrent for that, as one reason among many. I've used it for years and is the best client I've encountered.

      While I agree with your recommendation of qBittorrent, in-client search is only useful when you know exactly what you're looking for. If you want to browse, you're SOL unless you visit the site(s).

      As to the issue with qBittorrent and SourceForge, their primary download provider is FossHub, and it is also available via Ninite, neither of which seems to have whored out their reputation like SourceForge...yet.

      --
      Momentarily, the need for the construction of new light will no longer exist.
  11. Re:That PDF is lacking in so many details. . . by Vlad_the_Inhaler · · Score: 3, Informative

    Details like:

    What internet browser did they use?
    What basic security measures did they use?
    What does "Exposure" mean? Did the malware actually infect the computers exposed or did their security catch it?
    What sites did they test?

    I note things like how this very article LIES: 55% are user-initiated downloads, only 45% are drive-by downloads! Or how, while it is true that you're 28 times more likely to be "exposed" to malware on the piracy sites. . .it's a rise from 1 in 333 to 1 in 12. And again. . .Did those computers exposed actually get infected by the malware, or do basic security measures stop it?

    what operating system?
    Flash or Java vulnerabilities?

    nuthin useable.

    --
    Mielipiteet omiani - Opinions personal, facts suspect.
  12. Re:More generally by Vlad_the_Inhaler · · Score: 4, Funny

    Is there a name for an activity that earns you money, but less than the value of the damage you cause, making your activity a net negative for society? Any example of well-respected professions that would qualify?

    Lawyer?
    Oh, you said "well-respected". My bad.

    --
    Mielipiteet omiani - Opinions personal, facts suspect.
  13. Re:Never had any issues on Linux by malditaenvidia · · Score: 1

    Using a different OS altogether for something stupid like browsing torrent sites seems unnecessarily laborious. Specially considering extensions like noscript and umatrix exist.

  14. Re:But the record and film industry is the problem by Anonymous Coward · · Score: 2, Insightful

    For the most part, people who download torrents understand the risks and are voluntarily subjecting themselves to the risks of a quasi-legal enterprise. People are less apt to complain about the consequences of choices they have made, and less likely to protest that people who don't understand the realities of downloading are getting taken for a ride.

    On the other hand, the music industry is a big, legal business which screws everyone involved with it but at the same time, protests that it has the moral high ground simply because the law says it gets its privileges.

    The reality is that they're both problematic, but the download sites are less inclined to pretend that they aren't an inhabitant of the Wild West of the Internet.

  15. Re:Dumb by gstoddart · · Score: 1

    Ah well, torrents are for cows anyway.

    LOL ... Moo you damned torrenting cows, moo.

    --
    Lost at C:>. Found at C.
  16. liberalism, politician by raymorris · · Score: 1

    The answers to your two questions are:
    Liberalism
    Politician

    See also "broken window fallacy ", on which most liberal economic thinking is based.

  17. Re:wait a minute by gweilo8888 · · Score: 1

    Exactly. Somebody just pulled these numbers out of thin air, and didn't even try to make them look convincing.

  18. 75 Trillion Dollars! by DarthVain · · Score: 1

    Given the "estimates" usually made by companies paid by big media for piracy studies and the like, that makes me think that 70 Million is lot lot less by several levels of magnitude.

  19. avoiding malware...streaming! by l0n3s0m3phr34k · · Score: 1

    This is a major reason I've pretty much abandoned torrenting, instead I just use Kodi with Genesis. No more pop-ups, malware, etc.

  20. Re:More generally by RivenAleem · · Score: 1

    Wrecking Ball Operator?