Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Gaming Torrents Download Unwanted Apps Instead of Popular Games (helpnetsecurity.com)

Posted by msmash on from the security-woes dept.

Reader Orome1 writes: If you're looking for torrents to download pirated copies of popular games, be extra careful not to be tricked into downloading malicious and unwanted software instead. According to Symantec researchers, who have been trawling popular torrent websites, there's an active distribution campaign going on that delivers potentially unwanted apps posing as torrents for games like Assassin's Creed Syndicate, The Witcher 3, World of Warcraft: Legion, The Walking Dead: Michonne, and several others. At first glance, the torrent does not seem suspicious -- its size is as small as expected from a torrent file. After saying "Yes" to the UAC security dialogue that asks if they are sure they want to allow the program to make changes to the computer, users end up with a file downloaded from a Google Drive -- a file that is considerably larger than a torrent file (around 3.5 MB) and is obviously an executable.

46 of 92 comments (clear)

  1. Old News by HumanWiki · · Score: 4, Informative

    Not even close to a new concept and has been done since back in the days of KaZaa, eMule, Napster, Morpheus, etc.

    1. Re:Old News by Yvan256 · · Score: 2

      Everything old is new again.

    2. Re:Old News by Mashiki · · Score: 2

      Even older then that. This was happening back in the 90's when usenet was the main source of downloading everything.

      --
      Om, nomnomnom...
    3. Re:Old News by dunkindave · · Score: 1

      Everything old is new again.

      Well, since everything "new" seems to be old, that makes sense.

    4. Re:Old News by gl4ss · · Score: 1

      the uac popup comes after. and its an origin popup.

      should be obvious.

      once its local exe running an actual uac might pop up,.. but actual local already running code can get around uac shockingly easily. because disabling it getting around it easily(by disabling scheduler etc, services) breaks "core" windows mechanisms. and it can still get around emet..

      --
      world was created 5 seconds before this post as it is.
    5. Re:Old News by RogueyWon · · Score: 1

      I can remember having to cleanse the computer of a friend of my parents who had been downloading warez back in 1998. Since then, attempted piracy (albeit not just of games) has been one of the most common causes I've come across of malware infections. Not only are the torrents themselves often laden with malware, but the sites hosting those torrents are also highly likely to be running malware-pushing javascript.

      More irritatingly, I've also noted a growing trend towards legal mods for games being used as a malware vector. World of Warcraft has had particular problems with this in the past (and may still have them for all I know); entirely legal and EULA-compliant UI modifications being distributed with malware designed to steal login details.

    6. Re:Old News by Austerity+Empowers · · Score: 1

      And on countless BBSes in the late 80s and early 90s. The term "Trojan Horse" has some age to it as well, I hear it may have been coined a few years before the invention of the computer.

    7. Re:Old News by rtb61 · · Score: 2

      It really makes no sense any more though, why bother a little bit of patience and http://whenisthenextsteamsale...., you end up with games you have bought and simply don't get around to playing because, so, so many games and so little time (let alone the time vacuum of free to play MMOs). No hurry to buy new games because there are so many old games I have yet to play. It's like kids stealing stuff, just to steal stuff, even though they just throw it away (the pleasure of the risk over any value from the reward).

      --
      Chaos - everything, everywhere, everywhen
    8. Re:Old News by Mashiki · · Score: 1

      Well you gotta keep in mind that back in the 90's when you were a kid and broke you pirated because you wanted to play games. Then you got a job, went to school(picked a good career path and were rewarded later), were still broke, occasionally pirated when you could and played the occasional game. Now you're in your 30's and 40's(some 50's), you've got free time, wife/kids/SO/etc., they may or may not be a gamer as well. But they're fine with your hobby because they've got their own. And you spend some of your money maybe $500/year on gaming. Now there's an entire new generation of kids out there doing the same things you used to do, for some it's tougher finding work because there's also a lot of those people who didn't pick a good career path and are stuck doing the jobs teenagers used to do. But it's the same old stuff.

      --
      Om, nomnomnom...
    9. Re:Old News by rtb61 · · Score: 1

      Here you go, http://store.steampowered.com/.... When I was young $5 would only get you shareware crap, games have not changed that much in price, the majority are pretty much at the same price they used to be and for the price of a new release you can buy a bunch of other games. Some of the really cheap games are really good, just old and don't sell any more. Seriously not worth taking the risk running an exe from an unkown source, when the starting price is 99 cents. Patience can save you a lot of money.

      --
      Chaos - everything, everywhere, everywhen
  2. What has become of this world? by narcc · · Score: 5, Interesting

    Downloading software from shady online sources is suddenly risky? Say it isn't so!

    --
    Required reading for internet skeptics
    1. Re: What has become of this world? by MadChicken · · Score: 1

      I was just thinking this. I have hundreds of games from sales and bundles, many of which I haven't even touched.

      --
      SYS 64738 NO CARRIER
  3. In other news in 1996.... by Killall+-9+Bash · · Score: 1

    ....Gay porn masquerading as movies on Kazaa...?!?!?! GASP!

    --
    "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
    1. Re:In other news in 1996.... by Falos · · Score: 1

      This isn't Toy Story at all!

      Oh wait, the studio actually named this clip "Toy Stories". Huh.

    2. Re:In other news in 1996.... by Anonymous Coward · · Score: 1

      Or even child porn masquerading as normal porn. You see, I have several hundred gigs of porn I haven't yet seen despite having them on my disk for many years. And one movie turned out to be kiddie stuff.

      Thus, it is VITAL: you need to go view your entire porn collection NOW. Not just the beginnings, kiddie porn might start only in the middle of a legit flick, thus you need to watch your whole stash in its entirety. Your ass may depend on this!

  4. Where's the "noshit" tag when you need it? by xxxJonBoyxxx · · Score: 2

    >> Fake {Software/Media} Download(s) Unwanted Apps Instead of Promised {Software/Media}

    Where's the "noshit" tag when you need it? This has been going on since the bulletin boards and floppy exchanges, if not longer.

    A brain-dead presser like this make me wonder if anyone at Symantec even remembers Anna Kournikova.

  5. Don't be dumb by just+another+AC · · Score: 4, Insightful

    But that Nigerian prince seemed so nice!

    People on the internet will try to take advantage of you. I am shocked.

    (and this was the number one infection vector in the 90s... so this being news is like a patent being new because it is "in the cloud")

  6. What's not suspicious about that? by Lendrick · · Score: 1

    So you're saying that people are getting torrents of games, and then the total size of the file downloaded is only a few *megabytes*? That's not just "suspicious", it's obviously not the game you intended to download.

    1. Re:What's not suspicious about that? by Blue+Stone · · Score: 1

      Badly worded snippet, really. What they mean is the .torrent file, not the size of the actual torrented data to torrent file points to.

      The confusing terminology (to someone unfamiliar with the protocol) has been a (minor) problem with torrents from the beginning.

      --
      Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
    2. Re:What's not suspicious about that? by Qzukk · · Score: 2

      So now people are clicking on boobs.jpg.doc.wmv.torrent.exe?

      It's Windows 10, has microsoft stopped hiding the .exe extension yet?

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
  7. At least you kids get instant acccess by future+assassin · · Score: 1

    back in the day we had to wait for the modem to dial up while watching the snow fall outside so we can get our virus spreading keygens from Astalavista.

    --
    by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
  8. Hmm by The+MAZZTer · · Score: 3, Insightful

    Not clear to me how it goes from being a torrent file to a file downloaded from Google Drive. My only guess is it's not a torrent file but a .url file which lniks to the .exe mentioned. And this is incredibly easy to detect simply by knowing what you're expecting to get, and aborting when you see something unexpected (eg it's not actually a torrent file. the "torrent" didn't download what I expected, what it actually downloaded is incredibly suspicious). There are multiple opportunities to avoid getting infected, including the UAC dialog mentioned which should be a HUGE red flag.

    1. Re:Hmm by EvilSS · · Score: 1

      What are these ".exe" and "UAC" things you refer to? I'm confused...

      Go back to bed Grandpa. Your horse and buggy will be here in the morning to take you back to the plantation.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    2. Re:Hmm by Alumoi · · Score: 1

      On Linux, the browser will open the torrent client and the downloaded .torrent file is fed to it as data.

      Newsflash! It's the same on windows.

    3. Re:Hmm by silentcoder · · Score: 1

      In short though - the lack of an execute permission flag on Windows comes back to bite microsoft's customers yet again.

      On linux the file will not run without it, and when you notice it didn't run and go look - it should be pretty instantly obvious that it was not a magnet link but a script/executable and that should stop you from trying to run it unless you are pretty damn determined.

      Even with binmisc configured for wine it won't run a windows executable through wine without an execute bit set.

      --
      Unicode killed the ASCII-art *
  9. Re:Why would a torrent trigger UAC? by The+MAZZTer · · Score: 1

    It sounds like it's not really a torrent, but that the file it does download tries to get you to download a separate EXE which then elevates itself to install the unwanted software. OR the article is wrong and there is no UAC dialog (they show an Internet Explorer download dialog).

  10. Even headline is annoyingly "modern" for old story by flitty · · Score: 2

    They're not Unwanted "APPS", they're malware. You don't need to call everything an App. This story reads like someone who just found out that "unsubscribing" from spam is a bad idea. Also, you've got to be pretty, pretty dumb to run a 3.5 MB .exe file that calls itself "Witcher 3". Like, that's beginner level internet surfing 101.

    --
    Whether or not there is some sort of god, I'm not supposed to say/god is a word and the argument ends there-Smog
  11. This is news? by oldcarsmell · · Score: 1

    What you're describing is a very basic Trojan. Also, magnet links > .torrent files

  12. Never gonna give you up by MobyDisk · · Score: 2

    Never gonna give you up,
    Never gonna let you down,
    Never gonna run around...

    My favorite rick-roll of all time was when my brother bought a mod chip for his Nintendo DS, hacked it, installed the appropriate firmware, spent days downloading a torrent, went through a whole bunch of hacks and configuration steps, only to hear that amazing tune...

  13. Re:That's what you get for piracy by TheRaven64 · · Score: 2
    So don't buy them. I stopped buying games for quite a few years because I wasn't willing to put up with the DRM that they included. I realised that if I pirated them, then I'd talk about them, which might lead other people to buy them, and so I'd be supporting the publishers, albeit indirectly.

    Then gog.com launched and now I have bought a load more games than I have time to play. I can download a stand-alone installer for any of them, which I can back up and install on any computer that I own without needing an Internet connection. There's simply no excuse for pirating games these days.

    --
    I am TheRaven on Soylent News
  14. up to the minute news by roc97007 · · Score: 1

    I mean, it's not like this has been happening since the dawn of illegal downloads, when unscrupulous people were painting viruses on cave walls.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  15. Internet deception - Ric Romero reporting. by pecosdave · · Score: 1

    It seems that sometimes things on the internet are not always what they seem. Occasionally clicking on a link for a free iPad can land you on a video made by performer Rick Astley in the 1980's.

    More on this later, now for a news item about a local resident named Bob who has made a living out of his love for feinting goats and how his raising of goats in the city limits has upset the city counsel.

    --
    The preceding post was not a Slashvertisement.
  16. World of Warcraft: Legion by Calydor · · Score: 1

    1) Not released
    2) Requires subscription to play
    3) Requires activation on battle.net

    Idiots get what idiots deserve by clicking on that link.

    --
    -=This sig has nothing to do with my comment. Move along now=-
  17. honor among thieves? by micahraleigh · · Score: 1

    I thought these so-called thieves were just misunderstood ... and ahead of their time ... and visitors from a future world where everyone understands the value of working for free to create things without taking advantage of each other?

    I guess they're just not organized enough. If the government simply nationalized this industry and distributed the games equally to all there wouldn't be these unregulated artifacts. Also, think about how amazing government-created games are ... Curt Schillings software and all.

    Alternatively ... maybe these pirates are bad guys who victimize others and themselves and indicators of the government heavy dystopia to come.

  18. Oh no, i traveled back in time... by hyperar · · Score: 1

    Why am i seeing this in the main page on 2016?

  19. For everyone confused by this... by Gibgezr · · Score: 2

    The "torrent file" that is downloaded is always a tiny file, it's a descriptor for the torrent you wish to join. It's like a URL (but it is not a URL). The way downloading torrents on Windows works is often:
    1)Download a "torrent file".
    2)Open the "torrent file", which causes Windows to do a file association, which has it open your torrent application and feed it the torrent file. You join the torrent swarm and start uploading/downloading.

    Step 2 is the weakness: if you download something purporting to be a torrent file that is instead an executable, you might mistakenly allow it to run when you open it. The UAC will kick in and warn you, but still, shit happens.

    1. Re:For everyone confused by this... by wbo · · Score: 1

      No, there is still a difference. By default in Windows even with extensions off blah.torrent.exe will be listed as an "Application" type while blah.torrent will be listed as something else (by default "Torrent File" but could be different if an installed Torrent client customized the file type description).

      The problem is people blinding clicking on things without looking at what the OS is trying to tell them.

  20. This is braindead beyond compare by thegarbz · · Score: 1

    I mean you're at a torrent site, attempting to download a torrent file. Regardless of what button I press on the website, if I close my eyes and click in a random place on the screen and never confirm anything like the file size or the file type, who would be stupid enough to continue once a UAC prompt appears and your torrent application didn't open?

    I mean people who get tricked like this deserve to have their computer catch fire.

  21. Why even bother with warez any more? by Cruciform · · Score: 1

    Between Steam, the Humble Store, and GOG, you could set your max budget for buying any game at $5 to $10 and still end up with a massive backlog that you could never keep up to. If you're not set on 0-day, then the sale is going to happen eventually.

  22. Re:Safe hex by bioteq · · Score: 1

    You, sir, owe me a new keyboard and carpet.

    I was enjoying this tea, too!

  23. Re:That's what you get for piracy by lgw · · Score: 1

    Neither of which is an excuse to pirate games. If you pirate because you're a broke-ass student, that's surely a minor sin, but don't invent excuses.

    No demo? Watch a "let's play". Doesn't work on your system, or tried it and it was total crap? Steam refund. Really want to "back up" games (as if your backups will outlive Steam - mine haven't)? Buy from GOG.

    Personally, I just don't buy full-price games (I think the only game over $20 I've bought in the last 10 years was Doom). AAA games are mostly crap anyway, and there are plenty of great titles in the $5-10 range on Steam and GOG, especially during sales. Steam refunds make it easy for me to take a risk.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  24. New news by phorm · · Score: 1

    Indeed. These days you have paid for operating systems which will automatically download then bait-and-switch update to malware-ridden spyware. That some random software (game or otherwise) downloaded from a sketchy source could contain malware is laughably obvious.

  25. Firehose Failure. by Dishevel · · Score: 1

    How did enough people look at this and think ... "People need to see this."

    --
    Why is it so hard to only have politicians for a few years, then have them go away?
  26. News flash by viperidaenz · · Score: 1

    If you download a data file and then you get a prompt asking if you want to run an executable file, it's probably a trick.

  27. Illegal to download potential illegitate software? by Squallop · · Score: 1

    Wouldn't this mean that Symantec, are illegally downloading torrents to find this information in the first place? They would need to be downloading enough data to make this illegal in the cases that the torrent isn't just malware, but actual illegitimate software.

  28. Trusted Uploaders by Nyder · · Score: 1

    This is why there are trusted uploaders on torrent sites. These uploaders generally are trusted, as they have uploaded 1000's of files with no problems. But hey, I understand what is old is new again when you got youngsters just getting into the field.

    --
    Be seeing you...