Hackers Booby Trap uTorrent Downloads with Malware
Hackers Booby Trap uTorrent Downloads with Malware
Posted 09/14/2011 at 8:34am
| by Paul Lilly
6
Comments
Print
Ruh-roh Shaggy, peer-to-peer file sharing just became a little more dangerous. Hackers up to no good (and no, those two don't always go hand-in-hand) set their sights on BitTorrent.com and uTorrent.com, sneaking in the back and replacing legitimate downloads with tainted copies brimming with malware.
"This morning at approximately 4:20 a.m. Pacific Daylight Time (UTC -7), the uTorrent.com and BitTorrent.com Web servers were compromised. Our standard Windows software download was replaced with a type of fake antivirus 'scareware' program," BitTorrent stated in a blog post yesterday.
BitTorrent initially reported that hackers compromised downloads on BitTorrent.com as well, but later stated "After further analysis, we don't believe BitTorrent.com or the BitTorrent Mainline/Chrysalis clients were part of the incident."
BitTorrent.com unplugged uTorrent's affected servers less than two hours after the security breach and have since neutralized the threat and put them back online. Those who downloaded and installed a compromised build during that short window would have been greeted to a fake AV program called "Security Shield" that bombards users with popups and solicits payment to remove the virus.
More like this
6
Comments
Comments are closed on this article
KenLV
September 14, 2011 at 11:43pm
Wow, it’s getting to the point that you can’t safely steal software anymore. Whatever will all these thieves do? *
* Yes, yes, we're all aware that stealing, scratch that, I mean "torrenting" copyrighted materials and programs is expressly forbidden blah blah bullshit.
Caboose
September 15, 2011 at 8:13am
Torrents are relativly clean and safe for your computer. The nice thing about Torrents is that its community filtered. And these apps (uTorrent, etc) are not illegal in any sense at all. The amount of "legal" content that you can torrent is staggering.
If a torrent has malware of some kind in it, you'll find that it has few, if any seeds at all, plus good torrents have a lot of comments on it indicating what you are downloading is quality material, and not fake.
Even the torrents that are faked by the RIAA and MPAA are filtered out by the community for being fake.
p309
September 14, 2011 at 4:56pm
One of the latest "Fake AV" malware programs on the scene is a particularly nasty variant. The user sees his application shortcuts disappear, the Windows GuI disappears for the most part, and this is on top of all of the fake warnings.
TrendMicro's website has some good removal tools for this one, and there is another tool available for making the hidden files visible again.
http://esupport.trendmicro.com/solution/en-us/1056510.aspx Removal of the malware.
http://download.bleepingcomputer.com/grinler/unhide.exe Script to remove the +H attribute from files and folders (unhide files)
blkpanthr
September 14, 2011 at 8:54am
Yes, inside the downloaded torrents.
This happened to the Client itself.
I would blame the RIAA or MPAA on this one, i but i doubt they would inject that particular peice of junk...
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy1 day 14 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj1 day 14 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E3 days 11 hours ago
