Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
The Almighty Buck Piracy

Torrent Sites Earned $70M After Dropping Malware On Visitors ( 91

jones_supa writes: One in three torrent sites is spreading malware, claims a recent joint report (PDF) from Digital Citizens Alliance and RiskIQ, which compiled data from over 800 sites. Most of the time, the sites expose visitors to drive-by attacks that silently download malicious files on computers without any user interaction. These types of attacks are usually carried out through malvertising campaigns. It turns out that this is actually a good business for the operators of the pirate sites: depending on traffic, they can make between $200 and $5,000 per day. In total it is estimated that this type of covert agreement between malware distributors and pirate site operators has pocketed the latter about $70 million per year.
This discussion has been archived. No new comments can be posted.

Torrent Sites Earned $70M After Dropping Malware On Visitors

Comments Filter:
  • by Flavianoep ( 1404029 ) on Friday December 11, 2015 @10:49AM (#51100093)
    Now, there is a reason not to download pirated media. If only most of malware on internet were on illegal torrent sites!
    • by Anonymous Coward
      It's also sad that the $70M goes to the malware business instead of the entertainment artists.
      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Just remember that $70M is calculated the same was the DEA calculates drug bust values and the RIAA/MPAA calculate piracy losses.

        • I wish the press would do a little fact-checking. They regularly report massive losses from unauthorised copying and sharing of commercial media running into $trillions if you add it all up. And still, the film industry is reporting increasingly higher box-office and sales profits for every movie they release. So who's suffering these losses? Which films are taking a cut in profit because of piracy?

      • by Anonymous Coward

        You are talking about the MPAA/RIAA...right?

    • by NotDrWho ( 3543773 ) on Friday December 11, 2015 @11:27AM (#51100299)

      I would download something from the Pirate Bay any day over a site like CNET's At least with Pirate Bay, there is a CHANCE a program doesn't come with malware.

      • by operagost ( 62405 ) on Friday December 11, 2015 @11:35AM (#51100347) Homepage Journal
        ^ This. "Legitimate" sites inject malware into downloads and somehow escape the FTC year after year.
      • by mlts ( 1038732 )

        I have had a VM browser get nailed on legit sites as well. Malvertising has replaced spam as the #1 issue plaguing the Net.

        How are torrent sites that different from "top tier" websites that have had their ad servers dish out malware? Either way, it is wise to browse in a virtual machine, sandbox, or both.

        In fact, given a choice of a download from a torrent site versus a popular software download site, I'll take the torrent. The torrent has anti-tampering resistance by itself (assuming the torrent file wa

    • Yesterday I suggested that Windows from a Torrent probably wasn't as secure as Linux and got toasted! Download Linux ISOs directly from the distributors web sites and verify the hashes.
      • by fisted ( 2295862 )

        Or torrent them, and verify the hashes.

        • The problem with that is the torrent site you use may have infected your machine with malware. That malware could frustrate your attempt to verify the signature. Torrent is a good solution if the tracker is hosted by the distributor. Not so much if you have to poke in dark corners of the interwebs. Of course you can move the download to another machine to verify the signature. There are (unfortunately) not enough people downloading Linux ISOs to even get better performance by torrenting them. :(
          • That usually works for Mageia, especially on the days after a new release. Every time I torrented Mageia ISO (or a Mandriva ISO before Mageia) I could get the file in less than 4 hours.
          • by Anonymous Coward

            Virtualization can go a long way with this. Create two VMs: VM1 is a PFSense appliance with firewalling, and VM2 is the VM for fetching and downloading torrents. This way, if VM2 gets infected, VM1 keeps it from affecting anything else, and a simple snapshot rollback kills all malware on VM2.

            If worried about a VM->hypervisor bug, run the web browser in a sandbox (sandboxie, for example.)

            Then, when done torrenting, fetch the files out (you can shut the VM down and fish them out of the disk image), roll

  • Okay, so... (Score:4, Insightful)

    by U2xhc2hkb3QgU3Vja3M ( 4212163 ) on Friday December 11, 2015 @10:50AM (#51100101)

    The websites send files to auto-download and it fills up my download folder a bit.

    If you're computer-saavy enough to use torrents, you should be smart enough to disable the "automatically run downloaded files" feature of your browser.

    Actually, one thing that really bugs me is those damn websites that force a file download when I try to view a PDF file inside my browser.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      I smell scaremongering rather than actual facts. There are no examples or case studies, just random numbers extrapolated to create a narrative and big money numbers.

      What I'm surprised about is no "tech" site picking up the mining code running in hidden iframes on websites. It's bad enough with auto-playing videos for "affiliates", but now sites are trying to steal CPU cycles on our machines so they can create a billionth of a bitcoin every other year.

  • I see this as a much bigger threat to piracy than any enforcement of copyrights on individuals. Just a though.

  • by pegr ( 46683 ) on Friday December 11, 2015 @10:59AM (#51100139) Homepage Journal

    "How Content Theft Sites and Malware Are Exploited By Cybercriminals to Hack Into Internet Users' Computers and Personal Data"

    And you've blown any credibility you may have had.

  • by ZiakII ( 829432 ) on Friday December 11, 2015 @11:01AM (#51100147)
    Shocking Company funded by movie companies gives reason not to use torrents.
    • Plus, how can this in fact be true? The torrent sites themselves aren't uploading any material, they are just hosting the .torrent files. Is it even possible to change those to also include malware (which would have to come from a different domain than the rest of the torrent), and if so, how would it get launched once on the users' machine?

      • Once Torrent is served it is immutable. You cannot add things to it. The torrent could be infected during creation, but what really works is infecting the site that you use to download the torrent file. The easiest method is to trick users into thinking they need a browser plugin or something.

      • by Falos ( 2905315 )
        TFS is referencing the webpage, not the torrent. They just keep repeating the latter for some reason. "One in three websites is spreading malware, claims a recent joint report" would probably still be accurate.

        Pretty sure the "free mp3s" pages of the 90's were laden more than 33%. Actually, I reckon that's still not a smart google to date.
      • I know the quality has gone down a lot here at Slashdot, but believe it or not, sometimes the summary does still include useful information.
  • by blueshift_1 ( 3692407 ) on Friday December 11, 2015 @11:04AM (#51100181)
    Again it falls under - if you're not paying for it, then you're the product. From facebook to bit torrent, this is a guiding force of the internet.
  • Upper right corner: "FLASH SALE: SpyShelter Premium 1YR 33% OFF!"

    That managed to make it through adblocking and Umatrix. I am somewhat surprised that they only seem to use Google Analytics, though. Very, very little in the way of third party javascript for ad networks and analytics/tracking.

  • by PopeRatzo ( 965947 ) on Friday December 11, 2015 @11:23AM (#51100287) Journal

    This report is from something called the "Digital Citizens Alliance". Sounds good, right? Sounds like a bunch of pro-freedom net citizens protecting all of our rights, yes?

    Would it surprise you to learn that the DCA is a lobbying group involved in trying to get Google to take down search results? Here's a sentence from their materials:

    Creators aren't the only ones harmed by content theft...

    Does anyone else smell an agenda here?

  • by gstoddart ( 321705 ) on Friday December 11, 2015 @11:29AM (#51100305) Homepage

    These types of attacks account for 45% of all malware infections and are usually carried out through infected ads in so-called malvertising campaigns.

    And this shit is why I will never, ever be willing to treat ads as anything but malicious and dangerous affronts to my privacy and security.

    I lump all analytics and ads into the same bucket: evil greedy bastards who I will never trust, never allow to run scripts, and whose content I will block as long as I have the means. Because, quite frankly, I don't see the difference between the "legitimate" ones and the "shady" ones.

    The only way to win is not even play. Once you start running blocking stuff and realize the amount of shit embedded in every web page, you just treat them all as parasites or shit on your shoe: you remove them with extreme prejudice.

    • And this shit is why I will never, ever be willing to treat ads as anything but malicious and dangerous affronts to my privacy and security.

      When I scroll to the top of the page I am greeted with the following text on the right:

      "Ads Disabled: Tick
      Thanks again for helping make Slashdot great!"

      Rings true doesn't it, though I'm not sure that's the message that Dice intended.

  • There's no need to visit a site when your client has built in search across whatever you want to configure it with as well as sensible defaults and no malware included (I'm looking at YOU SourceForge).

    I highly recommend qBittorrent [] for that, as one reason among many. I've used it for years and is the best client I've encountered.

    Also, who visiting a torrent site doesn't use ad blocking? Why would you do that to yourself?

    • by Anonymous Coward

      qBittorrent: hosted at.... SourceForge []!

    • There's no need to visit a site when your client has built in search across whatever you want to configure it with as well as sensible defaults and no malware included (I'm looking at YOU SourceForge).

      I highly recommend qBittorrent for that, as one reason among many. I've used it for years and is the best client I've encountered.

      While I agree with your recommendation of qBittorrent, in-client search is only useful when you know exactly what you're looking for. If you want to browse, you're SOL unless you

  • This is a major reason I've pretty much abandoned torrenting, instead I just use Kodi with Genesis. No more pop-ups, malware, etc.

"For a male and female to live continuously together is... biologically speaking, an extremely unnatural condition." -- Robert Briffault