Spyware, adware hide in BitTorrent downloads

BitTorrent users, beware: Your download may include adware and spyware.

Purveyors of the applications that produce pop-up ads on PC screens and track browsing habits have discovered BitTorrent as a new distribution channel. According to observers of the trend, videos and music that hide adware and spyware are increasingly being offered for download on various BitTorrent Web sites.

BitTorrent has grown into one of the most widely used means of downloading files such as movies or software. Unlike peer-to-peer networks such as Kazaa, eDonkey and the original Napster, no central search technology exists for BitTorrent. Instead, links to specific files are posted on Web sites.

While applications such as Kazaa have long been associated with adware and spyware, BitTorrent has not. Until now, that is. Chris Boyd, a security researcher who runs the Vital Security Web site, said he found adware and spyware hiding in BitTorrent files.

In one case, an episode of the Fox TV show "Family Guy" was bundled with several pieces of known adware, according to Boyd. "Under that kind of load, a midrange PC can easily go under," Boyd said. Both spyware and adware are known to hurt PC performance because they use PC resources to run.

In other examples, music files and porn videos came bundled with adware or spyware, Boyd said in an e-mail interview. He suspects that online marketers have launched campaigns to get their software installed on more desktops using BitTorrent.

"This is one of the most egregious spyware infestations that we have seen," said Alex Eckelberry, president of Sunbelt Software, a maker of anti-spyware software. "It is a major concern. It is going to riddle your system with pop-ups, slow your system down and potentially cause system instability."

The downloaded files typically were self-extracting archives that would also install the unwanted software, Boyd said. In most cases, users would be presented with a dialog box advising that the extra software was about to be installed and given the impression that the install was needed to get access to the desired content, he said.

However, Boyd found, it was possible to get access to the entertainment the user wanted without installing the adware or spyware. Simply declining the adware and spyware license a couple of times gives access to the content, he said.

On his Web site, Boyd listed a Canadian company as one of the businesses that send out adware and spyware on BitTorrent. That company's Web site appeared to have been hacked Thursday, with the front page replaced with a picture and a profane message stating that the company should leave BitTorrent alone.

As of late Thursday afternoon, BitTorrent creator Bram Cohen had not replied to an e-mail seeking comment on the issue.

[aabcdefghij987654321]

Never had a problem. Never seen a problem.

in over 2 years worth of using BitTorrent

Well

Since when are movies coming in .exe file extension?
Well if you are not aware of this maybe you shouldn't use computer at all,I don't see how .mpg,.mp3 would infect pc if they are real files,that doesnt include fake files and .exe files,but you should alredy understand this.Little common sense can prevent runing something that doesn't look right in first place.

[Andrew J Glina]

Spot On

This is bad reporting. It is not BitTorrents fault at all. This is a problem that could, and probably does, affect all file sharing networks, ever IRC.

[Sam Papelbon]

wait... WHAT?

i thought .exe was a highly compressed video format!!!

you mean that sobersomethin.exe file that was 5mb wasn't ACTUALLY revenge of the sith?

b-but the website it was on said 'zomg teh revernge of da sith, downlode plz', you just can't resist marketing like that!

This is new?????

Incredibly lazy reporting. This has been around for years, did you just dust off an old story and do a find/replace from Kazaa to BitTorrent? Find a vague quote about a popup box and voila, new story?

How about reporting on why this is possible, precautions people should take to avoid this, maybe even explain what a self extracting file and how it differs from a video or audio clip? You mention a Canadian company is responsible for much of this. Who are they? Has anyone contacted the RCMP on this issue?

[JLBer]

So, which one is worse?

In order to install this crap, that company needs to modify the files that were otherwise being distributed. That means that the spyware company is likely violating laws and EULAs that state that the code is proprietary and cannot be modified. So, where is the outrage from the software companies that (A) this Canadian firm is apparently making this software available on BitTorrent and (B) the software is being modified without the owner's permission? After all, I'm sure that Fox would have something to say about them releasing "Family Guy" episodes over BitTorrent.

Oh, before someone complains that you cannot "infect" movies with spyware or adware, WMV files most certainly can be because they can include code that is executed through Media Player, more often than not to open up a web page through IE which can infect the PC...not that IE is insecure or anything. *cough*

before spreading fud...

please actually rtfa. these people are bundling the movie/song/software the end user wants into a compressed executable that includes the spyware. when the end user double clicks on the executable it automatically (after prompting the end user according to tfa) installs the spyware. the company is not actually infecting wmv files (although i will agree that it is possible to infect wmv files) or any other files for that matter, but are just piggybacking the spyware on the exe file that is downloaded.

if people would not click "YES" or "CONTINUE" to every single prompt that comes up, and actually read what is on the screen, the internet would be a better place.

Where is the MPAA..RIAA...

Releasing copyrighted material to infect a user with adware, spyware, whateverware, should get some of these companies in hot water. If enough people seed these files with this garbage software, the --AAs will take notice. We can have them get rid of one scourge of the world for us. Maybe they will back off of 80 yr old grannies and go after real money

[d_jedi]

Yes.. the authorities should be contacted..

Especially since they're illegally distributing copyright protected content (Family Guy episodes, in this case..)

Nothing to do with BitTorrent...

BitTorrent isn't doing anything but fetching a
file. The same rules apply for files downloaded
via BitTorrent as with HTTP or FTP: if it's
executable, don't execute it. If you are using
Windows, don't open it if it's in a format known
to be exploitable as a vector for spreading
malware (JPEG, unless you've got the patch, WMV,
Word Document, etc.).

There's nothing magical about BitTorrent that is
providing a new vulnerability or that would
mystically patch vulnerabilities, it just grabs
bits from a network and stitches them into a
file. It's up to you to figure out how to safely
handle the file you ask for.

[City_Of_LA]

LOL

What a lazy article. Anyone with half a brain and very little torrent/kazaa/IT experience would know what to look out for.

[janjop31]

Spyware Sucks!

I kind of agree but bittorrent has been a kind of safe filesharing method up to now. Sucks that people
have found a way to use it for spyware distribution. The last file I downloaded was virus infected too and it had like 70 seeds and 100 leachers. What are we pirates supposed to think now? Maybe we need to come up with such an obscure filesharing method that only geeks and pirates can figure out how to use it.