What are the risks for average users who download content via torrent?
Peer-to-peer networks such as BitTorrent leverage a decentralized structure to allow users start sharing files with millions of peers worldwide. Peer-to-peer technologies like eDonkey, BitTorrent and Gnutella allow anyone to connect with those networks and download any kind of media material, as easily as clicking a download button. The usage of file sharing services had an exponential growth across the years at the same time as the risks for users were dramatically increased. Torrent BitTorrent is a protocol for distributing files. It identifies content by URL and is designed to integrate persistently with the Web.
What are the risks for average users who download content via torrent?
Peer-to-peer networks such as BitTorrent leverage a decentralized structure to allow users start sharing files with millions of peers worldwide. Peer-to-peer technologies like eDonkey, BitTorrent and Gnutella allow anyone to connect with those networks and download any kind of media material, as easily as clicking a download button. The usage of file sharing services had an exponential growth across the years at the same time as the risks for users were dramatically increased.
Torrent BitTorrent is a protocol for distributing files. It identifies content by URL and is designed to integrate persistently with the Web. Its advantage over plain HTTP is that it allows multiple simultaneous downloads of the same resource. The downloaders upload to each other, making it possible for the file source to support very large numbers of downloaders with only a modest increase in its load. Today, BitTorrent is the most common technology to share digital materials in spite of any type of limitation imposed by the copyright regulations.
Through BitTorrent, it is possible to download every type of files: Unfortunately, the freedom and the ease of downloading desired content could pose serious risks for unaware users. They often get infected with malicious code hidden behind a torrent.
Everyone who wants to download media from the BitTorrent infrastructure has to search for the desired content using specialty search engines, the most popular one being The Pirate Bay: Figure 1: Example of torrent search engine The Pirate Bay is historically the most famous and important torrent search engine, due to its history and all the legal issues it faced in the last decade.
The site has been seized and reopened many times over the years due to legal disputes with private firms and the Swedish government. However, The Pirate Bay is still alive today. Figure 2: The site has over 2. Each user visits 5. Other popular famous torrent search engines are x, Rarbg and LimeTorrents.
However, there are many dangers for unskilled users, and it is quite easy to get in trouble. Downloaded material often includes malicious code that could deliver malware or allow crooks to carry out other dangerous activities.
Games The most popular game of the past year is Fortnite. It has not been officially released on the Android Market and today is still in Beta release and available only for few device models. But, despite that limitation, many users try to search for this game on illegal channels in order to download it and play on their smartphone. Figure 3: Fortnite research on The Pirate Bay By clicking on the highlighted item, we have the following description: Figure 4: Fortnite Android APK description It presents itself as the beta version of Fortnite, but when we insert the hash of the downloaded file on VirusTotal, we have the following result: Figure 5: Reverse engineering the app, we noticed that the app requests all permissions, even the ability to access critical ones like sending and receiving SMS, camera, Bluetooth, set wallpaper, manage call, kill other applications and so on.
Figure 6: Android permissions for fake app Digging further into the analysis, we decompiled the application and studied its source code.
We discovered a routine used by the malware to establish the connection with its Command and Control: Figure 7: Connection establishment of the C2 The malware is also able to intercept the incoming messages, collect them and store them in its private repository, which is sent to the server: Figure 8: Sending the incoming messages Film How many times someone did you download from the Web? Results for the Avengers movie Figure Results for the Joker movie By clicking on the highlighted results, we are redirected to the following webpage where it is possible to download the torrent: Figure There is a short description of the film with a big and evident button to download the torrent file.
After downloading the films, we are presented with a folder containing the movie and an executable with the Codec pack that enables the view of the movie: Result of downloading the movies If we try to open the video without first installing the Codec Pack, an error is displayed informing us that the file is corrupted.
So the user feels compelled to install the Codec Pack. In reality, it is a well-known bot linked to a botnet already analyzed by security experts at ESET Researchers. VirusTotal detection of the fake Codec Pack Software Another category of interest for common users is commercial software. Many users search for them in the hope of downloading a pirated copy.
This is the easiest method for installing malware, because the user has to install a patch is used to replace the paid license but also installs malware on the machine. Nero Nero is the most famous program for making optical authoring software and is a leader in the market. The Pirate Bay results for Nero By clicking on the selected result, we have the description page of the torrent: In the area reserved for the details of the software, there is a minimal guide to install it.
However, it is immediately visible that something is suspicious: So after downloading the file, we have the following folder on the computer: In fact, the installation file of the software is about hundreds of megabytes or even in the order of gigabytes. To settle any doubts about the untrustworthiness of the program, we executed it and were shown the following window: Fake login screen for The Pirate Bay It is very suspicious that a Nero installer asks for the credentials of a Pirate Bay account, pretending to be an anti-bot check.
The reality is that it is a phishing program developed to steal user credentials. Indeed, uploading the file on VirusTotal platform, we have the following results: A real Nero installation asks for an installation path, key activation key and other legit information, not for the credential of an illegal service. Created in , this software has become the de facto industry standard for image editing and post-processing. In fact, everyone who wants to share image processing work uses the file formats defined by Adobe.
For this reason, it is another attractive means to spread malware, so we decided to search for Photoshop on LimeTorrents: Photoshop search results on LimeTorrents We downloaded the third result.
The small size led us to think to something malicious was hidden in the files. This is just an indicator used to rapidly identify malicious files; we cannot exclude the possibility that even files with a bigger dimension could hide a tainted version of legitimate software.
Downloaded files from the torrent The executable is once again a classical Trojan, as reported in the VirusTotal report.
The good news is that the majority of antimalware solutions listed in VirusTotal are able to detect the file as malicious software. VirusTotal results for Adobe Photoshop Malwarebytes Premium Another popular software downloaded by many users is, curiously, the popular antivirus software Malwarebytes. However, we found a cracked version of Malwarebytes Premium online; it promises to implement all the functionalities included in the paid version.
So we searched for it on LimeTorrents, obtaining a huge amount of results: We uploaded it on VirusTotal and discovered that it is detected as malicious adware by most antivirus solutions. All this information is necessary to customize the advertisements and consequently to allow the adware to become more pervasive.
Security Awareness Analysis of a torrent threat While we were analyzing the Torrent network, we decided to dissect an interesting sample of malware related to a huge botnet spreading in the wild.
This has been dubbed Sathurbot. This malicious code was one of the numerous types of malware distributed through torrents, pretending to be a Codec Pack necessary to display the video just downloaded by the victims. An older version of it had already been analyzed by ESET researchers in The new malware variant shows some different behavior from the older one.
The main purpose of the bot is to compromise as many machines as possible. In order to do this, it leverages vulnerable WordPress websites to spread online. When a site is compromised, the malware uploads a torrent file pointing to a copy of itself. Then it creates a new webpage that has a title containing trend words e.
Example of compromised WordPress website When the user clicks on the fake Codec Pack, the malware shows a fake window, simulating a program installation. This terminates with an error message. Error message box after fake installation The unaware user will think there is a problem with the setup and never suspect that something malicious has happened, while the malware proceeds with its operations in a stealthy way. The results returned by the queries are parsed in order to extract the websites to hit.
Using a large initial set of substrings to combine, this strategy allows it to obtain several targets. Example of brute-forcing requests Below is a sample of a POST request used by the malware to attempt to login into the website. The key value is set with the malware file system path.
Registry key set by the malware to ensure persistence The main purpose of Sathurbot like any other botnet is to extend its network, involving as many machines as possible and consequently increasing its attack power. When the network is big enough, it can be exploited to perform new malicious actions, such as a massive DDOS attack against a target specified by the botmaster.
Probably this evidence is embedded into the malware body in an encrypted way and will emerge only after a specific condition it satisfied, such as a time-based logic bomb. How easy is it to spread a torrent into the network? The huge number of threats in the torrent landscape is surely related to the ease of creating a file torrent containing malicious artifacts. To do this, it is not necessary to be a hacker or have advanced skills.
With more effort, we could use some tricks to obfuscate the malicious file in order to persuade the user to click on it and start the infection chain. Deceiving the user into clicking Obviously, after creating the malicious file, the next step is to spread the torrent on the Internet to infect as many machines as possible. Nothing easier: We should register an account on one of the torrent sharing sites, such as The Pirate Bay, and upload our file.
Oct 18, MathWorks Matlab ra Crack Free Download Final Version is the world’s best graphic software.||++And click on “I Have. Get the TRUTH about Crack The DAT Review with my in-depth analysis of the pros and cons. Find out what type of study materials they provide. Download full setup with serial key; Follow instructions in the kncnba.me file and then run the setup; Foxit reader files now copy kncnba.me from.
Unlike other partition that is free, This software provides more effective functions being the disk that is free administration to optimize your disk use and protect our data. The users can perform complicated partition operations applying this efficient but partition that is free to manage their disk that is hard drive such as Resizing partitions.
Copying partitions, Create partition, Delete partition, Format partition, Convert partition, Explore partition, Hide partition, Change drive page, set partition that is Convert that is active Dynamic to Basic Disk, Surface Test, Change Partition Serial Number, Change Partition Type ID and Partition Recovery.
Saturday, December 12, 2009
3 Crack License key 100 Free MiniTool Partition Wizard crack is free software developed by MT Solution Ltd. This partition software supports 32 and 64-bit Operating Systems.
Get the TRUTH about Crack The DAT Review with my in-depth analysis of the pros and cons. Find out what type of study materials they provide. Easeus Data Recovery wizard license key is the only application program that enables the user to recover deleted file from the laptop, server. Torrent To Mp4 Converter OnlineTorrent Ultra Mp4 Video Converter Free Cracked Crack license dat matlab software for pc download.