BitTorrent, the beloved file-sharing client and protocol that provides a way around bandwidth bottlenecks, has become the newest distribution vehicle for adware/spyware bundles.
Public peer-to-peer networks have always been associated with adware program distributions, but BitTorrent, the program created by Bram Cohen to offer a new approach to sharing digital files, has managed to avoid the stigma.
Not any more, anti-spyware advocates warn.
According to Chris Boyd, a renowned security researcher who runs the VitalSecurity.org nonprofit resource center, the warm and fuzzy world of BitTorrent has been invaded by a massive software distribution campaign linked to New York-based adware purveyor Direct Revenue LLC.
"This is the marketing campaign to end all marketing campaigns," said Boyd, the Microsoft Security MVP (most valuable professional) known throughout the security industry by the "Paperghost" moniker.
In an e-mail interview with Ziff Davis Internet News, Boyd said rogue files have popped up occasionally in BitTorrent land but those were usually just random executables. "This is the first time I've seen a definite money-making campaign with affiliates, distributors and some pretty heavy-duty adware names," he added.
Boyd, widely known for chronicling spyware, hacking and malware exploits, has published details of the BitTorrent distributions and identified Direct Revenue and Marketing Metrix Group as the companies responsible for the rigged files.
Boyd said he got the first inkling that BitTorrent was a major adware distribution vehicle while searching for the source of Direct Revenue's Aurora, an adware program that includes the prevalent "nail.exe" component. Sifting through mountains of HijackThis logs posted on security forums, Boyd said the answer was staring him in the face. (HijackThis is a popular freeware spyware removal tool that keeps detailed logs of Windows PC scans).
In the logs, he found that "nail.exe" and "aurora.exe" were always listed alongside "btdownloadgui.exe," the user interface that downloads/uploads when using BitTorrent.
"I checked hundreds of those logs, and more often than not, [btdownloadgui.exe] was chugging away in the background. No wonder none of the victims (or spyware experts) seemed to know what site Aurora was coming from—there was no site. It would have never occurred to the end users that it could have crept in by another means altogether," he said.
Because BitTorrent strips digital files into tiny shreds and reassembles them locally once a user completes a download, it has emerged as the perfect place to bundle adware programs among the bits, without the end user ever knowing.
Breakdown on how Aurora piggybacks on BitTorrent
More data on Aurora
Read the complete article
i can't believe nobody has commented on this yet.
They hacked the site: http://www.marketingmetrixgroup.com/
Ha!
that is funny as hell.
yea they did get hacked lol
-NEVER ARGUE WITH A FOOL; HE WILL SOON BEAT YOU WITH EXPERIENCE
-EAT AND SLEEP. YOU MIGHT THINK THAT'S A GIVEN BUT NO-IT'S NOT. EAT AND SLEEP. IDIOT.
this articles sounds like bullshit to me
I was waiting to comment, until I saw what happened. Now I really dont have to, as what I expected did happen. ROTFL
Grow old along with me, the best is yet to be.
Wait, how is it that this 'piggybacks' on bittorrent? It just sounds like an ordinary file inside an extractor/wrapper executable that also installs spyware. You'd have to execute it.
If a media file arrives as an .exe, people should know better than to open it at all!
good job kevo u never surprise meOriginally Posted by Kevin33134
great hack you did
All of which just proves that these infected users persist in not using antispyware detection methods as well as antivirus. I've seen bad files, but they are so obviously bad that a sane person wouldn't go near them anyway. All spyware (at least currently) can be cleaned anyway.
It's an inevitable victim of its own success.
It's not the software arms race of spyware detection and/or cleaning, it's the social engineering/clue race of teaching people not to open an executable when what they expected was a non-executable media file. If that clue could propagate, antispyware, etc. programs would be much less needed.
(That's leaving aside the gaping security holes in IE and Windows, of course... :icon_tong )
Yes. Keep up the good hacks, such as the one done to the Metrix Web Site. The more those pieces of shit realize they themselves are not invulnerable to their own web-disrupting garbage, the better for the Internet as a whole.
Posting Permissions
Reply With Quote
Bookmarks