Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Piracy Security

Former Demonoid Members Receive Email Claiming Resurrection, Get Malware Instead 62

Posted by Unknown Lamer
from the probably-riaa-conspiracy dept.
New submitter giveen1 writes "I recieved this email as a former Demonoid.me user. I tried to go to the website and link is dead. ... 'Dear Demonoid Community Member, We have all read the same news stories: The Demonoid servers shut down and seized in the Ukraine. The Demonoid admin team detained in Mexico. The demonoid.me domain snatched and put up for sale. The Demonoid trackers back online in Hong Kong, but then disappearing. ... Now for some good news: The heart and soul of Demonoid lives on! Through an amazing sequence of unlikely events, the data on those Ukrainian servers has made its way into the safe hands of members of our community and has now been re-launched as d2.vu.'" But it turns out that the site was distributing malware, hosted on an American VPS, and quickly shut down after the provider discovered this. No word yet on how the Demonoid user database was acquired, but if you did make the mistake of trying to log in Torrent Freak warns: "New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."
This discussion has been archived. No new comments can be posted.

Former Demonoid Members Receive Email Claiming Resurrection, Get Malware Instead

Comments Filter:
  • by Anonymous Coward

    I miss Demonoid

  • Good Advice (Score:5, Insightful)

    by DarthBling (1733038) on Wednesday May 08, 2013 @11:13AM (#43665793)
    "New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

    Yup. After all those LinkedIn passwords were leaked last year, I wised up and changed the passwords to all the websites I visit each to something different. So now if my username/password combo is compromised, it's only good for that one particular website.
    • by gstoddart (321705)

      I'm more shocked that people have been doing that all along.

      This has been good security practice for a very long time.

      Re-using login/password combos has always been a bad idea.

      • by war4peace (1628283) on Wednesday May 08, 2013 @11:23AM (#43665861)

        Depends. If your password is complex enough, then you can use one for a core of websites (2-3 most secure).
        And for all the ever-so-many bullshit websites you don'r care about, you can have the same U/P combo; if it gets hacked, you lose access to many bullshit sites you don't care about. Good. Losing my miniclip account would only translate as more free time and better productivity :)
        That's why my password there is "12345" - same as my luggage's...

      • Not everybody can remember many different passwords that do not follow some pattern (like "asd!@#slashdot"). So, you either need to use some sort of password database (hope it's accessible from any device and that its password is not compromised) or only a few passwords.

        • by Noughmad (1044096)

          That's why it's good practice to use password patterns. They are easy to remember, and offer reasonable security against automated attacks. Anyone who sees one of your passwords can easily deduce the others, but it takes just enough effort to require a targeted attack.

          • by neminem (561346)

            This. This isn't at all similar to my password to anything, but the sort of thing I switched to doing a few years ago, after some other site I used my (at the time) "more secure" password got hacked - if, for instance, my old password I'd used for everything was asdf!!11, I might have changed it to gasdf!!11l for gmail, sasdf!!11t for slashdot, etc. Something like that. (That isn't the actual pattern I use, either. :p) Just as easy to remember, but a hacker would have to have a reason to specifically want *

        • lastpass.com

      • by Salgak1 (20136)
        PassWORDs ??? Stopped using those years ago, PassPHRASES are the way to go. . .
  • by Anonymous Coward on Wednesday May 08, 2013 @11:15AM (#43665817)
  • by Anonymous Coward

    Look, I know credential soup is a pain in the rear, but if you want to protect yourself online, it's essential these days. I follow an approach like this:

    Tier 1 - For ultra important stuff, such as banks, online merchants, and credit cards. These credentials are very, VERY long and random. Good luck cracking those while I'm still alive.

    Tier 2 - For less important stuff, like MMOs and websites I frequent. They'll still be fairly unique, but I'll use some mnemonics to aid myself here and reduce the headac

    • by hedwards (940851) on Wednesday May 08, 2013 @11:28AM (#43665911)

      Or just use something like keepass and give them all strong passwords. It's not like you're going to be remembering hundreds of passwords anyways. Last count I had over 400 log ins and little or no clue as to how many of them I actually will ever need to use again. For most people, even a dozen passwords is more than they can reliably remember.

      • by gstoddart (321705)

        Last count I had over 400 log ins and little or no clue as to how many of them I actually will ever need to use again

        Holy crap, that's a lot ... I'm not sure I've had 400 different logins over the last 25 years.

        • by hedwards (940851)

          Well, keep in mind that everybody demands a log in these days and often times just to view something that you might not want to ever use again. That's probably 15 or so years worth of accounts that I've created and many of them are probably no longer usable, but it's not really worth going back through all of them on a regular basis.

      • by Anonymous Coward

        For those random accounts on random website, better to use a site like bugmenot.com. If they don't have a login for the site, post yours there. A good practice is to also use a disposable email address that others can access. That way when some jerk changes the password another user can reset it back.

      • by Kanasta (70274)

        Or better yet, a keepass that holds keys to other keepass databases. Seeded with fake logins.

  • As in, would it justify renaming the site as 'Daemonoid'?
  • Supposed I should have been more suspicious that searches failed. But I was hopeful it was just some sort of database failure explaining why I couldn't login. Whatever. I didn't use that password for anything else, spammers. Have fun with it.

    Although this raises the question why even make a functional password reset form? I tried it after my login didn't work and they sent me a new one.
  • Actually... (Score:3, Informative)

    by giveen1 (2727899) on Wednesday May 08, 2013 @11:46AM (#43666111)
    I never actually logged into the website, nor got my password stolen, nor got malware. Links are always checked out, email header completely read, domain looked up in WHOIS, and link opened in a VM.
  • by Sloppy (14984) on Wednesday May 08, 2013 @12:04PM (#43666335) Homepage Journal

    Someone has the database, but it's not enough: they want people to send them passwords associated with the records. That leads me to one conclusion, to the old Demonoid's credit.

  • I saw this e-mail on my phone this morning, and my first thought was "Sounds pretty sweet... so I bet it's not real". Then I came in and saw this headline before I even remembered it. Oh well... kat.ph is everything Demonoid was, maybe more.
    • Not quite. Demonoid had a ton of ancient and obscure movies, tv shows, and books, many of which were obtainable literally no where else. Kat.ph appears to be a nice torrent site, but it's far more focused on popular stuff than demonoid was.
      • Yeah, Demonoid was a geek's dream. You could find just about anything niche related (well at least the niches I liked) and the search interface/categories were easy to use to find obscure related things.
        • by Linsaran (728833)
          Amen to that, I've yet to see a torrent site with the same level of Niche stuff that Demonoid used to have. If ever I found another site with that same quality of content I'd join in an instant.
      • by bBarou (834305)
        I wish I had mod points. Demonoid was one of my favorite place for hard to find stuff. Is there anything close to it nowadays?
  • by bmo (77928)

    "New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

    Password sharing is bad. I've moved all my passwords and password generation over to Lastpass. All my web passwords are 20 char random alphanumeric/symbol/randomcase automatically generated by Lastpass' randomizer. They are all completely different from each other - none are shared. Even I can't remember th

"Why waste negative entropy on comments, when you could use the same entropy to create bugs instead?" -- Steve Elias

Working...