Former Demonoid Members Receive Email Claiming Resurrection, Get Malware Instead

New submitter giveen1 writes "I recieved this email as a former Demonoid.me user. I tried to go to the website and link is dead. ... 'Dear Demonoid Community Member, We have all read the same news stories: The Demonoid servers shut down and seized in the Ukraine. The Demonoid admin team detained in Mexico. The demonoid.me domain snatched and put up for sale. The Demonoid trackers back online in Hong Kong, but then disappearing. ... Now for some good news: The heart and soul of Demonoid lives on! Through an amazing sequence of unlikely events, the data on those Ukrainian servers has made its way into the safe hands of members of our community and has now been re-launched as d2.vu.'" But it turns out that the site was distributing malware, hosted on an American VPS, and quickly shut down after the provider discovered this. No word yet on how the Demonoid user database was acquired, but if you did make the mistake of trying to log in Torrent Freak warns: "New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

sad pants

[Anonymous Coward]

I miss Demonoid

Re:

[Anonymous Coward]

If you had some friends, they could have sent you an invite

Being an anonymous internet troll, apparently you didn't have any.

Re:

[bmo]

Or you could have just signed up on Thursdays when registration was completely open.

Or if you weren't a complete dick, people would have fired invites over to you. I had more than I knew what to do with.

--
BMO

Re:

[gsslay]

Yeah, cos no-one else would dream of infecting the community members of Demonoid. And every single person who wandered within snatching distance of that data, as it was pushed from one backstreet ISP to another, all have impeccably highest of high morals. It must be the feds or the evil record companies. No doubt.

Re:

[westlake]

Well, it's either the law enforcement or the record companies got hold of the user database.

More likely to be an inside job. More likely and more profitable.

Good Advice

[DarthBling]

"New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

Yup. After all those LinkedIn passwords were leaked last year, I wised up and changed the passwords to all the websites I visit each to something different. So now if my username/password combo is compromised, it's only good for that one particular website.

Re:

[gstoddart]

I'm more shocked that people have been doing that all along.

This has been good security practice for a very long time.

Re-using login/password combos has always been a bad idea.

Re:Good Advice

[war4peace]

Depends. If your password is complex enough, then you can use one for a core of websites (2-3 most secure).
And for all the ever-so-many bullshit websites you don'r care about, you can have the same U/P combo; if it gets hacked, you lose access to many bullshit sites you don't care about. Good. Losing my miniclip account would only translate as more free time and better productivity :)
That's why my password there is "12345" - same as my luggage's...

Re:

[Pentium100]

Not everybody can remember many different passwords that do not follow some pattern (like "asd!@#slashdot"). So, you either need to use some sort of password database (hope it's accessible from any device and that its password is not compromised) or only a few passwords.

Re:

[Noughmad]

That's why it's good practice to use password patterns. They are easy to remember, and offer reasonable security against automated attacks. Anyone who sees one of your passwords can easily deduce the others, but it takes just enough effort to require a targeted attack.

Re:

[neminem]

This. This isn't at all similar to my password to anything, but the sort of thing I switched to doing a few years ago, after some other site I used my (at the time) "more secure" password got hacked - if, for instance, my old password I'd used for everything was asdf!!11, I might have changed it to gasdf!!11l for gmail, sasdf!!11t for slashdot, etc. Something like that. (That isn't the actual pattern I use, either. :p) Just as easy to remember, but a hacker would have to have a reason to specifically want *

Re:

[FictionPimp]

lastpass.com

Re:

[Salgak1]

PassWORDs ??? Stopped using those years ago, PassPHRASES are the way to go. . .

Re:

[mark-t]

Interesting requirements. Most of them are even practical... other than the one about surnames of relatives, because that would be impossible to do without already having an exhaustive list of all relatives within 3 degrees of the individual, not the least problem of which that it is not necessarily a static list, and the logistics behind keeping it up to date alone would probably make the endeavor infeasible.

Obligatory XKCD

[Anonymous Coward]

What has not been covered by It. [xkcd.com]

Re:

[chromas]

WRONG! [xkcd.com]

Re:

[flayzernax]

Call of duty sucks and I call shenanigans on anyone cool at google who's been alive for more then 15 years thinking call of duty is any good.

Re:

[zlogic]

They should revise Google's punchline to "Now let's shutdown everything and watch civilization collape".

People still use common credentials?

[Anonymous Coward]

Look, I know credential soup is a pain in the rear, but if you want to protect yourself online, it's essential these days. I follow an approach like this:

Tier 1 - For ultra important stuff, such as banks, online merchants, and credit cards. These credentials are very, VERY long and random. Good luck cracking those while I'm still alive.

Tier 2 - For less important stuff, like MMOs and websites I frequent. They'll still be fairly unique, but I'll use some mnemonics to aid myself here and reduce the headac

Re:People still use common credentials?

[hedwards]

Or just use something like keepass and give them all strong passwords. It's not like you're going to be remembering hundreds of passwords anyways. Last count I had over 400 log ins and little or no clue as to how many of them I actually will ever need to use again. For most people, even a dozen passwords is more than they can reliably remember.

Re:

[gstoddart]

Last count I had over 400 log ins and little or no clue as to how many of them I actually will ever need to use again

Holy crap, that's a lot ... I'm not sure I've had 400 different logins over the last 25 years.

Re:

[hedwards]

Well, keep in mind that everybody demands a log in these days and often times just to view something that you might not want to ever use again. That's probably 15 or so years worth of accounts that I've created and many of them are probably no longer usable, but it's not really worth going back through all of them on a regular basis.

Re:

[hedwards]

That's what backups are for. You're not going to memorize more than a dozen good passwords, and especially not if you're changing them regularly. I can back up my password database every day and then I don't have to worry about corruption or something else.

The only real downside to it is if my password to the database is stolen. But, then again, they would also have to steal the file itself and the 2nd factor to it.

Re:

[flimflammer]

I've found myself using that program only because sites like to enforce their own ideals about what a secure password is, rendering my actually secure password "weak" by their standards. So I keep track of those rogue sites by recording which variant I need to use for that special snowflake website.

Re:

[Anonymous Coward]

For those random accounts on random website, better to use a site like bugmenot.com. If they don't have a login for the site, post yours there. A good practice is to also use a disposable email address that others can access. That way when some jerk changes the password another user can reset it back.

Re:

[Kanasta]

Or better yet, a keepass that holds keys to other keepass databases. Seeded with fake logins.

Re:

[X0563511]

You just needed an invitation from someone who had an account.

The reason those didn't get tossed around willy-nilly is that you were held accountable for the problems caused by people you invited.

For example, had I invited you, and you got banned for uploading porn torrents, I would be banned as well (and perhaps everyone else I invited)

Re:

[neminem]

I had an account there, used it occasionally (when my primary private torrent site didn't have something). I'm curious how you "rarely" used it, if you didn't have an account... wouldn't that be "never"?

Relying primarily or entirely on invites for new members is pretty common for sites like that. Demonoid was just a lot more *famous* than most of them. Which explains why it got axed, and a bunch of other, smaller, less famous (but still highly active) torrent sites are still up.

What kind of malware?

[K. S. Kyosuke]

As in, would it justify renaming the site as 'Daemonoid'?

Re:What kind of malware?

[Freshly Exhumed]

All I wanna know is if downloading the malware affects my ratio?!!!

Oh Well

[Oronar]

Supposed I should have been more suspicious that searches failed. But I was hopeful it was just some sort of database failure explaining why I couldn't login. Whatever. I didn't use that password for anything else, spammers. Have fun with it.

Although this raises the question why even make a functional password reset form? I tried it after my login didn't work and they sent me a new one.

Re:

[wagnerrp]

Perhaps they were expecting you to log in with it, and set it back to your original password?

Re:

[Oronar]

Except there was no logging in. Just the form to phish passwords.

Actually...

[giveen1]

I never actually logged into the website, nor got my password stolen, nor got malware. Links are always checked out, email header completely read, domain looked up in WHOIS, and link opened in a VM.

Sounds like demonoid used bcrypt. Yay!

[Sloppy]

Someone has the database, but it's not enough: they want people to send them passwords associated with the records. That leads me to one conclusion, to the old Demonoid's credit.

Saw it coming

[HairyNevus]

I saw this e-mail on my phone this morning, and my first thought was "Sounds pretty sweet... so I bet it's not real". Then I came in and saw this headline before I even remembered it. Oh well... kat.ph is everything Demonoid was, maybe more.

Re:

[runeghost]

Not quite. Demonoid had a ton of ancient and obscure movies, tv shows, and books, many of which were obtainable literally no where else. Kat.ph appears to be a nice torrent site, but it's far more focused on popular stuff than demonoid was.

Re:

[zerocommazero]

Yeah, Demonoid was a geek's dream. You could find just about anything niche related (well at least the niches I liked) and the search interface/categories were easy to use to find obscure related things.

Re:

[Linsaran]

Amen to that, I've yet to see a torrent site with the same level of Niche stuff that Demonoid used to have. If ever I found another site with that same quality of content I'd join in an instant.

Re:

[bBarou]

I wish I had mod points. Demonoid was one of my favorite place for hard to find stuff. Is there anything close to it nowadays?

Lastpass

[bmo]

"New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

Password sharing is bad. I've moved all my passwords and password generation over to Lastpass. All my web passwords are 20 char random alphanumeric/symbol/randomcase automatically generated by Lastpass' randomizer. They are all completely different from each other - none are shared. Even I can't remember th