Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
BLACK FRIDAY DEAL: Trust the World's Fastest VPN with Your Internet Security & Freedom--A Lifetime Subscription of PureVPN at $48 with coupon code "BFRIDAY20" ×
Piracy Security Software Games

Fake Gaming Torrents Download Unwanted Apps Instead of Popular Games (helpnetsecurity.com) 92

Reader Orome1 writes: If you're looking for torrents to download pirated copies of popular games, be extra careful not to be tricked into downloading malicious and unwanted software instead. According to Symantec researchers, who have been trawling popular torrent websites, there's an active distribution campaign going on that delivers potentially unwanted apps posing as torrents for games like Assassin's Creed Syndicate, The Witcher 3, World of Warcraft: Legion, The Walking Dead: Michonne, and several others. At first glance, the torrent does not seem suspicious -- its size is as small as expected from a torrent file. After saying "Yes" to the UAC security dialogue that asks if they are sure they want to allow the program to make changes to the computer, users end up with a file downloaded from a Google Drive -- a file that is considerably larger than a torrent file (around 3.5 MB) and is obviously an executable.
This discussion has been archived. No new comments can be posted.

Fake Gaming Torrents Download Unwanted Apps Instead of Popular Games

Comments Filter:
  • Old News (Score:5, Informative)

    by HumanWiki ( 4493803 ) on Wednesday June 08, 2016 @10:22AM (#52274943)

    Not even close to a new concept and has been done since back in the days of KaZaa, eMule, Napster, Morpheus, etc.

    • by Yvan256 ( 722131 )

      Everything old is new again.

    • by Mashiki ( 184564 )

      Even older then that. This was happening back in the 90's when usenet was the main source of downloading everything.

      • by rtb61 ( 674572 )

        It really makes no sense any more though, why bother a little bit of patience and http://whenisthenextsteamsale.... [whenisthen...amsale.com], you end up with games you have bought and simply don't get around to playing because, so, so many games and so little time (let alone the time vacuum of free to play MMOs). No hurry to buy new games because there are so many old games I have yet to play. It's like kids stealing stuff, just to steal stuff, even though they just throw it away (the pleasure of the risk over any value from the re

        • by Mashiki ( 184564 )

          Well you gotta keep in mind that back in the 90's when you were a kid and broke you pirated because you wanted to play games. Then you got a job, went to school(picked a good career path and were rewarded later), were still broke, occasionally pirated when you could and played the occasional game. Now you're in your 30's and 40's(some 50's), you've got free time, wife/kids/SO/etc., they may or may not be a gamer as well. But they're fine with your hobby because they've got their own. And you spend some o

          • by rtb61 ( 674572 )

            Here you go, http://store.steampowered.com/... [steampowered.com]. When I was young $5 would only get you shareware crap, games have not changed that much in price, the majority are pretty much at the same price they used to be and for the price of a new release you can buy a bunch of other games. Some of the really cheap games are really good, just old and don't sell any more. Seriously not worth taking the risk running an exe from an unkown source, when the starting price is 99 cents. Patience can save you a lot of money.

    • by gl4ss ( 559668 )

      the uac popup comes after. and its an origin popup.

      should be obvious.

      once its local exe running an actual uac might pop up,.. but actual local already running code can get around uac shockingly easily. because disabling it getting around it easily(by disabling scheduler etc, services) breaks "core" windows mechanisms. and it can still get around emet..

    • I can remember having to cleanse the computer of a friend of my parents who had been downloading warez back in 1998. Since then, attempted piracy (albeit not just of games) has been one of the most common causes I've come across of malware infections. Not only are the torrents themselves often laden with malware, but the sites hosting those torrents are also highly likely to be running malware-pushing javascript.

      More irritatingly, I've also noted a growing trend towards legal mods for games being used as a

    • And on countless BBSes in the late 80s and early 90s. The term "Trojan Horse" has some age to it as well, I hear it may have been coined a few years before the invention of the computer.

    • Indeed. These days you have paid for operating systems which will automatically download then bait-and-switch update to malware-ridden spyware. That some random software (game or otherwise) downloaded from a sketchy source could contain malware is laughably obvious.

  • by narcc ( 412956 ) on Wednesday June 08, 2016 @10:27AM (#52274985) Journal

    Downloading software from shady online sources is suddenly risky? Say it isn't so!

  • ....Gay porn masquerading as movies on Kazaa...?!?!?! GASP!
    • by Falos ( 2905315 )
      This isn't Toy Story at all!

      Oh wait, the studio actually named this clip "Toy Stories". Huh.
    • by Anonymous Coward

      Or even child porn masquerading as normal porn. You see, I have several hundred gigs of porn I haven't yet seen despite having them on my disk for many years. And one movie turned out to be kiddie stuff.

      Thus, it is VITAL: you need to go view your entire porn collection NOW. Not just the beginnings, kiddie porn might start only in the middle of a legit flick, thus you need to watch your whole stash in its entirety. Your ass may depend on this!

  • by xxxJonBoyxxx ( 565205 ) on Wednesday June 08, 2016 @10:30AM (#52275015)
    >> Fake {Software/Media} Download(s) Unwanted Apps Instead of Promised {Software/Media}

    Where's the "noshit" tag when you need it? This has been going on since the bulletin boards and floppy exchanges, if not longer.

    A brain-dead presser like this make me wonder if anyone at Symantec even remembers Anna Kournikova.
  • Don't be dumb (Score:5, Insightful)

    by just another AC ( 2679463 ) on Wednesday June 08, 2016 @10:30AM (#52275019)

    But that Nigerian prince seemed so nice!

    People on the internet will try to take advantage of you. I am shocked.

    (and this was the number one infection vector in the 90s... so this being news is like a patent being new because it is "in the cloud")

  • So you're saying that people are getting torrents of games, and then the total size of the file downloaded is only a few *megabytes*? That's not just "suspicious", it's obviously not the game you intended to download.

    • Badly worded snippet, really. What they mean is the .torrent file, not the size of the actual torrented data to torrent file points to.

      The confusing terminology (to someone unfamiliar with the protocol) has been a (minor) problem with torrents from the beginning.

      • by Qzukk ( 229616 )

        So now people are clicking on boobs.jpg.doc.wmv.torrent.exe?

        It's Windows 10, has microsoft stopped hiding the .exe extension yet?

  • back in the day we had to wait for the modem to dial up while watching the snow fall outside so we can get our virus spreading keygens from Astalavista.

  • Hmm (Score:4, Insightful)

    by The MAZZTer ( 911996 ) <megazzt@NosPam.gmail.com> on Wednesday June 08, 2016 @10:43AM (#52275121) Homepage
    Not clear to me how it goes from being a torrent file to a file downloaded from Google Drive. My only guess is it's not a torrent file but a .url file which lniks to the .exe mentioned. And this is incredibly easy to detect simply by knowing what you're expecting to get, and aborting when you see something unexpected (eg it's not actually a torrent file. the "torrent" didn't download what I expected, what it actually downloaded is incredibly suspicious). There are multiple opportunities to avoid getting infected, including the UAC dialog mentioned which should be a HUGE red flag.
  • by flitty ( 981864 ) on Wednesday June 08, 2016 @10:49AM (#52275163)
    They're not Unwanted "APPS", they're malware. You don't need to call everything an App. This story reads like someone who just found out that "unsubscribing" from spam is a bad idea. Also, you've got to be pretty, pretty dumb to run a 3.5 MB .exe file that calls itself "Witcher 3". Like, that's beginner level internet surfing 101.
  • What you're describing is a very basic Trojan. Also, magnet links > .torrent files
  • by MobyDisk ( 75490 ) on Wednesday June 08, 2016 @10:52AM (#52275185) Homepage

    Never gonna give you up,
    Never gonna let you down,
    Never gonna run around...

    My favorite rick-roll of all time was when my brother bought a mod chip for his Nintendo DS, hacked it, installed the appropriate firmware, spent days downloading a torrent, went through a whole bunch of hacks and configuration steps, only to hear that amazing tune...

  • I mean, it's not like this has been happening since the dawn of illegal downloads, when unscrupulous people were painting viruses on cave walls.

  • It seems that sometimes things on the internet are not always what they seem. Occasionally clicking on a link for a free iPad can land you on a video made by performer Rick Astley in the 1980's.

    More on this later, now for a news item about a local resident named Bob who has made a living out of his love for feinting goats [goatse.cx] and how his raising of goats in the city limits has upset the city counsel.

  • 1) Not released
    2) Requires subscription to play
    3) Requires activation on battle.net

    Idiots get what idiots deserve by clicking on that link.

  • I thought these so-called thieves were just misunderstood ... and ahead of their time ... and visitors from a future world where everyone understands the value of working for free to create things without taking advantage of each other?

    I guess they're just not organized enough. If the government simply nationalized this industry and distributed the games equally to all there wouldn't be these unregulated artifacts. Also, think about how amazing government-created games are ... Curt Schillings software an
  • Why am i seeing this in the main page on 2016?
  • by Gibgezr ( 2025238 ) on Wednesday June 08, 2016 @11:29AM (#52275427)

    The "torrent file" that is downloaded is always a tiny file, it's a descriptor for the torrent you wish to join. It's like a URL (but it is not a URL). The way downloading torrents on Windows works is often:
    1)Download a "torrent file".
    2)Open the "torrent file", which causes Windows to do a file association, which has it open your torrent application and feed it the torrent file. You join the torrent swarm and start uploading/downloading.

    Step 2 is the weakness: if you download something purporting to be a torrent file that is instead an executable, you might mistakenly allow it to run when you open it. The UAC will kick in and warn you, but still, shit happens.

  • I mean you're at a torrent site, attempting to download a torrent file. Regardless of what button I press on the website, if I close my eyes and click in a random place on the screen and never confirm anything like the file size or the file type, who would be stupid enough to continue once a UAC prompt appears and your torrent application didn't open?

    I mean people who get tricked like this deserve to have their computer catch fire.

  • People stealing games not getting what they thought and possibly getting a compromised system.

    Oh the humanity! Won't someone think of the thieves!

  • Between Steam, the Humble Store, and GOG, you could set your max budget for buying any game at $5 to $10 and still end up with a massive backlog that you could never keep up to. If you're not set on 0-day, then the sale is going to happen eventually.

  • How did enough people look at this and think ... "People need to see this."
  • If you download a data file and then you get a prompt asking if you want to run an executable file, it's probably a trick.

  • Wouldn't this mean that Symantec, are illegally downloading torrents to find this information in the first place? They would need to be downloading enough data to make this illegal in the cases that the torrent isn't just malware, but actual illegitimate software.
  • This is why there are trusted uploaders on torrent sites. These uploaders generally are trusted, as they have uploaded 1000's of files with no problems. But hey, I understand what is old is new again when you got youngsters just getting into the field.

Genius is ten percent inspiration and fifty percent capital gains.

Working...