Hackers Seed Torrent Trackers With Malware Disguised as Popular Downloads

An anonymous reader writes: Cybercriminals are spreading malware via torrent distribution networks, using an automated tool to disguise the downloads as trending audio, video and other digital content in an attempt to infect more unsuspecting victims. Researchers at InfoArmor say they have uncovered a malicious torrent distribution network that relies on a tool called RAUM to infect computers with malware. The network begins with a torrent parser, which collects information about some of the most popular torrent files circulating around the web. Computer criminals then apply their RAUM tool to create a series of malicious files. Some are fake copies of those popular torrent files that in reality hide notorious malware such as CryptXXX, Cerber, or Dridex. Others are weaponized torrent files, while others still are parsed torrent files that rely on a high download rating, a reputation which the attackers artificially inflate by abusing compromised users' accounts to set up new seeds.

is this even news?

[chexican]

unless I'm missing something to this story, getting malware from a torrent seems like an already well known issue.

Re:

[Andreas .]

Nah. They just discontinued development on the WMV-Format and encourage other, better formats.

Re:

[Hognoxious]

That's why I only use magnet.

Re:

[Hognoxious]

Thank you, thank you, thank you. You may have saved my life.

This is why I come to Slashdot.

[aside] What a stupid, fat, granny-fucking Alaskan cunt!

Re:

[lucm]

That's why I only use magnet.

Fucking magnets, how do they work?

Re:

[AHuxley]

The other issue is developers trusting installers only to find extra apps get added :)
A free ride deep into any OS :)

Oh

[Ryanrule]

Omg its 2001 again!

I was thinking

[s.petry]

ZDNet was alive and well, why are we shocked?

Re:

[Sowelu]

Went to check when BitTorrent was first released and...yup, 2001. 2001 wants its news back.

Re:

[fluffernutter]

And everything seemed so safe once they got rid of that Napster applicaton.

news...

[Anonymous Coward]

also its just RIAA again probably

Re:

[xianfa]

Sure, Sony/BMG never put a rootkit on your computer after legally purchasing music from them. I don't pirate, or condone pirating, but plenty of people have been burned even when doing things completely legally.

Re:

[Andreas .]

The method is QUITE LITERALLY 15 years old.

Re:

[lucm]

Hackers are distributing malware as popular warez? Stop the presses!

I wish they had published that story before I downloaded that GameOfThronesSeason7.exe file.

Now I have to run an antivirus on my machine AND I'll have nothing to watch in the meantime.

Re:

[Andreas .]

Did you also get AVG_Antivirus_cracked.exe? Nothing else will get rid of GOTS7.exe

Re:

[Hognoxious]

Shhh! You broke the first *and* second rules there.

weaponized torrent files

[grumpy_old_grandpa]

So are we talking sharks with lasers or more IED kind of torrents? Or are they astroturfing for "Hurt Locker"?

And in other news...

[cmiller173]

And in other news, water is wet, Hillary is still not in prison, and Donald Trump said something offensive.

Re:

[omnichad]

and "weaponized" torrent files. What the actual fuck are they saying?

Someone misread .wmv as .wmd again?

We Already Know This

[zenlessyank]

Hence no one downloads torrents. The problem has been fixed. So what else is going on today?

Re:We Already Know This

[sexconker]

Go to TPB. Download only from green/pink skulls. Torrents are alive and well.

Re: We Already Know This

[future assassin]

thats why I use tpb or other popular lists that allow seeder and torrent reviews

commentsubjectsaredumbq

[Falos]

Okay. Show of hands.

Does ANYONE think this is news? All I see scrolling down is a flood of "Duh."

Anyone? Anyone?

Basic security

[LichtSpektren]

This is pretty basic security stuff, but if you don't know if a file you want to download is malicious or not, download it within a virtual machine (or a jail, if you're using a BSD) that has no access to its host or Internet connection. If you need to move it to your host, only do so after you have tested it out while checking your VM's system log to make sure it's not doing anything suspicious. If you want to be extra safe, then you also want to use a mandatory access control (SELinux, AppArmor, etc.) to

News for Idiots, Stuff you already knew

[Robo Goofers]

Water is wet, Sky is blue.

Re:

[omnichad]

We're talking about your average user. A file named AwesomeMovie.avi.exe will show up as AwesomeMovie.avi with the most common settings enabled on Windows, and you can set the icon to match a real video file.

Re:

[brantondaveperson]

They often just encrypt the avi file, and provide an exe called "MovieDecryptor.exe", or even "CodecInstaller.exe". Sometimes the movie is even nothing more than two hours of a screen showing a URL to visit. Very rarely, I suppose, they might try to exploit vulnerabilities in movie players though specially crafted AVI files, or whatever, but I suspect that's just simply too hard for most people. Especially when the exe files will catch plenty of downloaders.

I've seen the above methods used often, but I've n

Slow news day today?

[Opportunist]

I mean, c'mon, is that really a story?

Next we'll get to hear that water is wet, that Trump has said something controversial, that Hillary has lost some mails, that Apple has removed yet another standard plug from their system and that Sony has been hacked?

Attackers, not hackers

[FrankHaynes]

I would expect even /. to get that much right. Are my expectations too high?

Re:

[Andreas .]

Do not expect anything from /. anymore.

Content isn't curated in any way and 90% is articles aren't newsworthy.

No shit sherlock?

[ilsaloving]

Torrents have been around for HOW many years now, and they just figured this out?

So?

[Areyoukiddingme]

And those swarms have zero seeds and zero participants and fall off the bottom of search results so about 5 people get infected, if that.

Torrents are cleaner than SourceForge ad banners were before they got sold. But.. be afraid! Be very afraid!

Let me know when...

[Rexdude]

...it becomes possible to 'weaponize' an MP3, MP4, AVI, MKV or ZIP file. You shouldn't be downloading executables off torrents anyway. And read the comments before downloading.