Whether a torrent is safe depends greatly on what you're downloading and from whom. That's not often easy to identify with torrents, which are designed to allow you to download from complete and total strangers.
I would advise not to use torrents at all. Most often, torrents are simply a source for illegal material, and you really don't want to trust people who are stealing music, movies and software. Would you take a pill given to you by a complete stranger in a bad part of town? No. Neither should you download something illegal from a complete stranger, as it may be dangerous.
Infection download torrent
If you insist on using torrents for legitimate purposes, you need to protect yourself. First, only use a torrent that supports checksums of downloaded content, which can be compared to a checksum of the original file to verify that it hasn't been tampered with. (As I don't use torrents, I can't recommend which ones do that.) You will also need to run good anti-virus software, such as Sophos.
Depends on what you mean by "taken care of." There are still a number of them floating around, though they're all pretty uncommon at this point. They're all taken care of by protection built into Mac OS X, but most torrent apps actually bypass those protections. Plus, this can change easily, and probably will again at some point. We had a major malware outbreak in 2011 (MacDefender) and another in 2012 (Flashback), and the gang behind both of those is still on the loose. I wouldn't be surprised if they have some grand plans for 2013.
If you download and use pirated commercial software, you can assume that you'll be infected with malware. The same goes for software that isn't necessarily pirated, such as "codecs," "players," or "archive extractors." No "anti-virus" software will protect you. At most, it will only delay the infection for a while.
I mean, I know .exe and other executable files can have viruses or can be malicious, but can the same be done using a .torrent file? Maybe writing some code in .torrent that causes its client software to work in unexpected ways. Just feeling paranoid ;)
Assuming that the application that handles your .torrent files is handling them correctly (i.e. check them for consistency, handle errors correctly, etc.) then the torrent file itself probably is not a thread for your machine. At least it's not the easiest way to infect your machine.
The .torrent itself is not typically a threat (though as Ignacio points out the possibility at least exists). However, the software that processes torrent files use them to trigger a download of what it typically a much larger payload. The contents of this payload are unverified and my understanding of bittorrent traffic is that it would not be difficult for anyone participating in a bittorrent swarm to inject malicious code into that payload.
When you download torrents (leeching), your torrent client also shares (seeds) content for others to download. You may be threatened with legal action or a fine if you are caught distributing copyrighted material, which is illegal in most countries.
Unofficial copies of uTorrent circulating online may include malware, viruses, or other unwanted software. If you want to download uTorrent safely, make sure to download the application from the official uTorrent website.
The torrent client supports encryption, but only at the same security level as uTorrent. However, because Transmission is open source, developers and security researchers can easily scrutinize its source code.
In terms of risk, uTorrent and BitTorrent are just as safe as each other. And just like uTorrent, BitTorrent also features ads. However, Bittorrent manages its ads better, resulting in faster download speeds.
A user wishing to download something obtains a configuration file with the .torrent extension from a tracker, opens the file in their torrent client, and downloads the content from the distributing user to their PC. At the same time, the content being downloaded becomes available to other peers.
For example, users may be presented with the option to download a distribution file along with a patch (i.e. a crack) for the software. The patch will surely contain malicious code. Or a newly released movie is being shared. But when the file is downloaded, users only observe an incorrect codec error message for 90 minutes. They will also be offered the option to download the appropriate codec at www.notmalwareatall.org/malware.exe. Here, it is quite obvious what users will download eventually. A less common infection technique involves films with bogus subtitle files that exploit vulnerabilities in specific video players.
Always use an anti-virus: no matter where a malicious file comes from (downloaded by a torrent client or a browser or copied from a flash drive), the anti-virus will scan it. And if a threat is detected, the anti-virus will eliminate it.
Security researchers from ESET have discovered a new malware called Sathurbot that relies on malicious torrent files to spread to new victims and carries out coordinated brute-force attacks on WordPress sites.
Using previously compromised WordPress sites, attackers create hidden pages on these websites where they host a torrent download page. Taking advantage of the original site's good search engine ranking, some of these results appear prominently in search listings.
Users that download the torrent will find it very well seeded, mostly be previously infected users. The torrent will download a movie file, a codec pack installer, and a text file explaining to the user he has to run the codec installer first, in order to view the movie.
This installer contains the Sathurbot malware. When executed, it will show an error message claiming an error during the download, but in reality, the Sathurbot infection has already taken root by that point.
After installation, Sathurbot performs a DNS query that will return the address of its first C&C (command and control) server. This first C&C server can tell it to perform one of two actions. It can instruct it to download additional malware (Boaxxe, Kovter, or Fleercivet), or perform a series of search queries.
If they successfully break into a site, the attackers use it to host other torrent files, SEO spam, malware downloads, or C&C servers for other operations. At this point, the entire operation enters a vicious circle.
Some of the users who visited KickassTorrents (KAT), one of the most popular torrent trackers on the Internet, over the weekend had the nasty surprise of being infected with a rogue antivirus program called "Security Sphere 2012."
According to experts from Web security vendor Armorize Technologies who detected the drive-by download attack, the infection process did not require any user interaction if the victim had outdated browser plug-ins.
According to Alexa.com, kat.ph ranks 320 by global daily traffic and is among the top 500 websites in the U.S. By other compete.com estimates, the torrent index gets around 1.5 million unique visitors every month.
Malvertizing (malicious advertising) attacks are much more dangerous than those relying on spammed links or social engineering because they exploit the trust relationship between users and their favorite websites. Coupled with drive-by download exploits like those used in this case, such incidents can result in a high number of victims.
"Malvertising poses a serious risk to online publishers and their customers, reputation and revenue. Highly publicized malvertising infections can damage the reputation of even the most trusted online sites," said Fran Rosch, vice president of identity and authentication services at Symantec.
Users who have directly downloaded Transmission installer from official website after 11:00am PST, March 4, 2016 and before 7:00pm PST, March 5, 2016, may be been infected by KeRanger. If the Transmission installer was downloaded earlier or downloaded from any third party websites, we also suggest users perform the following security checks. Users of older versions of Transmission do not appear to be affected as of now.
In a somewhat curious twist, the torrent actually contains a popular Mac security tool called LittleSnitch. LittleSnitch itself is a trustworthy and highly-useful piece of software that can tell users when other software on their Mac is trying to make stealthy network connections that could pose a security risk.
However, the popularity of torrents among users makes them also into an attractive vector for black-hats. Since the beginning of 2016, ESET telemetry has detected almost 15 million cases in which downloaded malicious code was linked to one of the most popular P2P clients or file sharing services.
This was also the case with Sathurbot backdoor trojan, a threat documented by ESET researchers in April 2017. The affected devices were infected via malicious torrents and added to a botnet that scanned the internet for WordPress administrator accounts. These were then targeted by a distributed brute-force attack.
The movie torrent bundle contained a file with a video extension accompanied by an apparent codec pack installer, and an explanatory text file. The software torrent contained an apparent installer executable and a small text file. The objective of both was to push the victim to run the executable which loaded the Sathurbot DLL.
These are only a few examples of BitTorrent clients and torrents themselves, being an attractive vector for cybercriminals who use it to infect large numbers of unaware users with malware or to gain control over their computers and misuse them for malicious purposes. Of course, this is not exclusive to torrents or P2P technology, but is true for any popular software.
A new strain of malware called ThiefQuest is targeting Mac users and is being pushed to the systems as a part of an infected torrent download. The torrent in question actually contains a popular security tool for Mac called LittleSnitch.
The infected torrent download comes with a patch that promises to convert the free trial of LittleSnitch into the full paid version. Of course, it doesn't do that. The patch instead infects the victim's Mac and opens up communications to the ThiefQuest command and control servers. 2ff7e9595c
Comments