Demonoid Starts Redirecting to Ads and Malware

It's been nearly a week since Demonoid went down following a huge DDoS attack and still there is no sign that the site will return. If anything, the situation has worsened somewhat. The site's main domain is now redirecting straight to an ad network serving up malware to unsuspecting visitors.

Demonoid is one of the world’s largest and longest standing sites that not only indexes torrents, but also operates its own tracker.

Although the site has a reasonable uptime record, there have been a few occasions where it has not only gone down, but has disappeared completely. We are currently in one of those periods.

Last week the latest of Demonoid’s difficulties turned out to be caused by a massive DDoS attack which initially crippled the site and then took it completely offine. But while DDoS attacks usually stop after a point has been made or the attackers get bored, the Demonoid admin explained that he had more on his mind.

“There might have been an attack from another angle, an exploit of sorts, but it’s hard to tell right now without a full check of everything,” he told TorrentFreak.

What that attack is, or was, remains unclear, but today even more problems are becoming apparent. On July 1 and then again today Aug 2, the domain entries for Demonoid.me were updated and now the URL is redirecting to straight to adverts. Unfortunately – and we presume this is something Demonoid’s admin would be completely against – some of those adverts contain a virus and other malware.

Demonvirus

This particular one is redirecting to a variation of the 52664.bestfastget.com domain, a site with a particularly low trust rating.

Today, TorrentFreak contacted Demonoid’s admin to ask about the current situation but we are yet to receive a response. That said, we are not overly optimistic about the site’s health and future prospects.

To begin, while Demonoid’s admin told us that he would eventually bring the site back online, he clearly has other things on his mind. A really important family event puts a torrent site nowhere near the top of his priorities.

Also, the site redirecting to ads, without so much as a “Demonoid is down for maintenance” homepage, is not a good sign either – particularly when those ads serve up malware.

Next, Demonoid has been experiencing staffing issues this year. As we mentioned in an earlier article, there were rumors that one or maybe more Demonoid staffers had been questioned by authorities about their involvement in the site. Details are scarce, but according to sources pressure may have been mounting for some time.

Readers of our earlier article detailing IFPI’s anti-piracy strategy will recall that the music industry group said it had taken “strategic action” against Demonoid. Although its exact nature is unknown (and presumably wouldn’t extend to a DDoS), legal and/or political pressure is almost guaranteed.

It is also worth noting that pressure on file-sharing sites ratcheted up several levels in January and February this year following the raids on Megaupload. BTjunkie decided to throw in the towel and the uncertainty spread to several other sites, including Demonoid.

For now we’ll just have to wait, but it wouldn’t come as a shock if Demonoid remained down for months. Equally, and this is a distinct possibility given all the variables, don’t be surprised if its doors stay closed for good.

Update: Demonoid’s admin just told us that the redirection was put in place to avoid mounting bandwidth bills caused by the DDoS.

Update August 3: Demonoid no longer appears to be redirecting.

Tagged in: ,

Share this post

Share on Google+

You May Also Like

c There are 333 comments. Add yours?

comment policy