Internet connection and hardware aside, everything the file-sharer needs to share files comes free of charge – clients, media players, everything is free – so BitTorrent users beware: If you find yourself being asked to use your cellphone to ‘unlock’ something you downloaded, you are being scammed!
Here at TorrentFreak we feel we have a responsibility to let the BitTorrent community know if someone is planning to disrupt their free-flowing file-sharing experience. In the past we’ve warned about many malware clients with horrible installers, bad media players, even software that tries to trade on the good names of uTorrent and WinZip in its attempts to trick BitTorrent users.
All of the malware we’ve reported on comes from the same 2 servers found at 18.104.22.168 and 22.214.171.124 and this new kid on the block is no different.
DomPlayer is the latest malware to get on BitTorrent user’s nerves. In the last article on this issue we already discovered that the DomPlayer domain was sitting dormant but we didn’t know what it would become. It’s live now and here’s the deal:
Someone downloads a TV show (very often an aXXo fake) via BitTorrent. When the file is played, a message appears:
This video can only be played in DomPlayer, Visit Download.Domplayer.Com
On arrival, the user is greeted with a nice shiny site to distract them from the fact this is an elaborate trick based on DRM’ing previously-free media and forcing users to take steps to unlock it.
This is where DomPlayer differs from the other malware media players we’ve report on. The site claims: “DomPlayer is 100% clean, no bundled software!” At this stage, it doesn’t appear to install any intrusive adware etc on the host PC – there is a different trick up this 945K installer’s sleeve.
When it’s run, it’s believed the software locates the user, directs him to a telephone hotline appropriate to his country and instructs him to call it via cellphone. The call leads to the ‘activation’ of the DomPlayer software but ends up costing the user money.
If the user is in a country ‘unsupported’ by DomPlayer’s payment system, he will be directed to the 3WPlayer site where he can install 3WPlayer and a load of malware onto his PC, completely free of charge.
Although fake aXXo releases are known to be a frequent target of this scam, other media is also affected so many file-sharers find it prudent to check the comments on the site before they download a torrent.
UPDATE: Reports suggest that software is now available to play 3WPlayer (and possibly DomPlayer) files without getting either player. This software is untested by TorrentFreak.
UPDATE 2: Software to crack 3WPlayer, WinZix can also be found here. Click here for the .torrent.