Fake aXXo Torrents Bombard BitTorrent
Written by enigmax on March 13, 2009Uploading fakes to BitTorrent is a growing phenomenon, as unscrupulous individuals try to abuse the networks for their own ends. Just lately, some people have even been offering users money to post suspect torrents and this morning, a flood of hundreds of fake aXXo torrents were uploaded to Mininova.
Uploading fake files to file-sharing networks is nothing new. Older networks such as KaZaA’s FastTrack and LimeWire’s Gnutella have long been a haven for junk and malicious files but as more and more people migrated to BitTorrent, it naturally became a target.
Uploading fakes to a BitTorrent network is relatively easy, but keeping the torrents active is a much more difficult task. The moderation teams on private trackers remove fakes as soon as they appear – if people are stupid enough to even try to upload them. Other directories such as The Pirate Bay and Mininova, however, are more difficult to police due to their open nature but these sites continually battle fakes too.
There are several forces driving this phenomenon. Of course, the likes of the MPAA and their partners like to upload fakes in order to waste downloader’s time and to monitor their activities. That said, there are others who are uploading fakes in order to make themselves money, with many of the fakes simply encouraging the use of malware such as Domplayer, or sending the user ostensibly to get passwords to view the video, but in reality directing them to spammy sites.
Unless you’ve been on Mars for a few years, you will be aware that aXXo is one of the strongest BitTorrent-related brands and as such, the aXXo name is ripe to be exploited with fake torrents and the schemes behind them. This morning, Mininova was bombarded with hundreds of fake aXXo torrents linking to various malware and spam schemes. Luckily the moderation staff at Mininova are very much on the ball, and their skills and experience allowed them to remove them very quickly. Indeed, the thousands of users at Mininova also help by informing the site that a torrent is not what it should be, but it’s an on-going battle.
When a fake is removed from the site, the IP address of the uploader is also banned, meaning that unless the uploader gets himself a new IP, he won’t be able to upload any more. However, the problem is a lot deeper than just the odd person here and there uploading a fake. Just recently malware and spam peddlers have been advertising online for people to work for them on a freelance basis, uploading fakes to torrent sites and getting paid for each one. Hundreds, maybe thousands of people have taken them up on their offers, getting paid around 20 cents for each successful upload. The scammers mitigate the effects of their worker’s IPs being banned by torrent sites by advertising for people with dynamically assigned IP addresses, while encouraging them to use proxies.
We spoke with Moe1210 at Mininova who told us that for them, although time consuming, the aXXo fakes are easiest to spot, and they are often removed from the site in a matter of minutes. However, due to these teams of hired individuals doing the uploading, the sheer number of fake torrents is significant. Even though the mod team are checking the site every 5 minutes, sometimes in that period 50 fakes could’ve been uploaded. On a regular day, the amount of fakes uploaded can reach 2,500.
In the ongoing battle the scammers are getting a little smarter, adjusting the way they operate as the challenge is met by Mininova. They became aware that at certain times of the day the fakes stayed on Mininova for longer periods before being removed, which was down to fluctuating staffing levels due to people having to sleep, rest and venture back into real-life every now and again. To counter this, Mininova now have a worldwide team which cover the major time zones.
Speaking of fake aXXo torrents, Moe1210 told TorrentFreak, “It’s a pretty pointless task uploading a torrent with aXXo in the title trying to trick people [on Mininova]. I’d say that 75% – 80% of our members know that if the torrent is not from aXXo’s account, its fake – meaning, if they check the ‘general’ tab and aXXo’s name is not in red letters, it’s fake! They [the scammers] have no way of spoofing this.”
Many fake torrents are using a tracker located at http://bt9.c7q.fast1010.info, which is hosted with Ecatel in The Netherlands. In order to trick users into believing the torrents it tracks are real, the tracker is faking the download statistics, as can be seen with this fake on TorrentPortal, which at the time of writing is reporting 76278 seeders and 82380 leechers.
The torrent contains an unusable video and a password.html file which claims to reveal a password to play the file, but instead leads the user into a quagmire of spammy sites.
Users looking to avoid these fakes should read our previous article entitled Stop Downloading Fakes and Junk From BitTorrent. In the meantime be aware that the same people behind the aXXo fakes are behind file names such as ‘Race to Witch Mountain 2009 DVDRIP XviD BangeR’, and ‘Watchmen 2009 DVDRIP SeedeRz’.
As a final thought, TorrentFreak asked Ecatel if they intend to do anything about the fakes tracker. They told us, “Ecatel does not allow any spam and malware in its network.” And then it became clear. The tracker hosted at Ecatel doesn’t host the content, the users do – like all trackers. Sometimes the law’s such an ass.
Previously: Piracy Has Become Mainstream, Studies Show
Next: BitTorrent Freed Music, and Now It’s Yours
67 Responses
why do people bother doing this, its just messing it up 4 all ov us
http://www.axxofreak.wordpress.com
Double-edged sword for the tracker situation. :/
I think the fakes would be quite easy to spot because of the low number of seeds, wouldn’t they?
20 cents? Wow.. They would make more begging on the subway. What losers!
The seeder issue is solved with the uploaders being able to spoof the number of seeders so that it looks like there are alot. :-(
A very informative article indeed..
Like what Moe1210 said it needs only a bit of common sense to judge whether a torrent uploaded is a fake or for real, for example the above case being in Mininova. Lots of appreciation to the mods who weed out fakes to keep the site clean.
This is where private trackers shine. Or even sites that are private but host public torrents (Demonoid); they have very strong communities.
Here is your answer to the source of this http://www.getafreelancer.com/projects/Web-Promotion-Data-Processing/Uploading-Fake-Torrents.html
More [in Dutch] http://www.geenstijl.nl/mt/archieven/2009/03/freelancer_gezocht_uploaden_va.html
Common knowledge to most users, aXXo is the only valid uploader of aXXo torrents. So, if you see a supposed aXXo torrent, and it’s stats on mininova don’t say it was uploaded by aXXo, it’s a FAKE.
Same with EZTV, must be uploaded by EZTV or it’s a FAKE.
Those are two groups/individuals that I know upload their own stuff. As to the rest, I couldn’t say.
No offense to mininova mods, but TPB has better moderation than MN and the mods remove fake torrents in the IRC channel within 1-5 minutes, while in mininova the fakes may take 1-45 minute during the day or 2-3 hours(during the night session) to get removed. I counted the fake aXXos before and they reached 67 fake torrent ++ I found fake tv shows that haden’t been aired yet at that time and they were still exist in mininova.org for about 3 days. so on so on……
Don’t forget to check this guide out for more tips
!!!
http://forum.mininova.org/index.php?showtopic=235024160
!!!
==============================
aXXo’s official release forum
http://www.darksiderg.com
===============================
easyaxxo
^makes it easy to find the real
I never heard of aXXo until I read this. Private trackers are really the way to go.
@ KGB
You must be from Mars then O_o How is the weather over there :p
aXXo is just a very popular uploader in public trackers/sites, some people say that he just re-encodes the scene realeses and upload them???
those guys are lamers..they want to spread virus and malware..
download aXXo torrents from darkside
All you have to do is get on demonoid and click on axxo’s name (he is usually on the top 5 movies list) and click view this users torrents… then bookmark that link instead of looking for axxo torrents with the search function… i wouldnt download anything that says it was axxo unless the user is axxo…
if your that stupid to download copywrited content from a public site then you should be jerked around and then fined. Private BT or nothing.
I think it’s just easier to borrow it from somebody and rip it yourself, no viruses!
A sure way to see axxo torrents is by using:
http://www.mininova.org/user/axxo
With so many fakes it smells too much like a botnet to me.
why border when there are many blogs like
* — http://www.filenest.com
* — http://www.scenereleases.info
* — http://rlslog.net/
which go extra length to bring you the real infos about torrent releases even before axxo releases anything .
F***, where does aXXo get all his s*** from in the first place? He is a f***ing theif, stealing other peoples releases without asking, polishing them up, and releasing them as his.
Ever wondered why it is mainly aXXo that this is happening to?
I mean F***… what kind of RG even uses the publics as their way of releasing their s***… Gets what he deserves…
Lol, I saw one of the fake ones that said it had 0 seeds and 2,147,483,647 leechers :<
aXXo must be more popular than I thought if a third of the world was downloading that without anyone even seeding
@18: “With so many fakes it smells too much like a botnet to me.”
Doubt it – much more likely to be multiple users using Torrent Blaster or another program, which I can’t recall the name of, that uploads automatically.
The second program is extremely sophisticated in that it creates new gmail accounts, uses that to make new TPB/mininova accounts (even bypassing capcthas if you’ve subscribed to Captcha King), uploads torrents through rotating proxies – all done automatically, all the user has to do is provide content for the torrent.
I’ve never heard of me either, why do people blame me for all the lame public releases… I think its time for another bottle of baby forumla for me.
#7: stfu you clueless moron.
You badmouth MN but you give the MN guide on how to spot fakes.
You’re stupid.
All trusted uploaders in MN have their own accounts
for uploading their torrents.
Torrent from their account with uploader’s name in RED –> Real thing
Just get the torrent from their account and you can’t be fooled.
Fakes are everywhere, not just MN
why people even bother about some non-scene shit
the funny thing is they spend all this money, and we (pirate family) always win.
@16
“if your that stupid to download copywrited [sic] content from a public site then you should be jerked around and then fined. Private BT or nothing.”
I don’t consider myself a criminal, and I have no reason to hide in private sites, I’m not enough of a coward.
“For those who only know BitTorrent, the newsgroups are a tough sell. There’s no uploading, no peer swarm, and of course you have to pay. All these things superficially appear contrary to what BitTorrent and P2P stand for. But there’s little denying that once the newsgroups have you hooked, all other methods of file-sharing seem a bit juvenile.”
(www.slyck.com)
Haven’t heard about aXXo aether.
As for fake uploading then I do encounter it from time to time but I think sites can just add something like “Report fake” thing that will be assigning weight for torrent in “possible fakes” list. Add some other criteria and who knows may be then even automatic marking as fakes will be possible pretty quick in same way Gmail filters spam.
I usually look at torrent description and comments. If it is in zip or stored in some other weird way or contains comments that it is fake then I don’t bother to download…
If you want to download aXXo just go to his homepage @
http://www.darksiderg.com
Pretty much the best torrent forum in the world and not just beacuse of aXXo!
OMG, are they stupid or what? They can use OpenPGP keys to sign their releases. A torrent site just needs to get official aXXo public key from a trusted source (axxo account will do, i suppose) and check signatures on all releases. Actually, all groups should do that.
I think it’s easy enough to extend torrent file format with additional field that contains hashes of all pieces, signed by a private key of an individual, who’s name is specified in a header (+ another field).
This is purely for trackers/indexers, because common users won’t have a database of public keys to check against (and even if they do, that means modifying their torrent client, which is not possible for proprietary clients such as uTorrent).
“Ecatel does not allow any spam and malware in its network.” And then it became clear. The tracker hosted at Ecatel doesn’t host the content, the users do – like all trackers.
Ecaltel seems to be a hosting company where you can host the prirate bay or any other bittorent index! As long as you don’t host the content…….
When downloading a new torrent, check the peers. Look at the 100% seeder. (resolve the IP#)
copy and paste that host into txt file.
If the files you get are passworded or otherwise bogus put the site into your badseed list. When you see him again abort your download.
some of the worst are:
kitty.cirtexhosting.com
rbixxxx.giga-dns.com
But things change and you should build your own list.
why don’t Mininova just block all torrents containing that fake tracker? How hard can it be?
Check out the fakes
irc://irc.easynews.com/mininova
@ #7 Yehhanyos
U bad mouth mininova be coz you are banned from there, FACT!!!
OWNED!!!
mininova and tpb both do a great job and provide a fantastic FREE service.
Mininova is starting to sound like the new limewire
god………….
ppl still download xvids.. pff
#36: really?
I never got a fake off MN
because i always look for trusted uploaders. How hard is that?
@Owned: you’re totally right
and big LOL at #7
haahaha
80% of Axxo crap is, well, crap, so who cares, get scene releases you morons, problem solved.
I should also point out that sometimes a faker will upload the torrent to mininova and let it build a swarm, then start it up on TPB. Or they will use multi-tracker support.
At that point they will stop seeding once the swarm can sustain the torrent, but usually they still continue to seed at 100% for awhile.
I have found that in TPB movies, on any given day when they are active about 90% of the fakes are from 3 or 4 seeders who start them up, are removed, then start them up over again. Usually 4 or 5 at a time.
I suspect they upload the torrents to TPB from different hosts than they seed from, otherwise TPB would ban them.
The solution to this problem is simple; detachable GPG/PGP signature files used to verify torrent files. Once the reputation of an uploader is secured, each of her uploads should be automagically checkable in the BT client against a GPG signature. Since GPG signatures are unforgeable, it will be impossible to spoof an upload of, say, AXXO, because her secret key is used to sign all of her torrent files. GPG signature checking is in wide use, the tools are free and so someone should just do it. There would then be an opportunity to set up a bittorrent reputation tracking service etc etc… either way, the power of fake torrents would be considerably diminished with GPG signatures. Also, the signatures of other trusted users could be added to torrents to vouch for those uploads from low profile uploaders so that credibility can be spread, tightening the community and squeezing out the lamers and lusers.
It is easy to go with trusted uploaders and to see if the file is gonna be a fake. I mean fuck, if you’re stupid enough to download a file called “Watchmen 2009 DVDRIP SeedeRz” a week after the movie came out then you deserve to be spammed.
I really dont get how these fake uploaders can make money.
oh so big bucks to be an idiot
ya mor elike thousands a morons or people that got hacked by riaa/mpaa jerks
These guys who pollute the torrent world should be hanged !!!
http://www.Urssiva.com
Bast@rd…..
PGP wouldn’t work practically, for one good reason:
At one point in time, the public key must be verified to have come from the source in question.
Ie, if i was a fake uploader and i wanted to pretend i was aXXo, all i would have to do is make my own private/public key, add a signiture to my torrent file and paste a link to the public key on the torrent.
Authentic aXXo’s would use his authentic key, and fake aXXo’s wouldn’t – and we’d be in the exact same position as we’re in now, with fake aXXo’s using random names, and the real aXXo using his real account name.
Another point to bear in mind is that a 3.7Gb file couldn’t be used to generate a signiture. It’s just way to large and would take a millenia.
Much more likely is that you would hash the file with MD5 or SHA1, then using the MD5 hash, make a signiture using PGP.
MD5/SHA1 (or in fact any protocol which has to quickly hash a very large file) is succeptable to collisions – ie, two very large files which are different but make the same hash.
You could easily make a fake file, give it the same MD5 hash as the aXXo release, then paste everything from aXXo’s post (public key, signiture, et) into your fake post.
aXXo’s signiture would match the torrent’s hash, and people would there after assume that it’s *definatly* an aXXo release.
..so when they open up the torrent and find it requires a password to unrar something.. and they need to go to some website.. and that website says aXXo needs money to continue… what are you going to do? :(
Fuck, thinking about is you don’t even need to do an MD5 collision. Just put in your MD5.txt file the same MD5 as aXXo uses, and your golden.
People won’t bother checking the MD5 (they never do.. :( ), and you’re good to go.
In fact, they couldn’t check the MD5.txt file was true until after they downloaded it! xD
HAHAHA. Fucking genius. Use the TPB defence “We don’t host the content”. Torrentfreak is just a bunch of whiney hypocrites – it’s OK for their beloved Piratebay to use that as a get out in court but when someone attacking Bittorent does, then all of a sudden the law is an ass?
MAKE YOUR MINDS UP TORRENTFREAK PUSSIES.
Does anyone have a demonoid invite to spare?? I want quality!
nathanhillinbl@gmail.com
John, the PGP ‘web of trust’ works perfectly as a solution, especially in a reputation based system as I have described. Once you have a few good torrents from a user, you can add her public key to your Azureus keychain to always know her torrents are hers. There is no practical reason why this will not work, and the effect of it are that anyone trying to impersonate an uploader who you have previously trusted cannot do it.Y You will also be able to vouch for someone who you already trust, so that people who do not know the uploader can rely on your verification that she is not a poisoner. Secondly, we are talking about creating detached signatures of torrent files, not the files those torrents describe, so the cpus needed to do this are very few. The only file you need to authenticate is the torrent file; once you have done that, the file it represents can be trusted. Hope this makes it more clear.
Yoz dudez an dudezettesz,i reely reely needz da realE scenez site acess,thanxz fo da mininova site now iz haz da realE scene sitez.fuk alla yuz dat no give me when a niggaz azk befo,allaz yoz tryin ta keepz da realE niggaza outta scenez an shit soz fuk ur hataz.peace to allaz da realE gs an niggaz foolz.peace out,gangztez out!!!
LOL at all you morons … no matter what you do we shall always be one step ahead of you and you’ll always be reacting to our new methods of spreading malware and making you earn us big bucks.
Mininova is absolutely shit at removing fake files, especially applications with PPI bundled. At the moment I have 80 or so torrents active that have been up for 7 days and more.
My “best” torrent so far has been up for 68 days with 5945 downloads… it’s still undetectable at virusnothanks, so good luck in spotting that one, rofl. It’s perfectly innocent looking torrent page: just the nfo details so good luck spotting that one you noob idiots.
Thanks for the easy cash all you idiots! :D
What I normally find is the files that have a large time encoded and want you to go to a web site to down load some bull shit program to get the password.
I download all aXXo rips from demonoid and it really rockss not a single torrent has been fake hope mininova comes up with some tactic to stop this to some extent.
@Gangsta Shit
Please stop your foolish comments because nobody can read your language and what you say. I think may be you need to visit primary school to learn to write and read because there is a big problem with your language.Other option is please make some software by which we will be able to translate your language ohhh sorry!!! i forgot you’re too lame for that so why don’t you just get the fu@k out of here.
why not add the tag “axxo” to a ban list.
only have one account allowed to upload with the “axxo” tag, that account being the real axxo
“80% of Axxo crap is, well, crap, so who cares, get scene releases you morons, problem solved.”
Yes, with their PROPERs, REAL PROPERs, REALLY REAL PROPERs, etc.
It’s easier to get real releases from aXXo and other P2P releasers than scene releasers because they have accounts on public sites.
@32 & @43 & @48 & @51:
Good discussion. Something definitely needs to be done on the technology side to reduce the number of fake torrents. Your ideas of PGP/GPG signatures sounds like a good start.
@48: You mentioned that a PGP signature wouldn’t really help because fake uploaders could supply their fake aXXo key, for example, and so the fake torrent would falsely validate correctly.
This is a good point. So what else could we do? Part of the way PGP public keys appear to work is to have a trusted place where people can acquire the public key in the first place for any given individual/uploader. These already exist: they’re called PGP public key servers.
If these PGP public key servers require too much personal information for registration, we could create anonymous PGP public key servers if the existing PGP public servers don’t provide enough anonymity. Trackers/torrent sites can then check the public key registered with the user name/ID at these (anonymous) PGP public key servers with the public key used to sign the uploaded torrent.
The only new requirement for users wishing to upload torrents then is to register a public key with an (anonymous) public key server.
@48: The point you made about 3.7Gb file being used to generate a signature taking a very long time is another good point, but this can be alleviated by employing your followup statement of using the MD5/SHA1 hash of the content instead. It’s okay if there are collisions, the point being that the likelihood of collisions is extremely small, and almost non-existent if someone is trying to duplicate content (fake) to have exactly the same SHA1 hash.
You said that you could easily make a fake file and give it the same MD5/SHA1 hash as the aXXo release, then paste everything from aXXo’s post (public key, signature etc.) into your fake post. This wouldn’t work if you adopt the strategy I mentioned above coupled to your (good) suggestion of using the MD5/SHA1 hash. For example, you could generate the SHA1 hash for the content. Then generate the signature for the SHA1 hash using your *registered* public key on a PGP public key server. Trackers and torrent sites could simply verify that the SHA1 hash is correct for the content using the uploaders p2p client, and then the torrent could be “signed” by signing the SHA1 hash. So these are the steps in point form:
The uploader performs the following prior to making their torrent content available:
1. Generate a SHA1 hash for the content.
2. Sign the SHA1 hash using their public key available on an (anonymous) PGP public server. This will generated a Signed-SHA1 key.
3. Upload their torrent using their p2p client providing the SHA1, Signed-SHA1, user name/ID.
The tracker/torrent site would then perform the following steps at the beginning of the upload process:
1. Confirm the SHA1 hash for torrent content using the uploaders p2p client.
2. Obtain the public key of the uploader from the (anonymous) PGP public key server using their user name/ID.
3. Confirm that the Signed-SHA1 hash resolves to the original SHA1 hash using the public key to decrypt the Signed-SHA1 hash.
And voila! No more fake torrents from uploaders posing as others.
Now, a fake uploader not using any of the popular names aXXO, KlaXXoN could still upload a fake as a different/new user and have their public key registered on the (anonymous) PGP public key server. In this case, one additional piece of information that the trackers/torrent sites could obtain from the (anonymous) PGP public key servers is the time that the user has been registered with the PGP public key server. The tracker/torrent site could have new registrants tagged as “untrusted”. In fact a new column could appear in every tracker/torrent site listing showing the level of public trust associated with a given uploader. The longer they’ve been registered, coupled to the greater number of non-fake uploads, the greater their trust rating.
Users uploading fakes would have to change their registration and user names frequently and re-register as new users on the PGP public key servers because the trackers/torrent sites would tag them with a very low trust rating given their previous fake uploads.
Thoughts?
Lol time to sue MPAA and RIAA for spamming, well we just need proof first.
-scene
-private trackers
-public trackers
-the banned everywhere
let ssee where they at public…..
If u can’t spot a fake torrent then you deserve to download absolute sh*te.
#64: How the hell do you “execute” a guide moron?
All you have to do is read. Can you do that dumbass?
You saw an “invisible” forum?
You’re really stupid and you’re hallucinating now
get well soon LoL
aXXo rips suck
#71 : I don’t care about YOUR “opinions”
do us all a favor and STFU with cherries on top
I want to read this topic and I have to go through your idiotic rants.
Just wanted to say I agree with #67.
You can’t get fakes if you DL torrents
from the trusted uploader’s account.
All you need is common sense
6 references to this post
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.