Seeding fake files on BitTorrent is nothing new and the practice has been carried out by anti-piracy groups and malware spreaders for a long time. While many of them choose to use various open and public BitTorrent trackers, others are setting up their own trackers. We take a look at an easy way to find out more about them.
Back in 2007 we published a series of articles on various dodgy practices targeted at BitTorrent users. Many people were downloading torrents only to be told that they needed to install software like DomPlayer and 3WPlayer to get them to work. Of course, the torrents were fake.
We also reported on BitTorrent clients such as Torrent101, BitRoll and GetTorrent, which also caused caused a whole load of trouble for those who installed them – even uTorrent and WinZip users were in the sights of malware offloaders.
In an email yesterday to TorrentFreak, a reader pointed us to a problem torrent located here (removed). The file is clearly labeled as ‘The Wolfman DVDrip 2010 aXXo’ but it is a fake, a fact which can be quickly learned by reading the comments underneath the torrent. Nevertheless, we thought it might be interesting to demonstrate how it’s possible to look a little deeper.
The file is tracked by a whole range of trackers but one sticks out immediately.
http://tracker.torrentq.com/announce.php currently lists 48,416 seeds and 37,496 seeders for the supposed ‘The Wolfman’ movie, a highly attractive proposition for those inexperienced in dealing with fake torrents.
Of course the stats are faked, and are run from a tracker set up especially to deliver fake torrents. Indeed, it’s run on a subdomain of TorrentQ, a bad client we featured in an earlier article. Here’s a quick step-by-step of the method we used to investigate the tracker. There are other ways, but this is pretty simple so anyone can try this out.
It’s possible to find information about the files indexed on many trackers by using ‘scrape’. In the case of the TorrentQ tracker, the scrape URL is located at http://tracker.torrentq.com/scrape.php. So first off, go to this URL and you’ll get the option to download a file, in this case ‘scrape.php’ – download it.
In this file will be information about the files being seeded on this tracker.
Next use DeHackEd’s nice little online tool called DumpTorrentCGI. Browse to the ‘scrape’ file on your hard drive, change output type to ‘/scrape’ and click the ‘decode’ button. You should get this report;
Immediately you can see that all the files are apparently hugely popular, but of course, all of these stats are faked. To prove that, one can use a site like Torrentz.com, which creates its torrent URLs by using a torrent’s hash value. Simply test each torrent by using http://www.torrentz.com/ followed by the hash value, as shown below, and check the comments.
The torrents TorrentQ tracks are for Wolfman, Legion, My Name is Khan, The Book of Eli, From Paris With Love, Ninja Assassin, Edge of Darkness, Shutter Island and Dear John.
Every single one is flagged as a fake by commenters on Torrentz.com.