Malicious BitTorrent Clients: New Coat of Paint, Same Bad Story

Written by enigmax on May 11, 2007 

It seems that hardly a month goes by without another malicious BitTorrent client appearing for download, hoping to dupe inexperienced and unsuspecting file-sharers into installing malware. As new kid on the block ‘Get-Torrent’ hits the web, we scratch below the surface to find the same old malware and the same old story.

In January, we reported on two malware-loaded BitTorrent clients, Torrent101 and Bitroll. Both clients promised ‘high speed downloads’ but actually install a payload of malware onto the victim’s PC.

Unfortunately, several popular torrent sites carried advertising for these bad clients but thankfully, sites like The Pirate Bay saw the damage these things can cause and removed the adverts. TPB’s brokep wrote, “We’re getting a lot of email about people downloading torrent clients that are advertised on the site. Do not download them! We have put a ban for the ad companies to sell ads for these clients on our site.” Mininova and Snarf-it also blocked the adverts.

In February, we reported on yet another client, TorrentQ after a tip-off from the owner of BT-Junkie. Of course, this wasn’t a new client but the old one with a new name.

In April, in order to try to save unsuspecting file-sharers from installing malware, we ran Google Adword campaigns on the BitRoll, Torrent101 and TorrentQ websites, informing people of just how bad these clients are. Google apparantly doesn’t like to be associated with bad news and a few days later, Adsense adverts disappeared from the sites.

Disappointingly, we are now exposed to yet another ‘new’ bad torrent client. Get-Torrent is the latest in a sequence of malware-laden torrent clients, cloned from the same infected DNA as BitRoll, Torrent101 and TorrentQ. As can be seen from the client’s ’skinning’ pages, these products are identical;

GetTorrent

BitRoll

Torrent101

As we promised in our earlier posts, every time a bad client appears we will do our best to let the BitTorrent community know about it. Anyone thinking of installing a BitTorrent client should stay away from these products and install a free, clean client, such as uTorrent.

If you don't like torrents try MP3 Fiesta. They hold nearly 67,000 albums from nearly 17,000 artists. Prices are around the $0.10 mark for single tracks with full albums coming in at roughly $1.00. Tracks are available from 192kbps and they take major credit cards and PayPal

Previously: Booty Plundered from Pirate Bay is Useless

Next: Video: Ashwin Navin on the History of BitTorrent

17 Responses (Add yours or TrackBack)

1 May 11, 2007 at 23:15 by hystericmoon

here we go again LOL!!! 5 stars by torrent review? what the hell is that? LOL

2 May 12, 2007 at 10:36 by Henri

Here is a list of sites promoting those malicious bittorrent clients and that you should avoid visiting:

http://www.torrentsoftware.org/
http://www.newtorrents.info

3 May 13, 2007 at 13:47 by asia4all

And it says “…FREE! Safe! No Spyware!…” Fucking scammers! Catch them and put the assholes in jail!!!

4 May 14, 2007 at 17:46 by elgeebar

Sorry for the double post but I’ve just realised these arseholes are turning me in to an extremist fuck! Help!!!!!!!

5 May 14, 2007 at 18:49 by utorrentuser

they have some new skins (and yet another name!)

hxxp://wwwDOTtorrentsoftwareDOTorg/index.php?go=skins

6 May 15, 2007 at 01:30 by Ernesto

[quote comment="100429"]they have some new skins (and yet another name!)

hxxp://wwwDOTtorrentsoftwareDOTorg/index.php?go=skins[/quote]

arrgh

7 May 15, 2007 at 03:31 by Kevin

They are registered to GoDaddy. Report them to GoDaddy who have a policy against hosting spam/malware and their domains will get pulled.

Domain Name:TORRENTSOFTWARE.ORG
Created On:04-Dec-2006 15:52:30 UTC
Last Updated On:03-Feb-2007 03:47:09 UTC
Expiration Date:04-Dec-2007 15:52:30 UTC
Sponsoring Registrar:Go Daddy Software, Inc. (R91-LROR)
Registrant Name:Registration Private
Registrant Organization:Domains by Proxy, Inc.
Registrant Street1:DomainsByProxy.com
Registrant Street2:15111 N. Hayden Rd., Ste 160, PMB 353
Registrant Street3:
Registrant City:Scottsdale
Registrant State/Province:Arizona
Registrant Postal Code:85260
Registrant Country:US
Registrant Phone:+1.4806242599
Registrant Phone Ext.:
Registrant FAX:+1.4806242599
Registrant FAX Ext.:
Registrant Email:TORRENTSOFTWARE.ORG@domainsbyproxy.com
Name Server:NS1.ZONEEDIT.COM
Name Server:NS7.ZONEEDIT.COM

8 Aug 02, 2007 at 16:00 by spreeuw

next time publish Useragent and peer_id so we can ban those idiots

9 Aug 05, 2007 at 01:25 by asfsf

So what’s the deal with the latest uTorrent 1.7x? Are they sold out? Are they leaking data to the MPAA by design? There seems to be a lot of rumor and uncertainty going around.

10 Aug 06, 2007 at 18:00 by Admin-9TT-Network-Europe

Mods.sub.cc announce today as of August 6th there are 2 new clients with new names:
The story continues…
updated 06-Aug-2007
New Names of the above clients with Malware, new Websites, new Webhostings…

1. New names of the Malware BitTorrent clients:

* BitDownload (Version 3.2.0.0)
* BitGrabber (Version 4.2.0.0)

2. New Websites

* http://bitgrabber.com ( http://www.bitgrabber.com)
* http://bitdownload.org (www.bitdownload.org)
* and possible many more as the info of: domaintools.com/reverse-ip/?hostname=69.72.144.122 and: uptime.netcraft.com/up/graph?site=bitgrabber.com
* Linux, Apache, 6-Aug-2007, 69.72.144.122
* also: 3wplayer.com may follow soon.
Site Admins of 9TT.eu, some Net Backbone Admins and we confirm that these are the same clients all in 1MB size just with new names!

11 Aug 19, 2007 at 00:44 by chappy

is it really download files at high speed? what are the damages that its virus cause! umm example: making my pc slower etc.. etc..

12 Jan 11, 2008 at 23:27 by Google

I Think,İt is very nice information…

Hitchhiker Nation

Add your response

It takes approximately 1 minute for your comment to appear on TorrentFreak after it's posted.