With an estimated quarter billion active users per month, BitTorrent is a lucrative target for scammers and malware peddlers.
Every day thousands of “fake” torrents are uploaded from malicious sources, often labeled with the names of popular movies or TV-shows. Needless to say, those who download these torrents don’t get what they were looking for. Instead they are redirected to scam websites or lured into installing malware.
This malware problem is far from new, but most recently it has gained the attention of Symantec, one of the largest computer security vendors in the world.
Last week the company filed a patent application for a technology that aims to counter the problem. Symantec says that since most torrent sites do a bad job at keeping malicious torrents off their sites they have come up with a solution.
“While the BitTorrent protocol represents a popular method for distributing files, this protocol also represents a common means for distributing malicious software. Unfortunately, torrent hosting sites generally fail to provide sufficient information to reliably predict whether such files are trustworthy,” Symantec writes.
Symantec has developed a system than evaluates the trustworthiness of files that are downloaded via BitTorrent. Unlike traditional virus scans, where the file itself is malicious or not, the technology uses the reputation of other downloaders, and several other factors to make the evaluation.
“For example, if an entity has been involved in several torrent transactions that involved malware-infected target files, the reputation information associated with the entity may indicate that the entity has a poor reputation, indicating a high likelihood that the target file represents a potential security risk.”
The factors on which the trustworthiness of a file is based include the original uploaders, torrent sites, trackers and other peers. For example, if an IP-address of a seeder is linked to several malicious torrents, it will get a low reputation score.
The picture below shows an overview of these variables, with a reputation score ranging from 0 to 100% for each.
When a file is categorized as a potential threat based on the reputation score, several “security actions” can be taken. These range from shutting down the download to blocking access to the file in question.
“Examples of such security actions include, without limitation, alerting a user of the potential security risk, blocking access to the target file until overridden by the user, blocking network traffic associated with the torrent transaction, quarantining the target file, and/or deleting the target file,” Symantec writes.
The security vendor believes that its system is able to prevent or at least reduce the distribution of malware through BitTorrent.
While this may be the case, there certainly are downsides too. Symantec’s automated categorizing systems have sometimes provided false positives, which in this system would lead to the blocking of legitimate files. TorrentFreak learned that the hard way earlier.
Symantec is not the only computer security vendor to take an interest in BitTorrent recently. McAfee previously submitted a patent for a system that can detect and block pirated material from any website, and present users with authorized and legal alternatives instead.
At the moment it’s unclear whether Symantec has already developed the technology, or whether it has plans to bring it to the market in the near future. So for now, BitTorrent users have to follow common sense if they want to avoid trouble, which usually involves reading comments.
