With millions of pageviews every day TorrentReactor.net is ranked in the top 5 of all torrent sites in terms of traffic which makes it a lucrative target for malicious attacks. The site is currently suffering from a serious security breach resulting in a rootkit being installed on the computers of some of its visitors.
Aside serving torrents the TorrentReactor team launched TorrentPrivacy last year, a service that allows BitTorrent users to download torrents anonymously. Unfortunately, the site itself now poses a security threat of its own.
Websense reports that TorrentReactor has been injected with an IFrame that connects to a malicious site full of exploits. The exploits affects various applications including Internet Explorer and Adobe’s Shockwave and Acrobat Reader.
Once the user is successfully exploited a Trojan Downloader with an extremely low anti-virus detection rate will download and install a rootkit on the user’s system, after which more evil is bound to happen.
TorrentReactor’s founder Alex told TorrentFreak that they are looking into the matter and hope to fix the vulnerability as soon as possible. Alex further told us that he has no clue who’s behind the attack.
This is not the first time that TorrentReactor has suffered from an IFrame injection as The Register points out. Last year it dealt with a similar security breach.
Needless to say, TorrentReactor users may want to avoid the site for the time being if they’d rather not have a rootkit on their system.
Update: Alex told TorrentFreak that the problem has been addressed. “It was sql injection which was fixed the same day. Now we do everything to prevent it in the future. We’re very sorry.”