TorrentSpy Advertises Malicious BitTorrent Client

Written by Ernesto on August 02, 2007 

Running a BitTorrent site can get pretty expensive, especially when you’re caught up in a lawsuit with the MPAA. But, recommending malicious BitTorrent clients like Get-Torrent to your users is not the solution, not even if they pay $$ per install. Money corrupts?

TorrentSpy Advertises Malicious BitTorrent ClientGet-Torrent is one of the many malicious BitTorrent clients that are advertised on torrent sites. The clients, and a lot of other free malware applications, are developed and spread by a Swedish company named Wakenet. Their primary goal is to trap people into downloading applications that look useful, just to infect computers with adware bundles that are hard to uninstall.

Various forum threads, even on TorrentSpy, warn naive users about these clients. Still, TorrentSpy is actively advertising Get-Torrent, and infecting hundreds of their users’ computers, resulting in a torrent of annoying popups.

Unlike TorrentSpy, most BitTorrent site admins refuse to advertise these clients. The Pirate Bay and mininova successfully banned these malicious clients from advertising through Adbrite, and BTjunkie and many other sites wont let them on their site either.

The malware bundled with BitTorrent clients like Get-Torrent, Torrent101, TorrentQ and BitRoll is a sponsor program called “Cidhelp”. Apparently, it can be easily removed from the Windows Control Panel. However, in most cases your anti-spyware or anti-virus program damaged the files, leaving them impossible to uninstall, while they still cause numerous popups.

In April we ran a Google Adwords campaigns on the Bitroll, Torrent101 and Torrentq websites warning users not to install these clients. Even though it was fun and probably prevented a couple of hundred people from installing the clients, it is far from an ideal solution. The best way is to spread the word, start forum threads and write blog posts or emails to warn others.

If you don't like torrents try MP3 Fiesta. They hold nearly 67,000 albums from nearly 17,000 artists. Prices are around the $0.10 mark for single tracks with full albums coming in at roughly $1.00. Tracks are available from 192kbps and they take major credit cards and PayPal

Previously: World’s First Conviction for Removing Information from DVD

Next: Teen Arrested for Recording 20 Second Movie Clip

19 Responses (Add yours or TrackBack)

1 Aug 02, 2007 at 15:23 by Depray

Sad thing is this isn’t their first time doing this. They sponsed a tainted verson of Rufus as they’re offical torrent client either 2005 or 2006.

2 Aug 02, 2007 at 17:19 by badnews

Seriously, who cares. If noobs aint smart enough to use a know client, then they get what they get. All manner of websites advertise untoward ‘free’ applications or services that may be bundled with spy/ad/malware. This isnt news, this is yet another exercise in torrentspy bashing. Give it a rest already. The site is dieing on its feet, and with good reason, stop sticking the knife in, no one really gives a shit anymore.

3 Aug 02, 2007 at 17:59 by TorrentSpy

The torrent client distributed on TorrentSpy has an adware message in BIG RED TYPE on the install. Nobody can miss, so there is nothing sneaky going on. Also, it is easy to uninstall.

There are fair and reasonable adware programs and there are evil ones. Some people consider all adware bad, others are OK with it as long as the software gets user permission. We feel that an install of a program that gives a clear advertising warning and is easily uninstalled is not a problem.

4 Aug 02, 2007 at 18:51 by e l e v e n s p a c e s

old news…

5 Aug 02, 2007 at 18:53 by e l e v e n s p a c e s

[quote comment="141067"]The torrent client distributed on TorrentSpy has an adware message in [red]BIG RED[/red] TYPE on the install. Nobody can miss it, so there is nothing sneaky going on. Also, it is easy to uninstall.

There are fair and reasonable adware programs and there are evil ones. Some people consider all adware bad, others are OK with it as long as the software gets user permission. We feel that an install of a program that gives a clear advertising warning and is easily uninstalled is not a problem.[/quote]
I wouldn’t install the PoS, but I’m finding myself agreeing with TS.

6 Aug 02, 2007 at 20:42 by Netmaster

Thanks for this Torrentfreaks..

7 Aug 03, 2007 at 01:04 by An0nym0us

[quote comment="141051"]Seriously, who cares. If noobs aint smart enough to use a know client, then they get what they get. [/quote]

Alright fucker… i didnt read the other replies to your post but this is just for you to know in my opinion.

I wish I could have found you when you were a n00b so I could infect and get your busted. People aren’t always up to date with the latest technology available to them and not everyone has someone to give them a helping hand in the right direction. Its people like you and TorrentSpy that really annoy me. I don’t give a fuck if you don’t care. But as a “techie” myself… I may do some things “wrong” but it doesn’t mean everyone needs to suffer for my wrong doings. Just keep in mind what your mother said when you were younger if you ever met her. If you don’t have anything nice to say. “slaps the stupid out of you” Shut the fuck up and step aside so the people that need help can get it.

8 Aug 03, 2007 at 01:12 by An0nym0us

[quote comment="141066"]The torrent client distributed on TorrentSpy has an adware message in BIG RED TYPE on the install. Nobody can miss, so there is nothing sneaky going on. Also, it is easy to uninstall.

There are fair and reasonable adware programs and there are evil ones. Some people consider all adware bad, others are OK with it as long as the software gets user permission. We feel that an install of a program that gives a clear advertising warning and is easily uninstalled is not a problem.[/quote]

If your going to state something at least make it completely true if your going to try… Yes it may have in BIG RED LETTERS saying your about to fuck yourself. But uninstalling isn’t easy as registry entries remain in your system allowing side-door access to the victims system. As all files on my test system that are installed are neatly recorded in a plain txt file telling me were everything goes and what all is deleted when I uninstall anything. I have run a number of tests and this client you are advertising is not only buggy but a sure fire way to get people caught doing anything illegal and/or “hacked” for personal information. Sad day when you can’t trust a fellow torrent site that has been around as long as you TS… X-(

Fore shame!!!

9 Aug 03, 2007 at 02:09 by dave

@ torrentspy

‘Some people consider all adware bad.’ Name the good adware then? Adware that really benefits the user above the person who infected them.

Rights management, trying to implant spyware on users pcs. It’s all about the money with you - just a bit more. Go fuck yourself.

10 Aug 03, 2007 at 16:52 by comsumer

NewTorrents.info too advertise one of those malicious (cloned) clients - TorrentSoftware.

http://img472.imageshack.us/img472/3595/screenshotiq2.png

Here is the prog’s site -
http://www.torrentsoftware.org/

Another interesting bit of info is that their domain is owned by GoDaddy, who are known for creating spyware and adware.

WhoIs on the domain -
http://www.who.is/whois-org/ip-address/torrentsoftware.org/

11 Aug 04, 2007 at 05:39 by Hugh G. Rection

I never go to TorrentSpy anymore. Ever since they removed all the sections for specific tv shows over a year ago, the site has been in a downward spiral.

There’s so many ads it rivals IGN in that department. In late 2005 I foolishly visited the site before I had my firewall installed just after I reinstalled Win, and got a virus from them.

After they were bought out, the site has gotten even worse.

Fuck TorrentSpy. I hope it burns to the ground. It’s a shame, because it was a great site when it started up originally.

12 Aug 04, 2007 at 15:36 by bohem

The domain in not owned by godaddy, it is registered through godaddy. godaddy is the registrar, the owner is the registrant. . . which is obscured due to the private registration used for this purpose. The site is not hosted with godaddy as the name servers are pointed to zone edit, if it were hosted with godady it would be pointed to secureserver.net. so effectively godaddy has very little to do with the actual site.

13 Aug 04, 2007 at 18:06 by Bob Dobbs

At this point does it really matter? t-spy sucks since they stopped sorting the torrents three weeks ago. No fun sifting thru pages of shit to find something you like from the latest-main group.

14 Aug 05, 2007 at 05:06 by Greg Grahifen

SCREW YOU GUYZ TORRENT SPY IS AUSOME IM KINDA SAD THEY BLOCKED IT FROM THE STATES, THOSE GUYZ NEEDED IT BUT THE REVOLUTION MUST LIVE ON

15 Aug 05, 2007 at 10:02 by FeedBacker

If TorrentSpy can spy on us, i can only Guess what closed source clients like uTorrent might be doing.

16 Aug 05, 2007 at 10:49 by FeedBacker

Greg Grahifen : “SCREW YOU GUYZ TORRENT SPY IS AUSOME IM KINDA SAD THEY BLOCKED IT FROM THE STATES, THOSE GUYZ NEEDED IT BUT THE REVOLUTION MUST LIVE ON”

U want revolution, then get rid of torrent website and move on to open source decentralized torrent file only search softwares or create one. By torrent files i mean the .torrent files and not the torrent data files.

Just look at the number of decentralized networks this one supports http://en.wikipedia.org/wiki/MLDonkey

17 Aug 05, 2007 at 11:25 by FeedBacker

Look at this ScreenShot
http://hotimg3.fotki.com/a/121_247/66_70/Transform.gif

i can find .torrent files without need of a website; all we need is to create a decentralized software with new torrent files specific features.

Just checkout that sancho software

18 May 21, 2008 at 11:59 by rami

thanks

1 references to this post

Add your response

It takes approximately 1 minute for your comment to appear on TorrentFreak after it's posted.