uTorrent and WinZip New Targets of BitTorrent Malware
The best torrent software clients like uTorrent or Azureus are free, no strings attached. However, some companies are making money tricking novice users into installing bad clients, bad media players and even bad Winzip-like software. We expose them and their badware and show you how to block them.
All the best BitTorrent clients (like uTorrent) are free and when you install them they don’t install extra stuff on your PC like adverts, annoying popups or spyware.
However, there are companies out there who give you ‘free’ software (like a torrent client) but at the same time install some of that extra stuff you don’t want too. We have regularly reported on BitTorrent clients which also install this malware such as Torrent101, BitRoll, TorrentQ and GetTorrent. These are just a handful of bad clients currently available online.
It didn’t take much research to discover that a Swedish company called Wakenet is behind the enterprise, a company that made news on lots of spyware sites due to its Anti-Leech plugin.
Wakenet has a new domain called uvTorrent.com (currently diverting to their Cash4Downloads site) – no prizes for guessing the planned confusion with novices and the official ‘uTorrent’ client. They also have a new (fake) ‘compression’ utility called Winzix, obviously named to be confused with Winzip. Unfortunate downloaders will download something from BitTorrent, only to learn that it needs to ‘decompressed’ with Winzix in order to work. Installing Winzix again results in malware getting onto the host PC.
Our investigations revealed two major servers carrying the malware-ridden clients, media players, compression utilities and other sites supporting the enterprise:
IP: 69.72.144.122
1. netpumper.com (there’s even a link to this from Wakenet’s homepage)
2. bitgrabber.com
3. bitroll.com
4. c4dl.com
5. cash4downloads.com
6. download.play3w.com
7. get-torrent.com
8. playon.play3w.com
9. winzix.com (additional information from Symantec)
10. bitdownload.org
11. divoplayer.com
12. plugindl.com
13. torrent101.com
14. torrentq.com
15. torrentsoftware.org
IP: 207.44.244.86
1. bitroll.com
2. c4dl.com
3. cash4downloads.com (Click here for removal instructions)
4. download.netpumper.com
5. Uvtorrent.com
6. playon.play3w.com
7. wakenet.se (WakeNet’s own homepage is on the same server)
8. bitsofporn.com
9. domplayer.com
10. gamingtorrent.com
11. kitplayer.com
12. torrentmusic.org
13. torrentgamers.com
14. Torrentspeeder.com (different server currently)
We suggest that everyone stays well away from every site on the above lists. Use uTorrent or Azureus to download and if you ever download anything that requires anything other than a standard media player or WinRAR in order to play, be a little suspicious. Checking the comments to the torrent you plan to download is always a good idea.
For the little more adventurous reader, it’s possible to use the Windows HOSTS file to block the activity caused not only by the malware listed above but also that from hundreds of other sources. We recommend the excellent guide from MVPS, “Blocking Unwanted Parasites with a Hosts File”
UPDATE: Reports suggest that software is now available to play 3WPlayer (and possibly DomPlayer) files without getting either player. This software is untested by TorrentFreak.
UPDATE 2: Software to crack 3WPlayer, WinZix can also be found here. Click here for the .torrent.
