uTorrent and WinZip New Targets of BitTorrent Malware

Written by enigmax on August 07, 2007 

The best torrent software clients like uTorrent or Azureus are free, no strings attached. However, some companies are making money tricking novice users into installing bad clients, bad media players and even bad Winzip-like software. We expose them and their badware and show you how to block them.

All the best BitTorrent clients (like uTorrent) are free and when you install them they don’t install extra stuff on your PC like adverts, annoying popups or spyware.

However, there are companies out there who give you ‘free’ software (like a torrent client) but at the same time install some of that extra stuff you don’t want too. We have regularly reported on BitTorrent clients which also install this malware such as Torrent101, BitRoll, TorrentQ and GetTorrent. These are just a handful of bad clients currently available online.

It didn’t take much research to discover that a Swedish company called Wakenet is behind the enterprise, a company that made news on lots of spyware sites due to its Anti-Leech plugin.

Wakenet has a new domain called uvTorrent.com (currently diverting to their Cash4Downloads site) - no prizes for guessing the planned confusion with novices and the official ‘uTorrent’ client. They also have a new (fake) ‘compression’ utility called Winzix, obviously named to be confused with Winzip. Unfortunate downloaders will download something from BitTorrent, only to learn that it needs to ‘decompressed’ with Winzix in order to work. Installing Winzix again results in malware getting onto the host PC.

Our investigations revealed two major servers carrying the malware-ridden clients, media players, compression utilities and other sites supporting the enterprise:

IP: 69.72.144.122

1. netpumper.com (there’s even a link to this from Wakenet’s homepage)
2. bitgrabber.com
3. bitroll.com
4. c4dl.com
5. cash4downloads.com
6. download.play3w.com
7. get-torrent.com
8. playon.play3w.com
9. winzix.com (additional information from Symantec)
10. bitdownload.org
11. divoplayer.com
12. plugindl.com
13. torrent101.com
14. torrentq.com
15. torrentsoftware.org

IP: 207.44.244.86

1. bitroll.com
2. c4dl.com
3. cash4downloads.com (Click here for removal instructions)
4. download.netpumper.com
5. Uvtorrent.com
6. playon.play3w.com
7. wakenet.se (WakeNet’s own homepage is on the same server)
8. bitsofporn.com
9. domplayer.com
10. gamingtorrent.com
11. kitplayer.com
12. torrentmusic.org
13. torrentgamers.com
14. Torrentspeeder.com (different server currently)

We suggest that everyone stays well away from every site on the above lists. Use uTorrent or Azureus to download and if you ever download anything that requires anything other than a standard media player or WinRAR in order to play, be a little suspicious. Checking the comments to the torrent you plan to download is always a good idea.

For the little more adventurous reader, it’s possible to use the Windows HOSTS file to block the activity caused not only by the malware listed above but also that from hundreds of other sources. We recommend the excellent guide from MVPS, “Blocking Unwanted Parasites with a Hosts File

UPDATE: Reports suggest that software is now available to play 3WPlayer (and possibly DomPlayer) files without getting either player. This software is untested by TorrentFreak.

UPDATE 2: Software to crack 3WPlayer, WinZix can also be found here. Click here for the .torrent.

Previously: Use uTorrent to Organize Your BitTorrent Downloads

Next: Television Studios Embrace BitTorrent

64 Responses

Pages: « 1 2 [3] Show All

51 Jan 30, 2008 at 09:46 by non noob

You n00bs. It’s not that hard.

52 Jan 30, 2008 at 09:57 by non noob

“I guess I am what would be concidered a ‘noob,’ but I have been downloading bunches of movies that are all this STUPID Domplayer.”

::Sigh:: I guess. :\ Go to mininova.org for a legitimate copy of The Golden Compass. READ COMMENTS FIRST to see which one is the best quality.

53 Feb 09, 2008 at 03:08 by cough cough

to n00bs - just look at the comments, its not hard to find a legit copy of a film, plus most people will say what the quality is. there’s plenty of fake stuff knocking around, just be patient and something legit always turns up. i sat on my arse for 2 weeks waiting for avp2, then i got a great R3 copy. you might want to stick to sites like mininova.org and the pirate bay, they both get their fair share of fakes from what i see but the moderators take them off most of the time and users leave comments.

my daily searches are - R3, R5 and DVDSCR. these will bring up the new film releases, but don’t forget to check the comments, if there aren’t any yet you might want to wait and see, or take a chance and d/l. either way though if it doesn’t open in vlc player chances are its a fake

good luck folks

54 Feb 15, 2008 at 16:50 by kuma

Hell yeah just makin sure the info was out and btw sent the dom player a nice present to their server

55 Feb 22, 2008 at 22:28 by sdfsdf

sdfsdfsdfsd

56 Mar 04, 2008 at 07:50 by Death Fairy

I use my windows media player with a thing called combined community codec and have never had problems playing anything really. Course I also get avi and nothing else.easier and hassle free. If its not on avi I wait. patience is a virtue.

57 Mar 20, 2008 at 05:29 by Chandler

basically every fuckin’ dl of Never Back Down is this bullshit… anyone got a clean dl?

58 Apr 17, 2008 at 09:37 by Controlfreq

I have just been introduced to the torrent phenominom about 3 days ago..i have been learning as i go, but i am in fear of getting my comp messed up. I continuisly read threads to get my knowledge up. From what i have learned is the aXXo has some good movies, so what i did was use mininova and used his name in the user search. so now i only download from his torrents. Is what im doing stupid, or over cautios??

59 Jul 18, 2008 at 08:01 by these bozos

I am an owner of a well known torrent site that has been around for 5+ years now. C4DL Media contacted me to try to get me to show banner ads for their torrent client, and media player on my site. I would of course never do this as we don’t do ads, especially with crooks like this bunch, but watch out as the new crop of untrustworthy and greedy torrent site owners may take up their offers, at their members expense.

60 Jul 18, 2008 at 18:59 by Dramacydal

hi, AM a noob at the torrent thing,am using utorrent, i download a movie hancock and it dosent play (use vlc player)its say rar file,
plz help some one. dont no how 2 decompress files, nothing,
can some1 help step by stef plzzz

send me at player384@hotmail.com
ty :)

Pages: « 1 2 [3] Show All

Responses are closed

All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.