uTorrent and WinZip New Targets of BitTorrent Malware
Written by enigmax on August 07, 2007The best torrent software clients like uTorrent or Azureus are free, no strings attached. However, some companies are making money tricking novice users into installing bad clients, bad media players and even bad Winzip-like software. We expose them and their badware and show you how to block them.
All the best BitTorrent clients (like uTorrent) are free and when you install them they don’t install extra stuff on your PC like adverts, annoying popups or spyware.
However, there are companies out there who give you ‘free’ software (like a torrent client) but at the same time install some of that extra stuff you don’t want too. We have regularly reported on BitTorrent clients which also install this malware such as Torrent101, BitRoll, TorrentQ and GetTorrent. These are just a handful of bad clients currently available online.
It didn’t take much research to discover that a Swedish company called Wakenet is behind the enterprise, a company that made news on lots of spyware sites due to its Anti-Leech plugin.
Wakenet has a new domain called uvTorrent.com (currently diverting to their Cash4Downloads site) - no prizes for guessing the planned confusion with novices and the official ‘uTorrent’ client. They also have a new (fake) ‘compression’ utility called Winzix, obviously named to be confused with Winzip. Unfortunate downloaders will download something from BitTorrent, only to learn that it needs to ‘decompressed’ with Winzix in order to work. Installing Winzix again results in malware getting onto the host PC.
Our investigations revealed two major servers carrying the malware-ridden clients, media players, compression utilities and other sites supporting the enterprise:
IP: 69.72.144.122
1. netpumper.com (there’s even a link to this from Wakenet’s homepage)
2. bitgrabber.com
3. bitroll.com
4. c4dl.com
5. cash4downloads.com
6. download.play3w.com
7. get-torrent.com
8. playon.play3w.com
9. winzix.com (additional information from Symantec)
10. bitdownload.org
11. divoplayer.com
12. plugindl.com
13. torrent101.com
14. torrentq.com
15. torrentsoftware.org
IP: 207.44.244.86
1. bitroll.com
2. c4dl.com
3. cash4downloads.com (Click here for removal instructions)
4. download.netpumper.com
5. Uvtorrent.com
6. playon.play3w.com
7. wakenet.se (WakeNet’s own homepage is on the same server)
8. bitsofporn.com
9. domplayer.com
10. gamingtorrent.com
11. kitplayer.com
12. torrentmusic.org
13. torrentgamers.com
14. Torrentspeeder.com (different server currently)
We suggest that everyone stays well away from every site on the above lists. Use uTorrent or Azureus to download and if you ever download anything that requires anything other than a standard media player or WinRAR in order to play, be a little suspicious. Checking the comments to the torrent you plan to download is always a good idea.
For the little more adventurous reader, it’s possible to use the Windows HOSTS file to block the activity caused not only by the malware listed above but also that from hundreds of other sources. We recommend the excellent guide from MVPS, “Blocking Unwanted Parasites with a Hosts File”
UPDATE: Reports suggest that software is now available to play 3WPlayer (and possibly DomPlayer) files without getting either player. This software is untested by TorrentFreak.
UPDATE 2: Software to crack 3WPlayer, WinZix can also be found here. Click here for the .torrent.
Previously: Use uTorrent to Organize Your BitTorrent Downloads
Next: Television Studios Embrace BitTorrent
61 Responses (Add yours or TrackBack)
Pages: [1] 2 3 » Show All
It’s usually only noobs who download stuff from shady websites like that… gotta go for the official websites. But it’s unlikely that those noobs would be reading this site either, so this doesn’t really do any good for the potential downloaders of those…
Oh well.
The guy behind wakenet
Johan Anders Christian Wennberg
Birthday: 1981-04-16
Address
Tjustgatan 3 6 TR
11827 Stockholm
SWEDEN
Cellphone: +46 76-3385430
Home: +46 8-6434227
E-mail: johan@wakenet.se
Johan Anders Christian Wennberg is the retarded fucker doing all that shit? He want to get rich dirty & quickly! Why that scammer stay so long in business? Nobody wanna to sue for damages that dude do? He is also involved in porn business and drug traffic right?
Wakenet seems to use ZoneEdit instead of hosting their own DNS-server.
Spamming etc, seems to violate ZoneEdits policy
http://zoneedit.com/doc/policy.html
If someone took the time to contact zoneedit, and they choose to terminate wakenets account, all of wakenets sites would go down. Of course, he can always switch to a new DNS-server, but hey, it will disrupt his business.
I use HostsMan… Works great.. Also … WOT Firfox extension also highly recommended!!
So if im download bittorrent movie files. after i download them do i use winzip or winzix to decompress the files. im a “noob” but i understand abit about this computer shit but i still duno how to unzip all these torrent files and i no you have to pay for winzip… please help!
decompression tool=winrar
watch your movies with either..VLC…Media Player Classic or get FFDshow codec pack and use media player.
For virtual drives use Daemon tools (for mounting ISO’s)
These are the basic essentials for all you n00bs out there….Pirates FTW….me hearties..!!
Aliens versus predators requiem on isoHunt is one of these files, running on vlc claims it needs domplayer to run. Also pretending to be an aXXo download.
Good luck Chuck DVD Rip is one of that movies. Even if archieved with RAR, inside you will find a Zix file in wich you finnaly find the avi file next to a codec.exe, off course, another virus.
we have got to stop these assholes what sad lives they must be living alien versus predator what a load of crap me like a mug fell for it as well beware we will find you who ever you sados are !!!!!!!!
[quote comment="154443"]So if im download bittorrent movie files. after i download them do i use winzip or winzix to decompress the files. im a “noob” but i understand abit about this computer shit but i still duno how to unzip all these torrent files and i no you have to pay for winzip… please help![/quote]
http://www.7-zip.org/
I downloaded a file (TV show) that said it was an AVI file but it had XRO at the end. When I opened it with the VLC player it said that I had to to have the Domplayer, but I see that this is on the list above.Are all XRO files linked to this Domplayer–how can I know? Is there any way to open this file?
Thanks for any help
Bionic.Woman.S01E04.HDTV.XviD-XORx
Downloaded from ‘PLUBE’
Needs Winzix to be instaled first.
I didn’t.
Thanks for the posts.
Isohunt.com
The.Game.Plan[2007]DvDrip[Eng]-aXXo.avi
Need domplayer to run.
Yet another scam…
Just downloaded Iron Man (axxo) and it says I need domplayer… so this is like that 3wplayer? Just malware and shit? Bastards! I read on another site that there’s a way to get the 3wplayer files to play in mediaplayer by deleting a bunch of code. Haven’t tried it yet… heard that when the files are played it’s usually another movie altogether: sometimes porn or could end up being a good movie. Just not the 1 you thought. Has anyone figured out a way to do this with dom player?
For now.. i just comment that its a dom or 3w and let it seed… If more people rated and commented, would be save alot of fustration.
I just downloaded 30 days of night and yes I got the same - apparently it needs domplayer - I’m no noob but I was still caught out as i ALWAYS check that the bittorent movies I download aren’t rar or zip files (for the obvious reason that 9 times outta 10 you’re required to visit some bullshit site to get a password to decompress the file), and this showed as an avi file
At the end of the day, are we sure this swedish company etc are in business and being a pain in the ass on their own volition? Remember piracy IS illegal (not that many of us give a damn lol), so it could be that these companies are just a front for the authorities who are obviously trying their hardest to stamp out piracy……
but yes I feel the same as the rest of you - goddamn sick and tired of all these bogus downloads that you have to just delete(if you have any sense) after spending days downloading them
And yes Dan I agree - PEOPLE LEAVE COMMENTS ON BOGUS DOWNLOAD TORRENTS!!!
on the subject of passworde rar files though - If any of you know of a free rar password cracker that ISNT a trial version and DOESNT consume shedloads of ram - post a link to it on here please - would save us all a lot of frustration
OR
if you have a rar password cracker with a crack so you dont need to pay to ugrade it to full version - make it into a torrent and again post the link on here…..
I have just downloaded Stardust using the following tracker.
http://tpb.tracker.thepiratebay
.org:80/announce. If your using utorrent
go to the general tag and look at the tracker section. If you see the above tracker stop the download as it requires
dom player.
Don’t get mad, get even.
Find the cracks and post the links here.
[quote comment="188923"]I downloaded a file (TV show) that said it was an AVI file but it had XRO at the end. When I opened it with the VLC player it said that I had to to have the Domplayer, but I see that this is on the list above.Are all XRO files linked to this Domplayer–how can I know? Is there any way to open this file?
Thanks for any help[/quote]
yep i got fucked too with that dom shit… well i think i should be happly its not the latest virus on the web.
are all torrent shit how do you know al say download dom
i have download a movie from isohunt [isoHunt] Southland.Tales.2007.Eng.DivX-PCR.avi.torrent
it is the same creap shit… it needs domplayer to play so be aware of this fake malewared dirty torrents read the comments and remove that shit from the pc
dadadaddddddddddddddddddddaaaaaaaaaaaa
2 references to this post
Pages: [1] 2 3 » Show All
Add your response