Comments on: uTorrent Vulnerable to Remote Exploits

By: Jamaz

Jamaz — Sun, 10 Feb 2008 21:33:55 +0000

I was hacked while running utorrent 1.6 last week.

From my logfiles I could read his ip (dail-up) and computer name: MORTIMATI. I found his emailadress on http://www.wieowie.nl and found his emailadres mortimati@gmail.ro.

Please beware of his attacks.

Jamaz

By: ma942zda

ma942zda — Sun, 30 Sep 2007 18:42:16 +0000

c307t

By: Does port forwarding create security risk? « The Official MartinZ Blog

Does port forwarding create security risk? « The Official MartinZ Blog — Sun, 16 Sep 2007 17:06:42 +0000

[...] that application is written well and has no exploits. However, there are always software bugs and instances of such exploits is not [...]

By: Butch

Butch — Sat, 03 Mar 2007 17:46:08 +0000

Downloaded and installed newest version on WIN XP and was exploited by a virus. AVAST found it and it totally froze my computer.I was finally able to delete it and unintall and delete the virus and program. Everything was fine so I tried it again. Went back to site and downloaded it again and got the same results.

By: uTorrent 1.6.1 released | Cormac Moylan

uTorrent 1.6.1 released | Cormac Moylan — Thu, 15 Feb 2007 22:29:45 +0000

[...] It still pretty much looks the same and does the same things as before…so it’s still the best torrent application out there at the moment. The only change of note is a fix to a recently announced exploit which can allow a remote connection via a tracker. It’s probably best to update to the latest version so.. [...]

By: Iain Cheyne

Iain Cheyne — Wed, 14 Feb 2007 19:15:31 +0000

If you are on XP SP2 or Vista and activate Data Execution Prevention (DEP), you can avoid buffer overflow exploits. Use Securable (http://www.grc.com/securable.htm) to see if you can activate DEP.

By: uTorrent 1.6.1 Released | TorrentFreak

uTorrent 1.6.1 Released | TorrentFreak — Wed, 14 Feb 2007 18:29:58 +0000

[...] The stable 1.6.1 release is not yet on the download page, but is already available for download over here. The uTorrent team was aware of the exploit vulnerability in version 1.6 months ago according to former uTorrent developer Ludvig Strigeus. [...]

By: gabriel

gabriel — Wed, 14 Feb 2007 17:59:01 +0000

uTorrent beta is blocked in many private sites. :(

By: jacotyco

jacotyco — Wed, 14 Feb 2007 17:55:09 +0000

@kdsde
the beta was available long before the Bittorrent Inc. deal was announced. :p

By: BitLair.org :: ÂµTorrent 1.6.1 Final :: February :: 2007

BitLair.org :: ÂµTorrent 1.6.1 Final :: February :: 2007 — Wed, 14 Feb 2007 16:37:26 +0000

[...] Fix: Fix malformed .torrent exploit [...]

By: kdsde

kdsde — Wed, 14 Feb 2007 10:43:06 +0000

@#3 that beta is several month old!
IIRC it was available long before the BitTorrent Inc. deal. So if it is really banned then those tracker admins might not be the smartest.

By: Yatti

Yatti — Wed, 14 Feb 2007 04:02:24 +0000

I agree, beta should of been posted. I had to download it..

By: bltz

bltz — Tue, 13 Feb 2007 23:18:39 +0000

It’s really sad that uTorrent is not being actively developed anymore.

It’s the best client I have ever used, and I tried many over time.

By: Niek

Niek — Tue, 13 Feb 2007 16:07:53 +0000

At Mininova we blocked torrent uploads with a ridiculous large announce size. Hope that helps to prevent spreading malicious torrents which exploit such heap overflows.

By: jacotyco

jacotyco — Tue, 13 Feb 2007 15:58:52 +0000

some private trackers ban the new beta. they’re not sure it’s safe.

By: Ernesto

Ernesto — Tue, 13 Feb 2007 15:27:10 +0000

That’s good to hear.

474 is still on the download page though, perhaps a good idea to put a link to the latest beta on there as well?

By: Ludvig Strigeus

Ludvig Strigeus — Tue, 13 Feb 2007 13:43:51 +0000

This has been fixed back in July. Please use the latest utorrent beta, available at:
http://download.utorrent.com/beta/utorrent-1.6.1-beta-build-483.exe