Your browser is obsolete!

The page may not load correctly.

Unexpected guests

Незваные гости

Other issues in this category (52)
  • add to favourites
    Add to Bookmarks

Can a Trojans infiltrate via BitTorrent?

Read: 260 Comments: 3 Rating: 6

Today we are going to talk about the BitTorrent protocol, which is widely used to download illegal (and often malicious) content.

  • Can a torrent file contain malware?
  • If I choose to download a movie or an application over BitTorrent, can I end up downloading malware?
  • Can a film or a program I download over BitTorrent contain some kind of malicious program?
  • If all the above infection scenarios are plausible, can Dr.Web discover and disarm malicious programs of this kind?

Users' questions to Doctor Web’s Support Service

To understand where and how malicious programs can emerge in torrent file sharing, let's recall how it works.

The BitTorrent protocol is used to organise peer-to-peer file-sharing networks. And it is assumed that the shared files are stored on various computers whose owners choose to share their files over a network.

If a user wishes to share a file or files (i.e., grant other users access to their file(s)), they make a corresponding announcement via a special server — a BitTorrent tracker — and upload a small file with the .torrent extension to the server. The file contains information about the shared content. After that, other users can download the content.

A torrent is a plain text file, and, therefore, it cannot contain any malicious payload. This means that downloading a torrent file is perfectly safe.

A user wishing to download something obtains a configuration file with the .torrent extension from a tracker, opens the file in their torrent client, and downloads the content from the distributing user to their PC. At the same time, the content being downloaded becomes available to other peers.

Similarly to other adware and affiliate programme installers, Trojan.RoboInstall.1 is spread over file-sharing sites and other similar sites crafted by attackers.

http://news.drweb.com/show/?c=5&i=9614&lng=ru

Users can download Trojan.InstallCube.339 from various file-sharing sites and fake BitTorrent trackers that criminals use to distribute malware.

http://news.drweb.com/show/?c=5&i=9602&lng=ru

Magnet links aren't inherently dangerous either. But any download can be hijacked by malware. As a result, instead of requested files, a Trojan may first try to download other malware.

Clicking on a magnet link or downloading a torrent file can't get a system infected, but this doesn't mean that users should lower their guard.

Mac.Trojan.KeRanger.2 was first discovered in a compromised version of a popular torrent client installer for OS X.

http://news.drweb.com/show/?c=5&i=9877&lng=ru

For example, users may be presented with the option to download a distribution file along with a patch (i.e. a crack) for the software. The patch will surely contain malicious code. Or a newly released movie is being shared. But when the file is downloaded, users only observe an incorrect codec error message for 90 minutes. They will also be offered the option to download the appropriate codec at www.notmalwareatall.org/malware.exe. Here, it is quite obvious what users will download eventually. A less common infection technique involves films with bogus subtitle files that exploit vulnerabilities in specific video players.

Later on, the shared file can be obtained by other users from any computer onto which it has already been downloaded.

In conclusion.

  • Downloading files over BitTorrent is quite harmless. It doesn't matter how a file gets into a system. As soon as the file is launched or opened, the anti-virus will scan it instantly. BitTorrent file sharing can't be abused to download or launch files in such a way that they will bypass anti-virus scanning.
  • A shared file can be malicious or it may be used to download malware.
#malware #piracy #Trojan #technologies

Dr.Web recommends

Always use an anti-virus: no matter where a malicious file comes from (downloaded by a torrent client or a browser or copied from a flash drive), the anti-virus will scan it. And if a threat is detected, the anti-virus will eliminate it.

Purchase legal copies of software, games, movies, etc. That way, you won't break any laws, and your system will be less likely to get infected.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments