Malware Warning in these BitTorrent Clients!!! “TorrentSpy Advertises Malicious BitTorrent Client. Running a BitTorrent site can get pretty expensive, especially when you’re caught up in a lawsuit with the MPAA. But, recommending malicious BitTorrent clients like Get-Torrent to your users is not the solution, not even if they pay $$ per install. Money corrupts? Get-Torrent is one of the many malicious BitTorrent clients that are advertised on torrent sites. The clients, and a lot of other free malware applications, are developed and spread by a Swedish company named Wakenet. Their primary goal is to trap people into downloading applications that look useful, just to infect computers with adware bundles that are hard to uninstall. Various forum threads, even on TorrentSpy, warn naive users about these clients. Still, TorrentSpy is actively advertising Get-Torrent, and infecting hundreds of their users’ computers, resulting in a torrent of annoying popups. Unlike TorrentSpy, most BitTorrent site admins refuse to advertise these clients. The Pirate Bay and mininova successfully banned these malicious clients from advertising through Adbrite, and BTjunkie and many other sites wont let them on their site either.
The malware bundled with BitTorrent clients like Get-Torrent, Torrent101, TorrentQ and BitRoll is a sponsor program called “Cidhelp”. Apparently, it can be easily removed from the Windows Control Panel. However, in most cases your anti-spyware or anti-virus program damaged the files, leaving them impossible to uninstall, while they still cause numerous popups.
In April ran a Google Adwords campaigns on the Bitroll, Torrent101 and Torrentq websites warning users not to install these clients. Even though it was fun and probably prevented a couple of hundred people from installing the clients, it is far from an ideal solution. The best way is to spread the word, start forum threads and write blog posts or emails to warn others.
Unfortunately, several popular torrent sites carried advertising for these bad clients but thankfully, sites like The Pirate Bay saw the damage these things can cause and removed the adverts. TPB’s brokep wrote, “We’re getting a lot of email about people downloading torrent clients that are advertised on the site. Do not download them! We have put a ban for the ad companies to sell ads for these clients on our site.” Mininova and Snarf-it also blocked the adverts.
In February, reported on yet another client, TorrentQ after a tip-off from the owner of BT-Junkie. Of course, this wasn’t a new client but the old one with a new name.
In April, in order to try to save unsuspecting file-sharers from installing malware, there ran Google Adword campaigns on the BitRoll, Torrent101 and TorrentQ websites, informing people of just how bad these clients are. Google apparently doesn’t like to be associated with bad news and a few days later, Adsense adverts disappeared from the sites. Disappointingly, we are now exposed to yet another ‘new’ bad torrent client. Get-Torrent is the latest in a sequence of malware-laden torrent clients, cloned from the same infected DNA as BitRoll, Torrent101 and TorrentQ.”Source: http://torrentfreak.com/torrentspy-advertises-malicious-bittorrent-client/ - http://torrentfreak.com/malicious-bittorrent-clients-new-coat-of-paint-same-bad-story/

TrackBackThe clients, Get-Torrent, Torrent101, TorrentQ and BitRoll result in a barrage of annoying popups, yet TorrentSpy is actively promoting them. Underneath each download, the words “Use Get-Torrent for high speed downloads” appears, tricking users into downloading them.
The Pirate Bay and Mininova both banned the clients from advertising using Adbrite but apparently money is more important to TorrentSpy then the safety of their user’s computers.

Check your files with: ExeInfo PE ver. 0.0.1.7 A - ( 289 sign ) Exeinfo for Win32 by A.S.L.
Try to unpack them cause AV scanner may not be able to detect some Virus and others and can give possible “false positive” alert by some eXe packed+protect files. Send the files before install to: VirusTotal - analyses.

XoftSpySE 4.33.248 (ddl - mirror - mirrors) may detect most Adware, Spyware, Pop-Up Generators, Keyloggers, Trojans, Hijackers and Malware as in some RapidShare tools have been found, Kaspersky and NOD32 didn’t found anything.

The story continues…
updated 06-Aug-2007 by Mods.sub.cc
New Names of the above clients with Malware, new Websites, new Webhosting…

1. New names of the Malware BitTorrent clients (all have a size of around 1 MB):

• BitDownload (Version 3.2.0.0)
• BitGrabber (Version 4.2.0.0)

2. New Websites

• http://bitgrabber.com ( http://www.bitgrabber.com)
• http://bitdownload.org (http://www.bitdownload.org)
• and possible many more as the info of: http://www.domaintools.com/reverse-ip/?hostname=69.72.144.122 and: http://uptime.netcraft.com/up/graph?site=bitgrabber.com
• Linux, Apache, 6-Aug-2007, 69.72.144.122
• also: 3wplayer.com may follow soon.

Screenshots:

Site Admins of 9TT.eu, some Net Backbone Admins and we confirm that these are the same clients all in 1MB size just with new names!