BitTorrent users Beware!

BitTorrent is a method of distributing large amounts of data (P2P) widely without the original distributor incurring the entire costs of hardware, hosting and bandwidth resources.” [Full Wikipedia description here]


Seems the Cash4Downloads folks have teamed up with CidHelp (C2Media/LOP) to distribute “free software” for users looking for BitTorrent programs. So let’s see what they offer …



As you can see … “no spyware, no adware, no malware” … oh really? I scanned the download at VirusTotal


Get-Torrent-2.0.0.0-setup-0350.exe


BitDefender 7.2 2007.07.19 Trojan.FatObfus.A
DrWeb 4.33 2007.07.18 Trojan.Packed.149
F-Secure 6.70.13030.0 2007.07.18 Trojan.Win32.Obfuscated.dt
Ikarus T3.1.1.8 2007.07.18 Trojan.Win32.Obfuscated.en
Kaspersky 4.0.2.24 2007.07.19 not-a-virus:AdWare.Win32.Lop.bo


[or]
BitRoll-2.2.0.0-setup-0410.exe


Avast 4.7.997.0 2007.07.18 Win32:Trojan-gen. {Other}
BitDefender 7.2 2007.07.19 Trojan.Agent.AOJ
DrWeb 4.33 2007.07.18 Trojan.Packed.149
F-Secure 6.70.13030.0 2007.07.18 Trojan.Win32.Obfuscated.en
Ikarus T3.1.1.8 2007.07.18 Trojan.Win32.Obfuscated.en
Kaspersky 4.0.2.24 2007.07.19 not-a-virus:AdWare.Win32.Lop.bo
Microsoft 1.2704 2007.07.18 Trojan:Win32/Busky.C
Symantec 10 2007.07.19 Torrent101


There are about 15 other related sites all hosted on the same IP address (69.72.144.122) however the majority of the downloads are redirected and actually coming from 67.15.107.166. I would highly suggest adding that IP address to the Internet Explorer “Restricted Zone” as this will prevent the download.



As you can see in the VirusTotal results several Antivirus vendors have their own descriptions, but I can assure you these are CidHelp (C2Media/LOP) related.


Symantec.WinZix states: “The program may then download a copy of Adware.Lop on to the computer.”
McAfee SiteAdvisor.torrent101.com download analysis shows the following Registry edits are made:


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
ADD netbios-wait.com=””
ADD netsearchsoft.com=””


Now netbios-wait and netsearchsoft are both C2Media/LOP sites … looks like the world of BitTorrent can be a dangerous place. Especially if you install one of these “no spyware, no adware, no malware” programs.



Leave a Reply