UNIDENTIFIED HACKERS have managed to break into the web server hosting utorrent.com and replaced the legitimate client download with antivirus scareware.
The compromise occurred yesterday and was initially thought to also involve bittorrent.com. Fortunately, Bittorrent Inc., the owner of the two websites, detected the breach early and took down the servers within two hours.
"This morning at approximately 4:20 a.m. PT, the uTorrent.com and BitTorrent.com Web servers were compromised. Our standard software download was replaced with a type of fake antivirus 'scareware' program," the company announced on its blog.
It later returned to clarify that "after further analysis, we don't believe BitTorrent.com or the BitTorrent Mainline/Chrysalis clients were part of the incident."
The rogue software served for download instead of the extremely popular utorrent client is called "Security Shield" and poses as an antivirus program. Victims are prompted with security alerts that falsely claim their computers are infected with malware. The end goal is to trick them into paying for a useless software licence.
These programs are collectively known as scareware or rogueware and represent one of the most profitable cybercrime schemes. They are distributed through a variety of methods, including black hat SEO, drive-by downloads or trojan downloaders.
Bittorrent advises users who obtained utorrent from its website between 4:20am and 6:10am Pacific Time yesterday to run an antivirus scan on their computers as soon as possible. The company did not reveal how many times the rogue software was downloaded during this period.
This is not the first time that hackers have broken into a software project's web site and manipulated the client downloads. Back in July, the server housing the popular vsftpd FTP daemon was hacked and the source code was backdoored. ProFTPD suffered a similar breach last December. µ