The Inquirer-Home

The utorrent download got replaced with malware

Fake antivirus surprise
Wed Sep 14 2011, 10:52

UNIDENTIFIED HACKERS have managed to break into the web server hosting and replaced the legitimate client download with antivirus scareware.

The compromise occurred yesterday and was initially thought to also involve Fortunately, Bittorrent Inc., the owner of the two websites, detected the breach early and took down the servers within two hours.

"This morning at approximately 4:20 a.m. PT, the and Web servers were compromised. Our standard software download was replaced with a type of fake antivirus 'scareware' program," the company announced on its blog.

It later returned to clarify that "after further analysis, we don't believe or the BitTorrent Mainline/Chrysalis clients were part of the incident."

The rogue software served for download instead of the extremely popular utorrent client is called "Security Shield" and poses as an antivirus program. Victims are prompted with security alerts that falsely claim their computers are infected with malware. The end goal is to trick them into paying for a useless software licence.

These programs are collectively known as scareware or rogueware and represent one of the most profitable cybercrime schemes. They are distributed through a variety of methods, including black hat SEO, drive-by downloads or trojan downloaders.

Bittorrent advises users who obtained utorrent from its website between 4:20am and 6:10am Pacific Time yesterday to run an antivirus scan on their computers as soon as possible. The company did not reveal how many times the rogue software was downloaded during this period.

This is not the first time that hackers have broken into a software project's web site and manipulated the client downloads. Back in July, the server housing the popular vsftpd FTP daemon was hacked and the source code was backdoored. ProFTPD suffered a similar breach last December. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Existing User
Please fill in the field below to receive your profile link.
Sign-up for the INQBot weekly newsletter
Click here
INQ Poll

Microsoft Windows 10 poll

Which feature of Windows 10 are you most excited about?