By Joris Evers, 17 June 2005 09:10
NEWS Adware and spyware makers are using BitTorrent as a new distribution channel. According to observers of the trend, music and videos that hide applications which pop up ads on PC screens and track browsing habits are increasingly being offered for download on various BitTorrent websites.
BitTorrent has grown into one of the most widely used means of downloading files such as movies or software. Unlike peer-to-peer networks such as eDonkey, Kazaa or the original Napster, no central search technology exists for BitTorrent. Instead, links to specific files are posted on websites.
While applications such as Kazaa have long been associated with adware and spyware, BitTorrent has not. Until now, that is. Chris Boyd, a security researcher who runs the Vital Security website, found adware and spyware hiding in BitTorrent files.
In one case, an episode of the Fox TV show "Family Guy" was bundled with several pieces of known adware, according to Boyd. "Under that kind of load, a midrange PC can easily go under," Boyd said. Both spyware and adware are known to hurt PC performance because they use PC resources to run.
In other examples, music files and porn videos came bundled with adware or spyware, Boyd said. He suspects that online marketers have launched campaigns to get their software installed on more desktops using BitTorrent.
Alex Eckelberry, president of Sunbelt Software, a maker of anti-spyware software, said: "This is one of the most egregious spyware infestations that we have seen. It is a major concern. It is going to riddle your system with pop ups, slow your system down and potentially cause system instability."
The downloaded files were typically self-extracting archives that would also install the unwanted software, Vital Security's Boyd said. In most cases, users would be presented with a dialogue box advising that the extra software was about to be installed and given the impression that the install was needed to get access to the desired content, he said.
However, Boyd found, it was possible to get access to the entertainment the user wanted without installing the adware or spyware. Simply declining the adware and spyware licence a couple of times gives access to the content, he said.
On his website, Boyd listed a Canadian company as one of the businesses that send out adware and spyware on BitTorrent. That company's website appeared to have been hacked on Thursday, with the front page replaced with a picture and a profane message stating that the company should leave BitTorrent alone.
As of late Thursday afternoon, BitTorrent creator Bram Cohen had not replied to an email seeking comment on the issue.
Joris Evers writes for CNET News.com
Comments
There are 2 comments. Join the discussion
1. anonymous
Its not Bit Torrent that is the issue here... Bit Torrent is just a file transfer mechanism and in itself is not inherently evil.
The same problem is present whatever method of file sharing is used.
The real issue is that people are running executables downloaded from an untrusted (often anonymous) source and they don't understand or don't care about the risks of doing so.
2. Berry
I agree with the previous comment. The problem here is user ignorance, not bittorrent. The same could happen with ftp or http or download from any source.
Many people need to be educated on what files do what, it seems obvious to me that if I want a video and get an executable, something is probably fishy.
Don't blame this on bittorrent.