uTorrent.com hacked, serving scareware

The popular file sharing web sites were compromised for a brief period of a few hours.

The popular file sharing web sites were compromised for a brief period of a few hours, with the links to the BitTorrent client replaced by a scareware (Security Shield) download.

According to a blog post explaining the incident:

This morning on 9/13/2011 at approximately 4:20 a.m. Pacific Daylight Time (UTC -7), the uTorrent.com and BitTorrent.com Web servers were compromised. Our standard Windows software download was replaced with a type of fake antivirus “scareware” program. (UPDATE: See below for removal instructions.)Just after 6:00 a.m. Pacific time, we took the affected servers offline to neutralize the threat. Our servers are now back online and functioning normally.

Typically, when a malicious attacker gains access to such as high profile site, they would use it to spread a hacktivist message. However, the fact that the attacker had a scareware sample which would generate him revenue once it's downloaded, clearly indicates a degree of underground social networking, with uTorrent.com's attacker clearly involved in related spreading mechanisms for his scareware sample.

The sites are now clean, and are back to normal. BitTorrent.com or the BitTorrent Mainline/Chrysalis clients weren't part of the incident.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All