On bittorrent sites, concerning presumably copyright material, where they allow comments from users, it seems that an inordinate amount have a comment that says something like “WARNING! VIRUS!” or “THanks for the Virus, Jerk”
Are these comments legitimate and the torrents in fact virus-filled, does that mean they were uploaded by the copyright holders who are trying to discourage bittorrents of their work?
Or are they comments from the copyright holders, or their stooges, designed to merely scare people away from otherwise good (But copyright-violating) bittorrents?
I have never gotten a computer trojan or virus that I know of from a bittorrent file. But I’ve noticed more of these virus! comments than back in the earlier days.
I’ve thought the same thing you have, and figured I could try it, and worst comes to worst it’s just a waste of time and bandwidth. From what I have seen, the files downloaded are in fact either viruses, or (more commonly) it’s a movie/song/album with DRM installed that will automatically popup a link for a website in your brower. So yea, it’s not a virus per se, but still annoying and doesn’t give you what you’re looking for.
The worst I’ve ever got from bittorrent is a passworded rar file, I personally don’t usually download anything but movie and video files though. It seems that the copyright holders have other methods of trying to stem the flow of bittorrent.
Uh, given that a lot of malware serves the authors of said malware by using your machine to steal your identity or send spam, I’m guessing it’s malware authors conspiring in this case.
I think uploading your own product contaminated with a virus would be a pretty misguided attempt at protecting your property, unlikely to be tried by any major software producer but perhaps done on occasion by a small or individual operation.
Some torrents do indeed contain various viruses, trojans, keyloggers, and other assorted malware, some with criminal intent, and probably much more is just malicious mischief.
Some of the virus warning comments are made when the torrent includes some sort of hacking tool, a key generator or the like that the downloader will use to crack the program, and the downloader’s virus scanner picks that up.
For one thing, that would raise some serious legal issues.
I’m surprised that we haven’t heard of people releasing fake bootlegs where the movie suddenly cuts to the goatse picture or something like that. Now that would discourage people…
I believe RIAA was seeding torrents where random segments of your MP3 would be replaced by static.
They did it such that it actually had the right checksum…
While the idea that it’s mostly the authors of malware who are inserting it into torrents makes sense, I think the OP’s not too far off the mark: about half of all “virus!” comments and other bad feedback for torrents IME are completely unfounded.
It’s possible that a fraction are due to trolls but the lack of responses doesn’t really fit the mindset too well. Big media groups like RIAA have used monitored torrents to trap sharers in the past, so it’s not a big leap from posting their own torrents to discrediting, uh, ‘legitimate’ ones
Turble’s pretty much 100%. Given the amount of exposure that they want to bring to this, major producers would be foolish to break the law using viruses, and virus scanners flag keygens and cracks as malicious all the time.
There’s a certain small independent publisher who raised a big hooha about piracy when they released their most recent game, and coincidentally there are many times the normal amount of torrents available for that game, every single one of which contains the demo version and a ‘crack’ that’s actually a virus.
So, a combination of fake warnings, false positives and a few genuine cases.
I suspect that a lot of this is the result of false positives.
Keygens, loaders, trainers, and various and sundry other cracks are frequently packed/encrypted executables. So are most commercial applications these days. The difference is that the keygens, etc. are often packed with packers/crypters that tend to be popular in the cracking “scene” (:rolleyes:), which shares a certain amount of overlap with the virus/malware scene. That is, a lot of viruses and malware wind up getting packed with the same packers that are used to pack cracks.
Some AV programs get sloppy with their signatures and stupidly categorize the packer code itself as being virus code. For instance, I seem to recall that Norton Antivirus went through a period of time of flagging anything that was packed with UPX and then put inside of a .zip file. This is particularly silly because UPX is just a general purpose open-source PE packer. It’s not even particularly associated with cracking.
You also tend to get false positives due to heuristic scanners. Crackers like to show off home-brew packers/crypters in their releases. It’s kind of an e-peen thing to show off how good/fast/clever your packer/encrypter is. It also serves as a way to keep lesser crackers from analyzing their keygen/crack/whatever and ripping off their code. Some of the clever tricks involved may resemble the polymorphic/mutagenic behavior of many viruses (and also many commercial copy protection systems :p). A heuristic scanner may flag it, thinking that if it quacks like a duck, it must be a duck. As well, the behavior of certain types of cracks (loaders, mostly) kinda superficially resembles the behavior of certain types of malware, but then, the same could be said for any debugger.
