Unless you happened to be fortunate enough to start out on BitTorrent through the great world of private trackers, you’ve probably fallen for some pretty intricate public torrent scams in your time. And let’s face it - we’ve all been duped into downloading password-protected torrents, only to have to click on external links to find that elusive password on sites that we just shouldn’t need to be visiting. Some of us may have been forced to acquire a special media player (such as DOM) to play that movie you just spent three days downloading. But all of this is child’s play compared to the new generation of torrent scams.
Introducing the latest torrent threat: Pay-Per-Install (PPI) adware, spyware & malware binded into the torrent files. But don’t just take our word for it; check out these sites that cater to PPI torrent scams:
- — http://www.blackhatworld.com/blackhat-seo/f75-torrents/
- — http://www.pay-per-install.org/buy-sell-trade/
PPI-Binded *.EXE files - The Next Generation of Bad Torrents
The old method of passwording *.rar archives in the torrent is now somewhat antiquated, as these automatically qualify for an instant ban on most of the monster trackers, including mininova & thepiratebay. Not only do these torrents become easy candidates for instant removal, but the uploader also gets banned for upping them in the first place. Scammers have been forced to move onto a different method of making money, through hidden PPI installers.
The latest method of torrent scam involves the procedure known as “binding EXEs”. To oversimplify it, this is the process of combining a ‘clean’ EXE file with a “Pay-Per-Install” (PPI) .exe file(s), for the purpose of hiding the PPI payload installer. This is achieved by way of a crypter/binder (there’s too many to mention). Files/torrents that are most susceptible to this are usually small applications or cracks, cracked files/keygens, including games cracks.
Scammers tend to stick with small appz because they need to test the binded EXE file before uploading it to a public tracker. If it is easily detected via antivirus/spyware software, then it is not FUD (fully undetected) and thus it will (usually) be promptly deleted from the torrent website. To verify the FUD %, the finished binded file is uploaded to an online antivirus checker such as virustotal or novirusthanks. Once it clears this, (or is close to 100% FUD), it is then appropriate for submission to public trackers. Users then create accounts at TPB and mininova and upload their modified torrents, or hire a third-party to do the torrent uploading for them.
Having to click a few ads or links to get a password to unlock that RAR file is one thing, but it’s really nothing more than a time-wasting annoyance. On the other hand, PPI installers are pure evil, and are very difficult to remove from an infected computer. When properly ‘binded’, they can be virtually undetectable by many anti-spyware / anti-virus applications, and may include rootkits and self-replicating adware.
PPI installers are not exclusive to torrents, and can be inserted into any (exe) file and shared through any P2P filesharing protocol. It’s become big business, with new PPI companies sprouting up all the time, notably Luxecash and Oxocash.
— Wherever possible, stick with private trackers. Most PPI-ers are not brazen enough to upload a bad torrent - one attempt at this would obviously lead to their last login (instant ban). Manual torrent moderation (removal) is something that public trackers don’t usually engage in (due to the sheer volume of new torrents reaching the site each day).
— If you must use public trackers, avoid *.EXE files (small applications, cracks, keygens). Stick with movies and music files - “PPI installers” have yet to be fused into them (if this is even a possibility).
— When compared to mininova, it’s been noted that ThePirateBay has a better filtration / detection system to catch these scammy torrents.
Trackback :: PPI 15mn of fame - Pay Per Install
[…] 15mn of fame Public Torrent Users Beware: The Next-gen Torrent Scam | THE source for BitTorrent & P2P Tips, T… Oh yeah, I love […]
Chris Hanlon Says:
Wow… why people use public trackers in the first place amazes me. you can find decent privates (tbytes,bitsoup) that are open for signup.
Shamus McFartfinger Says:
And I say Chris Hanlon is an idiot. A private tracker can just as easily host infected files like these as a public tracker. In future, I suggest you read and understand the article before commenting on it.
99% of the internet community has no idea how their computer works. There’s little point in proving that with your aloof and idiotic diatribe.
Chris Hanlon Says:
Yes, put as the article says, most people wouldn’t dare (thats a most, not an always) as they would be banned instantly
@ Shamus McFartfinger
That’s part of the reason why not everyone can upload torrents to private sites…
I know I have downloaded passworded protected TV/Movies in the past, and did once go through the trying to get password by clicking links but gave up realising it was scam, that was on Virgin Media, so I was pissed off due to bandwidth limits and throttling, I still get them on O2 on TPB..pisses me off, download, delete. now this…its apps you need to watch out for then…luckily I dont downlaod many apps, but games and movies and TV shows..
Anyone heard of podmailing here? its really good…pity its not used too much….can we have an article about it?
I have uploaded 50 viruses to piratebay, 75% of my botnet is from piratebay
LulzCrypt team Says:
We have been alerted of your information on our application and are not pleased. Please note we are a professional company meerly defending people from getting their application reverse engineered by anti-virus and dis-assembler programs out there. False rumors and aquisitions like this are punishable by prosecution, I hope you are pleased with yourself.
D-Packer Dev Team Says:
This article have messed with our program’s reputation. And will cause moral damage if kept here.
So in behalf of d-packer coders. You have 3 days until this article is removed. Otherwise this site will be nulled for at least one month causing problems to you and your viewers.
Countdown has started.
We’ll start to heat the oven so we can bake this site after 3 days if orders were disobeyed.
LouzyKrypt and FugdePacker Dev Team r NUBS! Fear their botnet of D00M consisting of 4 bots in their basement! MUHAHahAHHA Le’ Snort!
D-Packer Dev Team and LulzCrypt team
You may as well go after me too as I have spend this info all over the net.
Fuck You..You want me come get me.
Thanks filesharefreak for the info
LulzCrypt team Says:
Excuse me, you have spend this info?
lol..I must be high……….. spread
I love when LulzCrypt team will say he defending people from getting their application reverse engineered.
Then he post his software on a hacker forum like this one below.
LulzCrypt team Says:
Breal, that is meerly an affiliate, once again I see weakness in your brain, perhaps around the ‘common sense’ part.
@ The D-Packer Dev Team : The article stays.
You’ve been removed from any reference in this article. Thus, there is no further viable reason for you to request that this post be deleted. If anyone has an issue with something published herein at FSF, it is NOT conducive to having it resolved in a threatening manner in a public reader’s comment. Normally, it should be conducted through the “Contact Us” link, and, in a professional (and private) manner something can be resolved. We’ve removed many URLs and links from PVT trackers or anyone else that wishes for removal, non-mention, etc, and will continue in a cooperative manner to accommodate anyone…when this is done professionally.
Yes, that’s right - DON’T EXECUTE .EXES FROM UNKNOWN SOURCES.
Seriously, I would never run a program I downloaded on p2p
Alverta Prye Says:
Such a useful blogwow !!!!
Freedom to information Says:
Suck a giant dick. OOPS that better be taken off too ’cause we shouldn’t hurt your gay ass feelings. If you don’t like what is being said about your company because people are pissed off at having their cpu’s meesed up by some sort of self-righteous vigilante mentallity then stop destroying, damaging personal property for your vision of the greater good. I bet you give youtrself a pat on the back at nigh, thinking, “hey, I did a great job today. Fucked up over Nth amount of people’s computers. That’ll teach ‘em.” Yes, it is unethical to steal but it is ALSO unethical to steal as some form of law enforcement. These are personal cpu’s that your company are hacking into in the name of protecting private rights. a little ironic, isn’t?
Freedom to information Says:
And to LULZCRYPT:
Read the Law Book for Dummies and you will find not only your picture on the cover but also that it is not illegal to post facts about of company, no matter how damaging, as long as they are true. So suck it.