BitTorrent Too Tempting For Spyware Makers

    June 16, 2005
    WebProNews Staff

Users of the superfast file sharing system have been finding hidden surprises on their computers.

BitTorrent isn’t immune to adware and spyware distribution any more. Random executables that appeared there have been replaced with fully financed products backed by Direct Revenue and Marketing Metrix Group, according to an eWeek article.

According to Chris Boyd, a renowned security researcher who runs the nonprofit resource center, “This is the first time I’ve seen a definite money-making campaign with affiliates, distributors and some pretty heavy-duty adware names.”

Mr. Boyd first realized BitTorrent was being used to distribute Direct Revenue’s Aurora adware program when he began to notice its components showing up in logfiles alongside that of the BitTorrent client.

“I checked hundreds of those logs, and more often than not, [btdownloadgui.exe] was chugging away in the background. No wonder none of the victims (or spyware experts) seemed to know what site Aurora was coming from-there was no site. It would have never occurred to the end users that it could have crept in by another means altogether,” said Mr. Boyd.

When a BitTorrent user downloads a file, they are being greeted with an installation notice for the adware bundle distributed by Marketing Metrix Group. Accepting the agreement, which is not required to access the file the user downloaded, installs noted adware components like aurora.exe and nail.exe on tthe local system.

David Utter is a staff writer for WebProNews covering technology and business. Email him here.