BitTorrent’s µTorrent downloaders got fake antivirus scareware, not the client they wanted
A shiver ran through the peer-to-peer (P2P) file sharing world as BitTorrent announced that it had been hacked by scareware mongers.
The BitTorrent blog announced: “This morning at approximately 4:20am Pacific Daylight Time (UTC -7), the µTorrent.com and BitTorrent.com Web servers were compromised. Our standard Windows software download was replaced with a type of fake antivirus ‘scareware’ program.”
A Minor Tremor
This would have meant that anyone downloading the BitTorrent Mainline, µTorrent, or the beta of the Project Chrysalis Windows interfaces to the P2P network would have been infected with Security Shield malware. Fortunately, BitTorrent’s fears were unfounded and the only interface to be affected was the µTorrent download site.
BitTorrent updated its warning blog accordingly. In the UK, the critical time would have been between 12.20pm and 2:20pm on Wednesday 14 September.
The µTorrent Windows interface is still probably the most popular downloader for accessing P2P files so, even though there was only a two hour exposure, many users could have been inconvenienced.
Security Shield is a scareware product which throws up a pop-up screen warning the user that there is a nasty virus on the machine and offers to remove it for a price. In fact, there is nothing wrong with the “infected” computer but many users panic and pay up – hence the scareware name.
As this was a fairly simple hack, merely replacing the µTorrent client with the malware, it was quickly remedied and BitTorrent now claims its site is clean.
There has been a rash of fake antivirus attacks, especially through Facebook and from infected adverts on websites (malvertisements). The software must be removed but there are many sites with detailed instructions – or the Windows system can be restored to an earlier state in many cases using System Restore as a temporary fix.