uTorrent and WinZip New Targets of BitTorrent Malware
All the best BitTorrent clients (like uTorrent) are free and when you install them they don’t install extra stuff on your PC like adverts, annoying popups or spyware.
However, there are companies out there who give you ‘free’ software (like a torrent client) but at the same time install some of that extra stuff you don’t want too. We have regularly reported on BitTorrent clients which also install this malware such as Torrent101, BitRoll, TorrentQ and GetTorrent. These are just a handful of bad clients currently available online.
Wakenet has a new domain called uvTorrent.com (currently diverting to their Cash4Downloads site) - no prizes for guessing the planned confusion with novices and the official ‘uTorrent’ client. They also have a new (fake) ‘compression’ utility called Winzix, obviously named to be confused with Winzip. Unfortunate downloaders will download something from BitTorrent, only to learn that it needs to ‘decompressed’ with Winzix in order to work. Installing Winzix again results in malware getting onto the host PC.
Our investigations revealed two major servers carrying the malware-ridden clients, media players, compression utilities and other sites supporting the enterprise:
1. netpumper.com (there’s even a link to this from Wakenet’s homepage)
9. winzix.com (additional information from Symantec)
3. cash4downloads.com (Click here for removal instructions)
7. wakenet.se (WakeNet’s own homepage is on the same server)
14. Torrentspeeder.com (different server currently)
We suggest that everyone stays well away from every site on the above lists. Use uTorrent or Azureus to download and if you ever download anything that requires anything other than a standard media player or WinRAR in order to play, be a little suspicious. Checking the comments to the torrent you plan to download is always a good idea.
For the little more adventurous reader, it’s possible to use the Windows HOSTS file to block the activity caused not only by the malware listed above but also that from hundreds of other sources. We recommend the excellent guide from MVPS, “Blocking Unwanted Parasites with a Hosts File”
UPDATE: Reports suggest that software is now available to play 3WPlayer (and possibly DomPlayer) files without getting either player. This software is untested by TorrentFreak.