Trojan, distributed over torrent, blocks torrent sites

A trojan named Troj/Qhost-AC, has been spotted on torrent sites labeled as a keygen for popular software. But in a strange surprise, the trojan would modify the users host file, rather than generating a key, changing popular torrent web sites like, The Pirate Bay, Suprbay (The Pirate Bay forum) and Mininova, the two most popular torrent sites on the internet to 127.0.0.1, making it impossible to visit these sites.

The Trojan caused pop-ups on users screens and played a sound file saying "downloading is wrong". The Trojan didn't install any other spyware or malware onto the victims PC, other than blocking the three web sites, something that many users thought was strange.

The torrent has since been removed from the web sites, but leaves many users asking who is behind this? Many users question it is another attack brought against by the RIAA or MPAA to prevent piracy among music, movies, and software. Not to mention, the leaked MediaDefender email from September 2007 that wanted to launch attacks against sites like The Pirate Bay, and bring about fake files and DoS attacks.

Luckily, the change to the host file brought about by the Trojan is easy to fix, simply by manually editing the host file to remove the added entries will fix the problem.

Report a problem with article
Previous Story

Steve Jobs: One letter can raise shares almost 6%

Next Story

Gamestop says 'goodbye' to Xbox

25 Comments

Commenting is disabled on this article.

Even when i disagreed with RIAA/MPAA, but this "trojan" is not done for such organization but a lousy script kiddie. To modify the host file is a cheap work, a real virus/trojan can tamper/hack directly the winsock, because this can be undetected for most users.

Its not legal to damage property that is not your. Most people don't know how to fix a problem like this.

DarkeSword said,
Yeah, but they didn't hide the trojan all that legal stuff, they hid it in a keygen. Let's be serious here: almost everyone who downloads a keygen is downloading it for the purpose of pirating software.

You are right about the keygen bit though. That's like going and stealing someones stash of drugs. What are they going to do, tell on you. It may be war, but you would never be able to get anything on them without telling on yourself also.

How poor would everyone be, if we didn't download..

But on the other side if this is the MPAA or RIAA then it is pretty pathetic..

Don't know who outside of the two would achually target a download site.. unless its some religious thing saying stealing is wrong.

Garnett

the SCDA (RIAA or MPAA equivalent in Chile, South America) were caught using illegal copy of Microsoft Office. in a keynote for a law proyect, to sanction bit torrent users and sites.

You can see the pics here: http://www.elnortero.cl/admin/render/noticia/18164

the SGAE (again RIAA or MPAA on spain) is being investigated for fiscal fraud, and espionage to key ppl who stands agains SGAE.

and now, this trojan. Hypocrisy at is best..

No offence but torrents aint illegal. I can purfectly download legal game patches, linux distros, updates etc via torrents

tunafish said,
No offence but torrents aint illegal. I can purfectly download legal game patches, linux distros, updates etc via torrents

Yeah, but they didn't hide the trojan all that legal stuff, they hid it in a keygen. Let's be serious here: almost everyone who downloads a keygen is downloading it for the purpose of pirating software.

portauthority on 05 Jan 2009 - 22:16

RIAA/MPAA needs to things like this more on a bigger scale to win the battle against theft


Like rape is a way to protect virginity?

:: Lyon :: said,
lol the comments make it look like the pirates are the heroes of justice and RIAA+MPAA are the villains

Well when the RIAA try to sue you for $150,000 for every song you download, they are pretty much villians. They tried to sue allofmp3.com for $1.65 trillion!!! And not surprisingly, RIAA lost.

MightyJordan said,
Well when the RIAA try to sue you for $150,000 for every song you download

What? Are you serial? This can't be true, songs cost < 1$ a piece.

Recon415 said,
What? Are you serial? This can't be true, songs cost < 1$ a piece.

"Emotional" damages can be any made up number in their eyes.

rm20010 said,
"Emotional" damages can be any made up number in their eyes.

We never talk about heroes or villains because neither RIAA or MPAA does. They always talk about the law. And according to law, torrent sites are LEGAL, but the cocky RIAA and MPAA say they're not.

In this case, torrent sites can be considered heroes.

coolmob said,
lets get our guns ready..... and show these loosers at RIAA and MPAA "WHO'S THE BOSS"


Really, who else would write a Trojan such as this? Unless... it's meant to make people mad at the RIAA & MPAA. Oh God, this could be a false flag attack! AAAAAAAAAAAHHHHHHH!

RAID 0 said,
Really, who else would write a Trojan such as this? Unless... it's meant to make people mad at the RIAA & MPAA. Oh God, this could be a false flag attack! AAAAAAAAAAAHHHHHHH!

I'm pretty sure one of the the MPAA members holds the copyrights to "Who's the Boss" already, so they could probably watch it any time they want.

i came across a virus or something the other day which like, infects the modem.sys and other system files , like it brings down your whole internet connection... it also came named as a 'keygen' , makes this trojan sound lame and weak in comparison...

Recon415 said,
Us piratez deserve our ritez! Yarrr, down with ye RIAA scurvy dogs!

The thing they did is illegal. Injecting a Trojan in a server is illegal by law, isn't it? How do they dare speak about illegality of torrent sites (though most reside in countries which doing that activity is legal)?

Glendi said,
The thing they did is illegal. Injecting a Trojan in a server is illegal by law, isn't it? How do they dare speak about illegality of torrent sites (though most reside in countries which doing that activity is legal)?

That's what I thought when I first read this. If it is indeed the RIAA or MPAA, then unless it is cleared by Microsoft, I guess this would be considered damage of property and invasion of privacy. Unfortunately, it would be impossible to prove unless we somehow got the original IP of the seeder. Of course, then there would probably be a proxy, and that lowers the chances of finding them even moe...

Recon415 said,
That's what I thought when I first read this. If it is indeed the RIAA or MPAA, then unless it is cleared by Microsoft, I guess this would be considered damage of property and invasion of privacy. Unfortunately, it would be impossible to prove unless we somehow got the original IP of the seeder. Of course, then there would probably be a proxy, and that lowers the chances of finding them even moe...

Who would hit a torrent site? The usual hackers use these kind of sites for their needs, I doubt they would hack TPB or any other.

It's clearly someone who hates or has a grudge against them. Which leads mostly to RIAA or MPAA. I'd bet anything it was them, they watch around these sites everyday and track IPs of people on several torrents... but these kind of job must have fed them up so they try to make people not use the site anymore because of a Trojan.