Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

Torrent Site Proxies Rife With Malware Injecting Scripts


Recommended Posts

New research shows that torrent site proxies, which are often used to access blocked sites, are rife with malware and suspicious ads. From a sample of more than 6,000 sites more than 99% were found to insert their own code. According to researcher Gabor Szathmari some of these sites pose a great security risk.

In many countries including the UK, Italy, Denmark and France, the leading torrent sites are no longer freely accessible.

These court-ordered blockades requested by the music and movie industries are becoming widespread, but so are the tools to circumvent them.

For every domain name blocked, many proxies and mirrors emerge. These sites allow people to access the blocked sites and effectively bypass the restrictions put in place by the court.

Initially, the proxy sites were launched to help users gain access to their favorite torrent sites. However, more recently the demand for circumvention tools is being abused by people who are out to make hard cash.

Instead of offering a simple workaround, many proxies add their own scripts. In some cases these scripts are harmless, but according to security researcher Gabor Szathmari the majority serve questionable content.

Szathmari examined a sample of 6,158 proxy sites and found that over 99% added their own code. Only 21 sites in the sample did not modify the original site.

“99.7% of the tested torrent mirrors are injecting additional JavaScript into the web browsing traffic. A great share of these scripts serve content with malicious intent such as malware and click-fraud,” he notes.

The researcher informs TF that many of the researched proxies are suspicious because they use code that is either obfuscated or has a lot of random redirects. These scripts pretty much all use the proxyads.net domain name.

number-of-script-injecting-proxies

Taking a closer look at the proxies reveals that several of the ads link to malware. In addition, one of the scripts generated fake views of car racing videos in the background.

The original torrent sites, including The Pirate Bay, KickassTorrents and ExtraTorrent, are aware of the problem and are trying to minimize the damage by blocking suspicious proxies and mirrors.

“It’s a serious issue. We have been fighting against it for a long time,” the ExtraTorrent team informs TF.

“Most unauthorized proxy websites loaded ExtraTorrent in a frame and added malware JavaScript code or replaced ET’s banners with others,” they add.

ExtraTorrent has been able to block several proxies, but they can’t do anything against those that use a cached version of the site. To guide users in the right direction they therefore publish a list of official mirrors on their site.

Copyright holders often warn that pirate sites may serve malware, but this research suggests that they are only making the problem worse by censoring the original sites.

“I am an advocate for unfiltered Internet, and this example shows that censorship can violate the security of end-users,” Szathmari tells TF.

Of course, some of the original sites may also run dubious ads, but the malicious proxies appear to be much worse and should be avoided.

“I would advise downloaders to always use the original sites or the official proxy sites whenever possible,” the researcher says.

“If the original sites are blocked by the ISP, I would recommend to bypass the filtering with a reputable VPN service that does not modify traffic, or a reputable mirror that does not alter the website in any way.”

Szathmari published the full findings and his research methodology in a recent blog post.

https://torrentfreak.com/torrent-site-proxies-rife-with-malware-injecting-scripts-150806/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Check out what our members are saying

  • Our picks

×
×
  • Create New...