A week since the file-sharing clearinghouse Mininova changed its business model and deleted links to copyrighted material being shared over the peer-to-peer Bittorrent network, malware distributors continue to exploit the confusion as people who download movies, TV shows, and other shared files seek out new sources for those files.
As a torrent search engine, Mininova had to deal with a significant number of malicious torrents posted to their site each day. The service had a reputation for rapidly deleting torrents which led to Trojaned applications, or maliciously crafted media files that lead file-sharing enthusiasts into infections. But in the ensuing frenzy to find a new home, torrent downloaders may encounter more than they bargained for.
In a desperately unscientific test of torrents retrieved from several of the sites that have popped up to replace Mininova, we retrieved a significant number of malicious Windows Media Video files, as well as torrents that contain a password-protected archive (supposedly containing the video file) and malicious HTML file which the malware distributor claims contains the password, but actually leads the viewer into a morass of advertisements. The WMV videos spawn a “License Acquisition” window in Windows Media Player that prompts potential viewers to download a video codec installer; The file is, in fact, a dangerous Trojan.
We used the torrent search engines’ own lists of “most popular” search terms to pull down the malicious files. Top among the popular searches on many sites was the phrase “new moon” or “Twilight” — a reference to the recently released teen-vampire-heartthrob cinematic sparklefest. The people who posted these malicious torrents claimed that they contain a video of the movie, ripped from a DVD screener — the discs that film studios distribute to members of the Academy, who need to watch the movies prior to casting their Oscar ballots. Screeners typically pop up on torrent sites around the end of the year.