Researchers Counter Massive Onslaught of Fake Torrents
26 August 2012
One third of all torrents uploaded to The Pirate Bay point to malware or scams, researchers report. While Pirate Bay moderators are usually quick to remove suspect torrents they can’t prevent millions of people from downloading these fake files. To counter this threat the researchers have published TorrentGuard, a tool that allows users to identify fake torrents. The Pirate Bay and several large public trackers are eager to collaborate with the researchers to optimize and implement the new technology.
With an estimated quarter billion active users per month, BitTorrent is a lucrative target for scammers and malware peddlers.
Every day thousands of “fake” torrents are uploaded from malicious sources, often labeled with the names of popular movies or TV-shows. Needless to say, those who download these torrents don’t get what they were looking for. Instead they are redirected to scam websites or lured into installing malware.
One of the prime platforms where these fake torrents are published is without doubt The Pirate Bay. To measure the scope of this problem and what can be done about it, a group of researchers decided to monitor all Pirate Bay uploads. The just-published results (pdf) are rather surprising.
During a two week period the researchers collected a total of 29,330 torrent files and found that 12,209 were “fake” and eventually removed from The Pirate Bay. Put differently, one in three torrent files uploaded to The Pirate Bay links to malware or scams of some kind.
This result may be surprising to many Pirate Bay users as these fake files rarely stay on the site for long. Moderators tend to delete the torrents in question within minutes or hours, but according to the researchers this is too late for the many people who’ve already started downloading the files.
The researchers estimate that in a year’s time millions of people will be downloading these fake files. Interestingly, people from the US, China and Brazil fall for these scams more than the average downloader. BitTorrent users from Spain, India and Great Britain on the other hand are best at avoiding them.
The researchers believe the mass distribution of these fake files poses a serious threat to the security of Internet users, but luckily they’ve also come up with a solution.
In addition to describing and analyzing the fake torrent phenomenon, the researchers have also developed a tool that allows BitTorrent users to check torrents before they’re downloaded. Their TorrentGuard application is available as a Vuze plugin and users can also test torrents via the website.
The researchers are able to accurately identify fake torrents because the vast majority of the files are uploaded by a small group of uploaders. They found that 90% of all fake files were initially seeded by just 20 different IP-addresses. By using the TorrentGuard tool, the researchers estimate that 10 million fake downloads per year can be prevented.
Talking to TorrentFreak, researcher Rubén Cuevas of Universidad Carlos III de Madrid explains that the research is important because it reveals the threat posed by these fake torrents. He hopes that more researchers will take this aspect of cyber-security seriously and that the research presents an opportunity to educate the public.
“Of course skilled users are aware of these risks and are able to identify fake torrents in most cases. However, a large percentage of BitTorrent users are unskilled and not capable of distinguishing between legitimate and fake torrents.”
“We hope that our research is able to make at least a fraction of the unskilled users aware of this threat, so that they become more careful when selecting the torrents to download,” Cuevas says.
Ideally, the research team would like BitTorrent portals and trackers to cooperate.
“In order to make TorrentGuard even more efficient, we would need the collaboration of both BitTorrent portals and BitTorrent trackers,” Cuevas told TorrentFreak.
This would not only make the TorrentGuard tool more effective, it would also prevent even more fake torrents from spreading as BitTorrent sites would be able to detect them earlier.
The Pirate Bay team informed TorrentFreak that they are interested in collaborating, especially if doing so can prevent millions of people from falling for these scams. OpenBitTorrent and PublicBitTorrent, the two largest public BitTorrent trackers, have also indicated that they want to work with the researchers to improve the tool.
If the collaboration leads to a practical solution which is adopted across all popular BitTorrent portals, the researchers predict that 35 million fake downloads can be prevented, making the Internet a safer place for all.