Pirates got more than they bargained for yesterday when popular torrent client uTorrent was hacked and served malicious fake anti-virus.
The malware was injected into uTorrent.com servers at 4:20am Pacific Time yesterday. It was bundled with the torrent client for about two hours meaning anyone who downloaded the file may have been infected.
Once the client was installed, a prompt appeared to ask users to download fake anti-virus software called Security Shield.
“Just after [9.20am] we took the affected servers offline to neutralise the threat. Our servers are now back online and functioning normally,” a blog post from BitTorrent read.
“We have completed preliminary testing of the malware. Upon installation, a program called Security Shield launches and pops up warnings that a virus has been detected. It then prompts a user for payment to remove the virus. We recommend anyone who downloaded software between 4:20am and 6:10am Pacific Time run a security scan of their computer.”
The peer-2-peer site claimed neither BitTorrent.com nor the BitTorrent Mainline/Chrysalis clients were affected.
Sophos technology chief Paul Ducklin said those sites would most likely have been hit.
“Since the two sites share the same network infrastructure - both resolve to the same IP number in Limelight Networks' cloud - you might want to ignore that blog update and assume that any recent downloads from Bittorrent, Inc. were dodgy and give yourself a thorough anti-malware checkover,” Ducklin said in a blog post.