uTorrent web servers compromised

Posted: 15th September 2011 by Babar Shafiq in Security, System Administration
Tags: , , ,

If you are a torrent lover like me then you need to read this.

Unfortunately, a day before yesterday (13th September, 2011) uTorrent’s (tiny and very stable torrent client) web servers were compromised by a hacker. This happened at 4:20am PST, and uTorrent’s web server team didn’t take the hacked server offline until 6am PST. The problem is, the hacker replaced the uTorrent Windows client with a fake antivirus executable. So anyone who downloaded the client during that 1 hour 40 minute period was actually downloading malware unknowingly.

The malware in question is called Security Shield, and is a well-known rogue anti-spyware program. It will pop-up a professional looking app screen on your desktop that lists fake infections after doing a fake scan. It then offers to remove them if you pay for the full-version of the “security suite.”

If you were unlucky enough to visit utorrent.com and download the Windows client during couple of days, then you’ve probably already seen the Security Shield software pop-up and run on your machine. You need to remove it asap check your PC with some good Antivirus other wise read this page [bleepingcomputers]

uTorrent has now apologized and managed to get their servers back online after removing the rogue files. If nothing else this should act as a reminder to everyone to ensure any files you download from the Internet are scanned with a reputable security scanner before being run, as clearly you can’t trust legitimate sites all of the time.