Tu Madre Comido mi perro!

New Breed of Corrupt Torrent Infiltrates BitTorrent
September 24, 2005
Thomas Mennecke

myBittorrent is a popular BitTorrent listing site used by tens of thousands of individuals each day. It also has become the focus of an individual or group of individuals looking to undermine the integrity of the BitTorrent community. Although false and corrupt files have been a part of the BitTorrent community since its beginning, a new kind is emerging that aims for maximum exposure.

“I think they are doing this to give BitTorrent a bad name,â€? Rex, the administrator of myBittorrent told Slyck.com.

Of course the proverbial “they” is the real question. According to Rex, about 50 new torrents have been released from what he calls “fake” trackers (~31 in total.) These trackers are seemingly part of an elaborate plot to infiltrate the BitTorrent community with intentionally corrupt files. These movie and film titles are specifically designed to report false information to trackers, thereby gaining artificially inflated popularity.

“In a very short period of time, these false torrents have become most of my top downloads,� Rex told Slyck.com. “I’ve never seen anything else before like it.�

Those who download these torrents are unable to complete a full download, as the file transfer stops at approximately 97%-98%.

Here’s how this clever plot works.

These trackers have published about 50 variant torrents of only three titles, “The Wedding Crashers”, “Charlie and the Chocolate Factory”, and the first three episodes of “The O.C.” Some titles are published as “DVD-rips” while others are pushed as “XviDs”. Others are presented as an English or French releases.

This is done to disguise the origin of the torrent, and also to present a diverse array of choices. For example, if all were DVD-rips, their exposure would be limited to those only with enough bandwidth to download such large films. Having DVD-rips and XviDs exposes the torrent to a wider market.

According to Rex, the torrent originating from false trackers are intentionally reporting false information. For example, a corrupt torrent will report 400 seeds with 3000 leeches. Since the more individuals having a file are indicative of the file’s download speed, it becomes a highly downloaded torrent and aids in its popularity.

The ruse is additionally disguised by spreading the torrent release from over 31 different trackers. Interestingly enough, although the identified trackers have different sub domains, they all originate from the same IP address.

It appears myBittorrent has borne the brunt of this attack; however these types of corrupt torrents have begun to appear on Mininova as well. Since the threat has been identified, the administration of myBittorrent has begun eliminating any torrent files originating from the identified trackers. At this time, the origins of the attack are unknown. But their initial goal of gaining maximum exposure certainly did work, if only for a short while.

The myBittorrent.com Staff has identified the following trackers as BAD TRACKERS:

http://distan.servecounterstrike.com/announce

http://freevideo.no-ip.info/announce

http://zorba.zapto.org/announce

http://fuf.zapto.org/announce

http://tzar.servecounterstrike.com/announce

http://whypay.servebeer.com/announce

http://m0vies.servep2p.com/announce

http://matha.sytes.net/announce

http://tracker.workisboring.com/announce

http://freemovies.serveftp.com/announce

http://chech.servequake.com/announce

http://kur.servegame.com/announce

http://nia.servehttp.com/announce

http://torrentsource.servemp3.com/announce

http://mpaa.servehttp.com/announce

http://nopay.no-ip.info/announce

http://prince2.bounceme.net/announce

http://startracker.geekgalaxy.com/announce

http://cash.servequake.com/announce

http://gleneagle.damnserver.com/announce

http://zesty.no-ip.info/announce

http://206.81.133.67/announce

http://coolserver.servecounterstrike.com/announce

http://mpaa.servehttp.com/announce

http://tracker101.no-ip.info/announce

http://q1.sytes.net/announce

http://matha.sytes.net/announce

http://mishmish.servemp3.com/announce

http://waikiki.net-freaks.com/announce

http://only-guiness.servebeer.com/announce

http://gruzia.zapto.org/announce

Didn’t I tell you people to stop downloading movies?

Technorati tags: MPAA, Bit Torrent, bittorrent

“ATTENTION: MPAA have been running 2 trackers on 1 IP, 71.138.166.218 so ban it, they are fake files and just log your ip details”

If this makes sense to you, you know what to do. It’s why I keep telling people; don’t download movies. Can’t wait to see where this one ends up.

Technorati tags: MPAA, Bit Torrent, bittorrent

It seems I’m not the only one with a little drama. I pulled this article from suprnova.

“Methlabs was founded in the year 1997 and in these many years we have got to know them mostly by their release of PeerGuardian, who is mostly used by users to block anti-piracy organisations and other addresses that may hurt regular users.

Most members of the PeerGuardian team have been forced to leave their website and servers. One of the so called ‘trusted’ members who was responsible of taking care for finances has with time, slowly taken over the MethLabs website and servers. This member has also taken over all of the donations, that were given to the development team by the users of PeerGuardian.

Methlabs says they will continue development of the PeerGuardian2 at a different temporary location and that they are currently searching for a new permament home, but until they find it you can access their website at PeerGuardian.SF.net.

We have talked with Joseph Farthing who is one of the admins of Methlabs and he has told us that the person who stole their servers and money was using the nick “cerberius” and that he has been on Methlabs team for a bit over a year.

Also fake news has appeared on internet saying, that everything Joseph Farthing and others are saying are lies and are trying to confuse people. The fake news can be found at Methlabs.org. You can also see a reply from Joseph Farthing at p2pnet.net.

Methlabs advises users to not update their blocklist, since this part of Methlabs that was hosting the blocklist has been taken over too. PeerGuardian users are advised to update their blocklists from a temporary link, until their lists return.

Once they are settled on the new location, they will update PeerGuardian with the new lists and redirect everything to the new domain. Users are advised to not trust anything they see from domains MethLabs.org & BlockList.org.

For now we can only hope no users will be harmed from this unfortunate event and we wish Methlabs all the best luck with setting their new site up.

We will cover the story as it evolves and keep you informed.”

Remember, if you’re using PeerGuardian, make sure you turn off auto updates. And if anyone knows how to manually update the lists, please let me know.

EDIT: I found out an easy way to update the blocklists. Get yourself some Blocklist Manager.

EDIT: Taken from slyck.com
September 27, 2005
Thomas Mennecke

Two weeks ago, Slyck reported on the apparent hijacking of the Methlabs.org and associated domain names. According to the SOS press release, a “majority of the Methlabs.org administration and development team have been forced out of their website.�

In addition, the assets of the site, including the Blocklist.org source code and Methlabs.org’s financial donations, were also taken over.

According to Methlabs.org, founded by Tim Leonard and Ken McKelland, an individual named “Cerberius� slowly took control of the site. Slyck contacted Cerberius and received his explanation of how events unfolded.

“D3f (co-founder of Methlabs.org) told me to renew it. I did, and in doing so, it was transferred to my account. D3f said this exactly, “Just checking in guys been working non stop but something needs to be taken care of Blocklist.org has expired and register fly no longer excepts paypal, so someone is gonna have to try and renew it.�

According to Cerberius, there was a revolt on Methlab.org several months after he renewed the domains.

“The other individuals wiped the server of all data. I came online that day and found things had been taken over, etc. There was a revolt, and I was threatened to turn over the domain. Needless to say, I knew nothing of this and was angry�

But this didn’t add up to now restored owner, Tim Leonard. Leonard told Slyck.com that Cerberius was only authorized to renew the domains, not take ownership of the site. After he took control of the site, he was then able to seize the site’s assets.

Over the course of several weeks prior to the hijacking, tensions built within the Methlabs.org community. According to moderators, Cerberius’s philosophy was becoming increasingly incompatible with that of Methlabs. Because of this incompatibility, the administration was moving to remove him from power. The situation came to a head, and the knowledge entrusted to Cerberius was then used against Methlabs to hijack the site.

In the end, Cerberius came to realize this simply was not a fight worth fighting, and agreed to transfer the domains and assets back to Tim Leonard. The transfers took place approximately 1 hour prior to the publication of this article, which has been verified by Tim Leonard and by conducting a “WhoIs� query in GoDaddy.com.

I was talking to this scientist guy earlier this week, and he said that there was going to be a mininova soon, or something like that. He said it was going to blow up. I don’t know what a mininova is. I should probably look it up.