Jump to content

MalwareBytes Blocks Torrent Sites & Suspect Peers


shamu726

Recommended Posts

Users of MalwareBytes can no longer access at least two leading torrent sites. Isohunt.to and LimeTorrents are not considered a direct threat but the IP ranges used by the sites are reportedly linked to malicious activity. Additionally, MalwareBytes is also blocking suspect torrent peers due to links to malicious behavior.

malwarebytes1.jpg

Anti-malware software MalwareBytes has proven somewhat of a hit with pirates lately following a rather generous offer.

Rather than punishing people who use unlicensed versions of their software, MalwareBytes’ creators ran an amnesty program through which people could receive a premium product for zero cost.

It’s likely that many of those now using a free key will have accessed their previously unlicensed version from a torrent site. However, a feature present in the premium edition means that at least two of the world’s most popular venues are now completely off-limits to users of the software.

As can be seen from the screenshots below, visitors to Isohunt.to and LimeTorrents.cc – two of the world’s largest torrent sites – are currently rendered inaccessible by MalwareBytes’ “Malicious Website Protection” module.

isohunt-blocked.png

lime-malware.png

Puzzled at why the software should take this approach but noting the similarity between the IP addresses used by both sites, TorrentFreak approached MalwareBytes for comment.

“We’re blocking the IPs (amongst others) because there’s a plethora of IPs on the [same network] housing a ton of malvertising and fraud sites,” Malware Intelligence Analyst Steven Burn told TF.

“The ASN involved is thus far unresponsive and has been since March,” he added.

So, while neither Isohunt.to nor LimeTorrents are considered harmful by MalwareBytes, the company has chosen to block their IP addresses due to their proximity to others that are allegedly behaving maliciously.

These two sites are not the only ones affected either. Torrentdownloads.cc, Megafilmeshd.net, ebooks-gratuit.com plus a range of other sites hosted in Ukraine are all blocked by MalwareBytes’ Web Protection module.

While it’s easy to regain access to any blocked site by selecting the appropriate button in the corresponding MalwareBytes popup box, many users are likely to consider blocked sites as dangerous, despite them essentially being victims of someone else’s wrong doing.

Speaking with TF, Isohunt.to told TF that the blocked host in question actually provides a good service.

“These guys webcare360.com provide great hosting that is bulletproofed against different kind of abuses. So a lot of websites around the world use their service,” the site explains.

“Looks like MalwareBytes simply blocked all IP addresses that belong to this hosting provider.”

Another issue that raised its head during our tests is the seemingly random IP addresses MalwareBytes blocks while connecting to certain torrent swarms. On numerous occasions the software flags IP addresses as malicious and denies connections to them. Intrigued, we asked MalwareBytes for an explanation.

“Our main goal is to protect our users from malicious hosts that could either be servers participating in drive-by downloads or even home computers spewing spam,” Jérôme Segura, Senior security researcher at MalwareBytes, told TF.

“So the block of only certain IPs within that pool is simply that. We are blocking the ones that we have identified for malicious activity, which also happen to be torrenting.”

The blocking of these IP addresses raises an interesting dilemma. Due to their connections to suspicious activity elsewhere, MalwareBytes considers them malicious and excludes them. However, it’s worth noting that despite their potential bad deeds elsewhere, peers in a torrent swarm go through a kind of vetting process based on the hash content of the material they’re carrying.

Put simply, while they possibly cause mischief elsewhere, these peers can’t do any real harm to the swarm. Blocking them won’t cause any really serious problems either (unless they’re the only seeder) but since they don’t need to be blocked we asked MalwareBytes about their policy.

“You bring up a very valid comment and something that many people might wonder about. I will pass this information along to see how we can manage this in a better way,” Jérôme Segura notes.

In conclusion, both scenarios (site and peer blocking) are caused by the blocking of IP addresses either directly or loosely connected to malicious activity elsewhere. MalwareBytes users will have to use their discretion when deciding whether to block or allow those connections in future.

Source: TorrentFreak

Link to comment
Share on other sites


  • Replies 2
  • Views 1.7k
  • Created
  • Last Reply

Malwarebytes just plain f**ken sucks. When they upgraded it from their 1.6x versions to the 2.0xx versions, I had nothing but problems. Websites blocked, performing quick scans randomly to grind my system to a halt when I needed it most and etc, etc, that I had to disable so many options it would nag that my system is not fully protected the best thing I ever did was hit that damn uninstall button, that saved my life.

Got rid of that garbage, all you need is a full secuirty suite (firewall & a/v) keep your Windows up to date and your good to go. No need for any other programs. If you feel you've been infected, run a spybot or spywareblaster or whatever other program is offered in the anti-malware section on nsane if you feel you got breached.

And if you ever download a file and not sure about its contents, their is always, jotti and virustotal. Also, use virtual machines and sandboxie .... if you can manage all that you won't get a virus, not even in XP. A sandboxed browser (chrome or FF) is a fantastic thing.

Malwarebytes can sit on this and rotate. :)

Have a nice day all!!

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...