Matrix Posted November 19, 2018 Share Posted November 19, 2018 1337x.to, one of the world's most popular torrent sites, is being blocked by anti-malware company MalwareBytes. The tool claims that 1337x is engaged in "fraud" and is a "scam to try to steal your information or credit card details" yet Google gives the torrent site a clean bill of health. MalwareBytes is also claiming the same against PCgames-download.com, without supporting evidence. People browsing the Internet on a Windows-based computer should always presume that their machines are vulnerable to attack. From using a decent firewall to anti-virus and similar tools, prevention is always better than cure when it comes to the various threats lurking in the online space. For people who frequent torrent and streaming sites, the rules are no different. Anti-virus, anti-malware, and sometimes aggressive ad-blocking tools are considered a must, to ensure that rogue adverts or booby-trapped downloads don’t gain traction on a user’s machine. One of the most popular tools in this space is MalwareBytes. In addition to dealing with malware already present on a user’s machine, its premium product also offers real-time protection, ensuring that users aren’t even allowed to visit dangerous or untrustworthy websites by blocking them automatically. In normal and sensible use, MalwareBytes is generally hard to trigger but during the past few days, the software has been preventing access to a pair of popular ‘pirate’ sites. The first brought to our attention was PCgames-download.com, a portal that specializes in downloads of the latest PC games. During the middle of last week, MalwareBytes declared the site dangerous, preventing all users from visiting the platform. Worryingly, MalwareBytes flagged the site as “fraud”, declaring it is a “scam” that tries to “steal your information or credit card details.” Given that the site isn’t known for such activity and tests via Google’s malware checker gave it a clean bill of health, TorrentFreak contacted MalwareBytes asking for more information. We received no response. We did, however, have an email exchange with the operator of PCgames-download.com who told us that he wasn’t surprised at the block, given that MalwareBytes has done this to similar sites in the past. He pointed out that none of the main anti-virus vendors has a problem with his site, going on to detail the measures taken to ensure that rogue advertising networks aren’t allowed. While a single blocking issue isn’t particularly surprising, we’ve now learned that one of the world’s most popular torrent sites is also being blocked for the same reason. As the screenshot below shows, 1337x.to is also being flagged for “fraud”, with MalwareBytes users blocked from visiting the site. Blocked for alleged ‘fraud’ Again, 1337x.to – which at the start of the year was placed 3rd in our annual overview of the world’s most-visited torrent sites – doesn’t have a reputation for engaging in malicious or abusive behavior. However, according to MalwareBytes, the site is being blocked due to the reason shown in the screenshot below. 1337x.to blocked for alleged ‘fraud’ Since MalwareBytes has been unresponsive to our requests for clarification, we have no idea why the 1337x.to is being blocked or whether the claims have substance or are the result of a false positive. However, when cross-checking the domain with Google’s sophisticated malware checker tool, we can see that 1337x (just like PCgames-download.com) is given a clean bill of health. Google has no issue with 1337x.to If MalwareBytes do get round to answering our questions we’ll update this article with their comments. In the meantime, however, it might be worth the company providing more information when it decides to block an entire website. Anti-virus companies display the names of the viruses they find to inform users, so doing the same for visitors to allegedly fraudulent websites would certainly clear up some of the confusion. Fraud is a big allegation and should be backed up with some evidence, whenever possible. Update: In the case of 1337x, MalwareBytes is blocking the IP address 104.31.16.3, which is registered to Cloudflare. It is shared by more than 150 other sites, which could also be subject to blocking and the same message about fraud. Source Link to comment Share on other sites More sharing options...
1337x.to, one of the world's most popular torrent sites, is being blocked by anti-malware company MalwareBytes. The tool claims that 1337x is engaged in "fraud" and is a "scam to try to steal your information or credit card details" yet Google gives the torrent site a clean bill of health. MalwareBytes is also claiming the same against PCgames-download.com, without supporting evidence. People browsing the Internet on a Windows-based computer should always presume that their machines are vulnerable to attack. From using a decent firewall to anti-virus and similar tools, prevention is always better than cure when it comes to the various threats lurking in the online space. For people who frequent torrent and streaming sites, the rules are no different. Anti-virus, anti-malware, and sometimes aggressive ad-blocking tools are considered a must, to ensure that rogue adverts or booby-trapped downloads don’t gain traction on a user’s machine. One of the most popular tools in this space is MalwareBytes. In addition to dealing with malware already present on a user’s machine, its premium product also offers real-time protection, ensuring that users aren’t even allowed to visit dangerous or untrustworthy websites by blocking them automatically. In normal and sensible use, MalwareBytes is generally hard to trigger but during the past few days, the software has been preventing access to a pair of popular ‘pirate’ sites. The first brought to our attention was PCgames-download.com, a portal that specializes in downloads of the latest PC games. During the middle of last week, MalwareBytes declared the site dangerous, preventing all users from visiting the platform. Worryingly, MalwareBytes flagged the site as “fraud”, declaring it is a “scam” that tries to “steal your information or credit card details.” Given that the site isn’t known for such activity and tests via Google’s malware checker gave it a clean bill of health, TorrentFreak contacted MalwareBytes asking for more information. We received no response. We did, however, have an email exchange with the operator of PCgames-download.com who told us that he wasn’t surprised at the block, given that MalwareBytes has done this to similar sites in the past. He pointed out that none of the main anti-virus vendors has a problem with his site, going on to detail the measures taken to ensure that rogue advertising networks aren’t allowed. While a single blocking issue isn’t particularly surprising, we’ve now learned that one of the world’s most popular torrent sites is also being blocked for the same reason. As the screenshot below shows, 1337x.to is also being flagged for “fraud”, with MalwareBytes users blocked from visiting the site. Blocked for alleged ‘fraud’ Again, 1337x.to – which at the start of the year was placed 3rd in our annual overview of the world’s most-visited torrent sites – doesn’t have a reputation for engaging in malicious or abusive behavior. However, according to MalwareBytes, the site is being blocked due to the reason shown in the screenshot below. 1337x.to blocked for alleged ‘fraud’ Since MalwareBytes has been unresponsive to our requests for clarification, we have no idea why the 1337x.to is being blocked or whether the claims have substance or are the result of a false positive. However, when cross-checking the domain with Google’s sophisticated malware checker tool, we can see that 1337x (just like PCgames-download.com) is given a clean bill of health. Google has no issue with 1337x.to If MalwareBytes do get round to answering our questions we’ll update this article with their comments. In the meantime, however, it might be worth the company providing more information when it decides to block an entire website. Anti-virus companies display the names of the viruses they find to inform users, so doing the same for visitors to allegedly fraudulent websites would certainly clear up some of the confusion. Fraud is a big allegation and should be backed up with some evidence, whenever possible. Update: In the case of 1337x, MalwareBytes is blocking the IP address 104.31.16.3, which is registered to Cloudflare. It is shared by more than 150 other sites, which could also be subject to blocking and the same message about fraud.
Screen Posted November 19, 2018 Share Posted November 19, 2018 1337x might have some issues since they did have some Ransomware programs uploaded there. especially GANDCRAB V5.0.4 packages recently. Link to comment Share on other sites More sharing options...
luisam Posted November 19, 2018 Share Posted November 19, 2018 10 hours ago, Screen said: 1337x might have some issues since they did have some Ransomware programs uploaded there. especially GANDCRAB V5.0.4 packages recently. While as an isolated case, Malwarebytes' block might be attributed to Ransomware and/or other malware uploaded to this site, overall information might indicate that they are diagnosing excessively "false positive", at large a dangerous "coming the wolf" alert. Pirated applications and games in most cases are 100% malware free and an antimalware should never mix up those conditions. In any case, it might alert the it's a "potentially unwanted program" but never as a malware and of course, the final result of blocking a site for false positive results might be the removal of Malwarebytes. Actually I find Malwarebyes' online check annoying and rather useless while it's quite efficient detecting and removing already installed malware. Link to comment Share on other sites More sharing options...
steven36 Posted November 19, 2018 Share Posted November 19, 2018 People uploading malware to torrent sites is old as dirt , back in like 2008 i download a scene release that someone had modified the keygen and packed it with a 0 day Trojan horse .. The sad thing about if there was a real threat MalwareBytes would not even detect it . When i scanned that malware only 2 antivirus picked it up at VT . I tested MalwareBytes every since it 1st came out off and on and it never found nothing on my systems but false positives and i don't trust them not to be working with the FBI ..Only time it ever was useful is if i used it on someone's system that didn't already have and Antivirus installed. Then in 2014 someone uploaded a big game release Watch Dogs with Bitcoin-mining malware and 1000s got infected. https://www.welivesecurity.com/2014/05/27/watch-dogs-malware/ Also MalwareBytes has a bad rep for false positives for cracks as well .I consider any security software that charges money that have lots of false positives to be a fraud as well because it's scare-ware . And while MalwareBytes may have a free version it's not really free they harvest your data when you run a scan, read there privacy policy . Quote Solenoid Null • an hour ago If you are a software developer, you know very well how faulty Malwarebytes actually is. I maintain a small library of linux and windows utilities, and a small handful of them are detected as containing viruses and other malware... straight from the GCC compiler output from sources I coded 100% from scratch myself. One of my linux utilities to help with mass downloading was detected as having a windows keylogger (and this is a linux elf binary) in it and I had to obfuscate the source enough that the GCC compiled output didn't bullshit trigger Malwarebytes anymore. It is a complete joke of a protection system and is absolutely rife with false positives. This goes back to what I was talking about if it was real 0day malware the coder would obfuscate the source before ever uploading and most security software would never pick it up if this guy who makes Windows and Linux legit software can obfuscate false positives witch many crackers do . Most keygens don't get flagged tell after it's been uploaded to VT by some paranoid downloader . It is super easy for them to obfuscate malware once it gets uploaded to VT it's no longer a 0day because any good scanner will have the signature so most of the time the coder will obfuscate it with something else so it will get by them again and it will be the same malware but a different variant because its been re obfuscated. Link to comment Share on other sites More sharing options...
funkyy Posted November 20, 2018 Share Posted November 20, 2018 I just visited 1337x.to and Malwarebytes didn't block it. (Malwarebytes Corporate) Link to comment Share on other sites More sharing options...
KXR75 Posted November 20, 2018 Share Posted November 20, 2018 No matter what 1337x.to also blocked in my country. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.