Top Torrent Site 1337x Blocked By MalwareBytes For Alleged ‘Fraud’

[Matrix]

1337x.to, one of the world's most popular torrent sites, is being blocked by anti-malware company MalwareBytes. The tool claims that 1337x is engaged in "fraud" and is a "scam to try to steal your information or credit card details" yet Google gives the torrent site a clean bill of health. MalwareBytes is also claiming the same against PCgames-download.com, without supporting evidence.

People browsing the Internet on a Windows-based computer should always presume that their machines are vulnerable to attack.

From using a decent firewall to anti-virus and similar tools, prevention is always better than cure when it comes to the various threats lurking in the online space.

For people who frequent torrent and streaming sites, the rules are no different. Anti-virus, anti-malware, and sometimes aggressive ad-blocking tools are considered a must, to ensure that rogue adverts or booby-trapped downloads don’t gain traction on a user’s machine.

One of the most popular tools in this space is MalwareBytes. In addition to dealing with malware already present on a user’s machine, its premium product also offers real-time protection, ensuring that users aren’t even allowed to visit dangerous or untrustworthy websites by blocking them automatically.

In normal and sensible use, MalwareBytes is generally hard to trigger but during the past few days, the software has been preventing access to a pair of popular ‘pirate’ sites.

The first brought to our attention was PCgames-download.com, a portal that specializes in downloads of the latest PC games. During the middle of last week, MalwareBytes declared the site dangerous, preventing all users from visiting the platform.

Worryingly, MalwareBytes flagged the site as “fraud”, declaring it is a “scam” that tries to “steal your information or credit card details.” Given that the site isn’t known for such activity and tests via Google’s malware checker gave it a clean bill of health, TorrentFreak contacted MalwareBytes asking for more information. We received no response.

We did, however, have an email exchange with the operator of PCgames-download.com who told us that he wasn’t surprised at the block, given that MalwareBytes has done this to similar sites in the past. He pointed out that none of the main anti-virus vendors has a problem with his site, going on to detail the measures taken to ensure that rogue advertising networks aren’t allowed.

While a single blocking issue isn’t particularly surprising, we’ve now learned that one of the world’s most popular torrent sites is also being blocked for the same reason. As the screenshot below shows, 1337x.to is also being flagged for “fraud”, with MalwareBytes users blocked from visiting the site.

 

Blocked for alleged ‘fraud’
 

 

Again, 1337x.to – which at the start of the year was placed 3rd in our annual overview of the world’s most-visited torrent sites – doesn’t have a reputation for engaging in malicious or abusive behavior.

However, according to MalwareBytes, the site is being blocked due to the reason shown in the screenshot below.

 

1337x.to blocked for alleged ‘fraud’
 

 

Since MalwareBytes has been unresponsive to our requests for clarification, we have no idea why the 1337x.to is being blocked or whether the claims have substance or are the result of a false positive. However, when cross-checking the domain with Google’s sophisticated malware checker tool, we can see that 1337x (just like PCgames-download.com) is given a clean bill of health.

 

Google has no issue with 1337x.to
 

 

If MalwareBytes do get round to answering our questions we’ll update this article with their comments. In the meantime, however, it might be worth the company providing more information when it decides to block an entire website.

Anti-virus companies display the names of the viruses they find to inform users, so doing the same for visitors to allegedly fraudulent websites would certainly clear up some of the confusion. Fraud is a big allegation and should be backed up with some evidence, whenever possible.

Update: In the case of 1337x, MalwareBytes is blocking the IP address 104.31.16.3, which is registered to Cloudflare. It is shared by more than 150 other sites, which could also be subject to blocking and the same message about fraud.

 

Source

[Screen]

1337x might have some issues since they did have some Ransomware programs uploaded there.

especially GANDCRAB V5.0.4 packages recently.

[luisam]

10 hours ago, Screen said:

1337x might have some issues since they did have some Ransomware programs uploaded there.

especially GANDCRAB V5.0.4 packages recently. 

 

While as an isolated case, Malwarebytes' block might be attributed to Ransomware and/or other malware uploaded to this site, overall information might indicate that they are diagnosing excessively "false positive", at large a dangerous "coming the wolf" alert. Pirated applications and games in most cases are 100% malware free and an antimalware should never mix up those conditions. In any case, it might alert the it's a "potentially unwanted program" but never as a malware and of course, the final result of blocking a site for false positive results might be the removal of Malwarebytes.

Actually I find Malwarebyes' online check annoying and rather useless while it's quite efficient detecting and removing already installed malware.

[steven36]

People uploading malware to torrent sites  is old as dirt  , back in like 2008 i download  a scene release  that someone had modified the keygen   and packed it with a 0 day Trojan horse  .. The sad thing about if there was a real threat MalwareBytes  would not even detect  it . When i scanned  that malware only 2 antivirus picked it up at  VT .   I tested MalwareBytes  every since it 1st came out off and on and it never  found nothing on my systems but false positives and i don't trust them not to be working  with the FBI  ..Only time it  ever was useful  is if i used it  on someone's system  that didn't already  have and Antivirus installed.  Then in  2014  someone uploaded a big game release  Watch Dogs  with Bitcoin-mining malware and 1000s got infected.

https://www.welivesecurity.com/2014/05/27/watch-dogs-malware/

 

Also MalwareBytes has a bad rep for  false positives  for cracks as well  .I consider any security software that charges money that have lots of false positives to be  a fraud as well because it's scare-ware  . And while MalwareBytes  may have a free version  it's not really free  they harvest  your data when you run a scan, read there privacy policy . 

 

Quote

 

Solenoid Null • an hour ago

If you are a software developer, you know very well how faulty Malwarebytes actually is. I maintain a small library of linux and windows utilities, and a small handful of them are detected as containing viruses and other malware... straight from the GCC compiler output from sources I coded 100% from scratch myself. One of my linux utilities to help with mass downloading was detected as having a windows keylogger (and this is a linux elf binary) in it and I had to obfuscate the source enough that the GCC compiled output didn't bullshit trigger Malwarebytes anymore. It is a complete joke of a protection system and is absolutely rife with false positives.

 

 

This goes back  to what  I was talking  about if it was real 0day malware  the coder  would obfuscate the source before ever uploading and most security software would never pick it up if this guy who makes Windows and Linux legit software can obfuscate  false  positives witch many crackers do . Most keygens  don't get flagged  tell after it's been uploaded to VT  by some paranoid downloader .  It is super easy for them  to obfuscate malware  once it gets uploaded to VT  it's  no longer a  0day because any good scanner will have the signature  so most of the time the coder will obfuscate it with something else so it  will get by them again and it will be the same malware but a different variant because its been re obfuscated. 

[funkyy]

I just visited 1337x.to and Malwarebytes didn't block it. (Malwarebytes Corporate)

[KXR75]

No matter what 1337x.to also blocked in my country.