Forgot your password?
typodupeerror
The Internet

Demonoid Resurrection Dismissed As Malware Was Legitimate 83

Posted by timothy
from the not-exactly-intuitive dept.
wo1verin3 writes "Previously reported on Slashdot was a story about a malware attempt masquerading itself as a Demonoid resurrection. It turns out this really was Demonoid making a comeback. With the site now back online with a new host, TorrentFreak caught up with its admins who tell us they have no malicious intent and simply want to bring a community back to together. While there is still uncertainty, one thing is absolutely clear – they do have the old Demonoid database."
This discussion has been archived. No new comments can be posted.

Demonoid Resurrection Dismissed As Malware Was Legitimate

Comments Filter:
  • by trifish (826353)

    WTF is Demonoid resurrection? And why did Slashdot editors not recognize TWO slashvertisments (or "viral ads" or whatever you want to call it) in a row?

  • A link to it (Score:5, Informative)

    by tebee (1280900) on Saturday May 11, 2013 @03:46AM (#43693273)

    To save having to read the linked articles it's here http://www.d2.vu/ [d2.vu]

  • Obviously not an expert but Demonoid was dead for so long who is still seeding these old files?
    Isn't this ressurrection almost totaly D.O.A.?

    • by The Rizz (1319) on Saturday May 11, 2013 @03:54AM (#43693313)

      Obviously not an expert but Demonoid was dead for so long who is still seeding these old files?

      Most torrents seed across multiple trackers and sites nowadays. Even if one site goes down, the same torrent may exist on dozens of other sites, and list the trackers for each of them.

      • Re: (Score:3, Interesting)

        by thegarbz (1787294)

        Obviously not an expert but Demonoid was dead for so long who is still seeding these old files?

        Most torrents seed across multiple trackers and sites nowadays. Even if one site goes down, the same torrent may exist on dozens of other sites, and list the trackers for each of them.

        Yes but how do new trackers announce themselves to existing seeds? Sure if the files were spread to other trackers and Demonoid brought back their tracker on the old domain then the system will just pick up where it left off. However, Demonoid is now restarting on the d2.vu domain so how would any of the current seeded files from Demonoid pick up on this tracker?

        They effectively will be starting from scratch, their only benefit is their name, goodwill, and the existence of a database of potential users to w

        • by Anonymous Coward

          Each torrent has a hash, if you want you can feed said hash to a recent enough client and it will make a general cattle call about more info. If the info is available it will then use said info to bootstrap the actual torrent download.

          This allow the same torrent to be handled by multiple overlapping torrents.

          Also, Demonoid operated both public and private tracking. Some of the more obscure stuff was usually only seeded on the private side and that tracker was never apparently shut down.

          ovo -hoot

        • by willaien (2494962)

          It looks like this iteration won't even have a tracker, so, there will be no need to announce the tracker.

    • Sure, sites that used demonoid as the sole tracker will be harmed by this, however many torrents that were on demonoid had multiple trackers. Those are still working quite well. It will take some take for a relaunch to get back on its feet, but it is certainly nice to see.

    • "Isn't this ressurrection almost totaly D.O.A.?"

      First, it hasn't been gone long at all. 8-9 months only. But it did move around a bit before it disappeared.

      Second, as for DOA: that's kind of like asking whether a library is DOA because it hasn't added any books in the last few months. Kind of a silly question, really.

  • It's a trap? (Score:5, Informative)

    by collet (2632725) on Saturday May 11, 2013 @03:57AM (#43693321)

    Maybe. From the old official IRC channel on p2p-network.net:

    "Topic for #demonoid is: OPEN REGS:UNKNOWN; SITE: DOWN; FORUM: DOWN; TRACKER: DOWN;| Welcome to #demonoid. | d2.vu is not demonoid, not run by demonoid admin or staff, and should not be supported. The site could be used to collect your usernames/passwords for their own use. Use at your own risk."

    • I agree, let's just say that there are members that never got that email about it being up. I wouldn't trust that they have the old db and most likely they are just phishing basically.
      • Re:It's a trap? (Score:5, Informative)

        by Anonymous Coward on Saturday May 11, 2013 @04:45AM (#43693463)

        I agree, let's just say that there are members that never got that email about it being up. I wouldn't trust that they have the old db and most likely they are just phishing basically.

        It's the genuine database all right. I just logged in and all the details about my old account are there (including the good old up/dl ratio). I hope in the following weeks rare torrents will get seeded again. Not even pirate bay had the variety of rare torrents that demonoid had.

        • Re:It's a trap? (Score:5, Insightful)

          by dissy (172727) on Saturday May 11, 2013 @10:27AM (#43694831)

          Hopefully it's not a password you have used anywhere else.

          These people definitely have a copy of the old database, and thus salted password hashes.
          Anyone logging in right now is also providing their clear-text password and confirmation if it is the correct password, as well as their IP.

          Between the two facts that the government would have spent the time cracking the hashes without much concern over the cost, plus the banner ads that would complicate a sting type operation, it's looking less like a government honeypot.

          Still, we know very little about these new admins.
          We know the original admins are aware of this and do not approve, and we have been told (by the new admins) that they were given a backup of the database and website for safe keeping in case the original admins needed it to resurrect the site, which has not been disputed by the original admins.

          • by SeaFox (739806)

            Hopefully it's not a password you have used anywhere else.

            These people definitely have a copy of the old database, and thus salted password hashes.
            Anyone logging in right now is also providing their clear-text password and confirmation if it is the correct password, as well as their IP.

            As it was pointed out in the TorrentFreak article comments, you could always choose to pretend you've forgotten your password and have Demonoid reset it. That provides no confirmation the password they had was correct. The password they have would only be useful on other sites that also use one's email address for username, and honestly anyone not using a spam or otherwise not-their-normal email address for registration for this kind of thing deserves to get hacked for their stupidity.

        • by AbRASiON (589899) *

          I'm going to have to second this guys post - some of the obscure stuff on demonoid was fucking incredible. I could not only find rare foreign films, in the correct (foreign) language but with subtitles AND 720p AND with good seeds.... and often......... and even older ones.

          Seriously though, as a movie buff there were movies on demonoid, in good quality which where incredibly difficult to find anywhere, even legitimately. I do feel a bit bad about getting dodgy copies, I really do but damn it was useful

        • by MeepMeep (111932)

          Same for me, my old account is still there and I logged in.

          However, when i checked for some rare torrents that I knew were there before, they were gone.

          I'm with you on hoping the rare torrents getting seeded again - that was Demonoid's niche in the torrent community

      • by geirlk (171706)

        I did receive the mail. And I was able to login with old credentials.

      • I can tell you they have the old DB. They remember my account login information. I tried several times before getting it to work. Why would they need to phish if they have the DB? Do they need people to login so they can unsalt the passwords from that database?
    • by Pubstar (2525396)
      Everything is there, but the fact that they first tried to host the site in the US makes me really leery of logging back into my account there. I'll just wait a few months and see where things go.
    • Request a password reset. The password reset form requires only a valid username to be entered, and the email address associated with it will receive an option to reset the password.

  • Okaaaay... (Score:5, Insightful)

    by SeaFox (739806) on Saturday May 11, 2013 @04:02AM (#43693341)

    So the Demonoid that was distributing malware was not a fake... so the admins really were sending malicious code to people in an effort to "bring a community back to together"?

    And now they want people to trust them?

    • Re: (Score:3, Informative)

      by PastTense (150947)

      It' can happen on filesharing sites that advertisers have malware on their ads/sites--the firesharing site's administrators should check, but sometimes aren't very conscientious about it.

      • Re:Okaaaay... (Score:5, Informative)

        by Anonymous Coward on Saturday May 11, 2013 @06:10AM (#43693665)

        Hell, we were Europe's leading portal site for years back in 2002, and even we sometimes had malware in our ads!

        It's a tricky business, because you usually have deals with advertising companies who themselves deal with thousands of clients automatically. It is impossible to prevent all malware that way. And it is impossible to manage it all by hand. (It would cost more that the ads earn you.)

        Of course we banned those ads quickly when we found out. But it was really a pointless battle. Even if we'd have done it all manually, the ads still came from foreign servers... by the thousands... and were sometimes changeable after going live. (E.g. Flash ads are unpredictable because closed-source.)
        And we'd be gone bankrupt.

        Hey... we went bankrupt anyway. ;))

        So: Deal with it. Cause it's not going away. Malware in ads is to be expected. Always.

        • by EvilIdler (21087)
          I don't remember how many years ago it was, but a major provider of sports ads in Europe had drive-by infections. The Flash hate really picked up steam in those days :)
        • by aliquis (678370)

          I'm curios what portal site.

        • Re:Okaaaay... (Score:5, Insightful)

          by Rob_Bryerton (606093) on Saturday May 11, 2013 @09:15AM (#43694345) Homepage

          So: Deal with it. Cause it's not going away. Malware in ads is to be expected. Always.

          Or to put it another way, ads *are* malware, and as such, need to be blocked. Just as its standard fare to run AV on (Windows) PCs, all PCs regardless of OS should be running adblockers. Until the online advertising industry cleans up its act (don't hold your breath), everyone should be blocking their trojan-infused crap.

          Some may call this a dishonest justification for blocking ads; I call it safe and smart computing.

          Anybody have a car analogy? I couldn't come up with one. Extra points for working Natalie or Soviet Russia into the car analogy :)

          • by Mantrid42 (972953)
            It's really jarring to use someone else's computer to browse the web. I'm running Opera with an extensive content blocker, and whitespace removal. I forget how loud the vanilla web is.
      • by bmo (77928)

        It' can happen on any site that advertisers have malware on their ads/sites

        Fixed.

        InvestorVillage once had a problem with malware. Blue now pays much more attention to who the advertisers are.

        --
        BMO

    • by Aighearach (97333)

      according to the hosting company, the ads had a malware vendor.

  • Confusing Headline (Score:3, Insightful)

    by Anonymous Coward on Saturday May 11, 2013 @06:10AM (#43693669)

    I interpretted this as:

    The demonoid resurrection was dismissed
    because
    the malware was legitimate.

    Even after reading the summary I was stilll completely lost for about 5 more passes.

    Please write your headlines more clearly.

  • PGP (Score:2, Interesting)

    by Rinisari (521266)

    All this "is it real" crap could have been avoided with a single, PGP-signed message.

    • What exactly would that avoid? It's not the original admins who are doing this, so who exactly among the people doing this, delivering a secure message, would you trust?

      • What exactly would that avoid? It's not the original admins who are doing this, so who exactly among the people doing this, delivering a secure message, would you trust?

        The ones who had keys the original admins had signed as trusted...

Programmers do it bit by bit.

Working...