Demonoid Resurrection Dismissed As Malware Was Legitimate

wo1verin3 writes "Previously reported on Slashdot was a story about a malware attempt masquerading itself as a Demonoid resurrection. It turns out this really was Demonoid making a comeback. With the site now back online with a new host, TorrentFreak caught up with its admins who tell us they have no malicious intent and simply want to bring a community back to together. While there is still uncertainty, one thing is absolutely clear – they do have the old Demonoid database."

Re:

[Anonymous Coward]

Nonsense. Just be careful about what you're downloading; brand new garbage is more likely to get them to extort you than older garbage.

Re:

[Anonymous Coward]

Understand, even in other countries it can be risky.
See, in lost of places there is non-enforcement.
Except, downloading (or uploading, in some cases, is still illegal.
Never think that just because the police are ignoring you now, that they will continue to.
Every time you commit a crime, protect yourself, even if the crime is just.
This can mean obfuscating or just plain hiding.

Re:

[AK Marc]

Except, downloading (or uploading, in some cases, is still illegal.

Downloading is illegal almost nowhere. Uploading is illegal almost everywhere.

Much of the non-enforcement is that a complaint must be lodged before prosecution can happen, and the content owners and rights defenders are waiting for the "best" test cases for their agendas.

umm

[trifish]

WTF is Demonoid resurrection? And why did Slashdot editors not recognize TWO slashvertisments (or "viral ads" or whatever you want to call it) in a row?

Re:umm

[The Rizz]

WTF is Demonoid resurrection?

It's the fourth installment in the Demonoid series, coming after Demonoids and Demonoid^3.

Re:

[RoboRay]

What happened to Demonoid - the Search for More Money?

Re: umm

[Anonymous Coward]

Demonoid was/is an extremely popular torrent tracker that was shut down a while ago. There was always speculation that the site would return, as it had after past interruptions.
Also, as it's a semi-private tracker, it doesn't gain much from "slashvertisements".

Re:umm

[Mikkeles]

Who is Ass King Nicely?

Re:

[Jane Q. Public]

"Who is Ass King Nicely?"

SO so tempting to put one of a list of /. users' names here!

Re:

[Jane Q. Public]

Demonoid was known for its list of "filez" torrents (books, references, etc.) much more than for movies and the like. Its list of such was far more extensive than most other trackers.

Re:

[ron-l-j]

binspam

Re:

[frootcakeuk]

Is it just me or are the trolls out in full force this spring/summer?

A link to it

[tebee]

To save having to read the linked articles it's here http://www.d2.vu/ [d2.vu]

No Seeders anymore?

[Silpher]

Obviously not an expert but Demonoid was dead for so long who is still seeding these old files?
Isn't this ressurrection almost totaly D.O.A.?

Re:No Seeders anymore?

[The Rizz]

Obviously not an expert but Demonoid was dead for so long who is still seeding these old files?

Most torrents seed across multiple trackers and sites nowadays. Even if one site goes down, the same torrent may exist on dozens of other sites, and list the trackers for each of them.

Re:

[thegarbz]

Obviously not an expert but Demonoid was dead for so long who is still seeding these old files?

Most torrents seed across multiple trackers and sites nowadays. Even if one site goes down, the same torrent may exist on dozens of other sites, and list the trackers for each of them.

Yes but how do new trackers announce themselves to existing seeds? Sure if the files were spread to other trackers and Demonoid brought back their tracker on the old domain then the system will just pick up where it left off. However, Demonoid is now restarting on the d2.vu domain so how would any of the current seeded files from Demonoid pick up on this tracker?

They effectively will be starting from scratch, their only benefit is their name, goodwill, and the existence of a database of potential users to w

Re:

[Anonymous Coward]

Each torrent has a hash, if you want you can feed said hash to a recent enough client and it will make a general cattle call about more info. If the info is available it will then use said info to bootstrap the actual torrent download.

This allow the same torrent to be handled by multiple overlapping torrents.

Also, Demonoid operated both public and private tracking. Some of the more obscure stuff was usually only seeded on the private side and that tracker was never apparently shut down.

ovo -hoot

Re:

[willaien]

It looks like this iteration won't even have a tracker, so, there will be no need to announce the tracker.

Re:

[flimflammer]

Sure, sites that used demonoid as the sole tracker will be harmed by this, however many torrents that were on demonoid had multiple trackers. Those are still working quite well. It will take some take for a relaunch to get back on its feet, but it is certainly nice to see.

Re:

[Jane Q. Public]

"Isn't this ressurrection almost totaly D.O.A.?"

First, it hasn't been gone long at all. 8-9 months only. But it did move around a bit before it disappeared.

Second, as for DOA: that's kind of like asking whether a library is DOA because it hasn't added any books in the last few months. Kind of a silly question, really.

It's a trap?

[collet]

Maybe. From the old official IRC channel on p2p-network.net:

"Topic for #demonoid is: OPEN REGS:UNKNOWN; SITE: DOWN; FORUM: DOWN; TRACKER: DOWN;| Welcome to #demonoid. | d2.vu is not demonoid, not run by demonoid admin or staff, and should not be supported. The site could be used to collect your usernames/passwords for their own use. Use at your own risk."

Re:

[uberbrainchild]

I agree, let's just say that there are members that never got that email about it being up. I wouldn't trust that they have the old db and most likely they are just phishing basically.

Re:It's a trap?

[Anonymous Coward]

I agree, let's just say that there are members that never got that email about it being up. I wouldn't trust that they have the old db and most likely they are just phishing basically.

It's the genuine database all right. I just logged in and all the details about my old account are there (including the good old up/dl ratio). I hope in the following weeks rare torrents will get seeded again. Not even pirate bay had the variety of rare torrents that demonoid had.

Re:It's a trap?

[dissy]

Hopefully it's not a password you have used anywhere else.

These people definitely have a copy of the old database, and thus salted password hashes.
Anyone logging in right now is also providing their clear-text password and confirmation if it is the correct password, as well as their IP.

Between the two facts that the government would have spent the time cracking the hashes without much concern over the cost, plus the banner ads that would complicate a sting type operation, it's looking less like a government honeypot.

Still, we know very little about these new admins.
We know the original admins are aware of this and do not approve, and we have been told (by the new admins) that they were given a backup of the database and website for safe keeping in case the original admins needed it to resurrect the site, which has not been disputed by the original admins.

Re:

[SeaFox]

Hopefully it's not a password you have used anywhere else.

These people definitely have a copy of the old database, and thus salted password hashes.
Anyone logging in right now is also providing their clear-text password and confirmation if it is the correct password, as well as their IP.

As it was pointed out in the TorrentFreak article comments, you could always choose to pretend you've forgotten your password and have Demonoid reset it. That provides no confirmation the password they had was correct. The password they have would only be useful on other sites that also use one's email address for username, and honestly anyone not using a spam or otherwise not-their-normal email address for registration for this kind of thing deserves to get hacked for their stupidity.

Re:

[AbRASiON]

I'm going to have to second this guys post - some of the obscure stuff on demonoid was fucking incredible. I could not only find rare foreign films, in the correct (foreign) language but with subtitles AND 720p AND with good seeds.... and often......... and even older ones.

Seriously though, as a movie buff there were movies on demonoid, in good quality which where incredibly difficult to find anywhere, even legitimately. I do feel a bit bad about getting dodgy copies, I really do but damn it was useful

Re:

[SD-Arcadia]

If you think demonoid was good for rare foreign stuff just move over to https://karagarga.net/ [karagarga.net]. Nothing else compares on the net. The catch is private tracker and need to keep ratio.

Re:

[MeepMeep]

Same for me, my old account is still there and I logged in.

However, when i checked for some rare torrents that I knew were there before, they were gone.

I'm with you on hoping the rare torrents getting seeded again - that was Demonoid's niche in the torrent community

Re:It's a trap?

[EvilIdler]

I had an account from 2005, and amazingly still remembered my password. Yep, it's the old DB. What sort of people are running the server is a whole different matter, though.

Re:

[DKlineburg]

Um, stupid question. What if they don't require a user password. So anything you put in gets accepted. And they log what you put in. They just stole your stuff. And you think they have old database? Just asking.

Re:It's a trap?

[Anonymous Coward]

Because I entered the wrong password for my account first and it didn't let me in, then when I used the correct one it did. It also has the correct sign up date on my account profile.

Re:

[Anonymous Coward]

pwgen'd password that isn't used anywhere else, why would I care?

Re:

[EvilIdler]

It took me 4-5 retries before I remembered the right password, of course. They also had my e-mail. At the very least they do have the original database with data going back 8 years. Whether we can trust the admins is still questionable - for all we know they could be setting up the biggest MAFIAA honeytrap yet ;) Also, there is nothing important or identifying on my profile, at least. The e-mail is an alias only used there, the domain is privacy-guarded to hell (and I'm the provider). Never use a real name

Re:

[Lehk228]

This site brought to you by the letters F B and I

Re:

[geirlk]

I did receive the mail. And I was able to login with old credentials.

Re:

[Gallomimia]

I can tell you they have the old DB. They remember my account login information. I tried several times before getting it to work. Why would they need to phish if they have the DB? Do they need people to login so they can unsalt the passwords from that database?

Re:

[Pubstar]

Everything is there, but the fact that they first tried to host the site in the US makes me really leery of logging back into my account there. I'll just wait a few months and see where things go.

If you're concerned... (Re:It's a trap?)

[Laebshade]

Request a password reset. The password reset form requires only a valid username to be entered, and the email address associated with it will receive an option to reset the password.

Okaaaay...

[SeaFox]

So the Demonoid that was distributing malware was not a fake... so the admins really were sending malicious code to people in an effort to "bring a community back to together"?

And now they want people to trust them?

Re:

[PastTense]

It' can happen on filesharing sites that advertisers have malware on their ads/sites--the firesharing site's administrators should check, but sometimes aren't very conscientious about it.

Re:Okaaaay...

[Anonymous Coward]

Hell, we were Europe's leading portal site for years back in 2002, and even we sometimes had malware in our ads!

It's a tricky business, because you usually have deals with advertising companies who themselves deal with thousands of clients automatically. It is impossible to prevent all malware that way. And it is impossible to manage it all by hand. (It would cost more that the ads earn you.)

Of course we banned those ads quickly when we found out. But it was really a pointless battle. Even if we'd have done it all manually, the ads still came from foreign servers... by the thousands... and were sometimes changeable after going live. (E.g. Flash ads are unpredictable because closed-source.)
And we'd be gone bankrupt.

Hey... we went bankrupt anyway. ;))

So: Deal with it. Cause it's not going away. Malware in ads is to be expected. Always.

Re:

[EvilIdler]

I don't remember how many years ago it was, but a major provider of sports ads in Europe had drive-by infections. The Flash hate really picked up steam in those days :)

Re:

[aliquis]

I'm curios what portal site.

Re:Okaaaay...

[Rob_Bryerton]

So: Deal with it. Cause it's not going away. Malware in ads is to be expected. Always.

Or to put it another way, ads *are* malware, and as such, need to be blocked. Just as its standard fare to run AV on (Windows) PCs, all PCs regardless of OS should be running adblockers. Until the online advertising industry cleans up its act (don't hold your breath), everyone should be blocking their trojan-infused crap.

Some may call this a dishonest justification for blocking ads; I call it safe and smart computing.

Anybody have a car analogy? I couldn't come up with one. Extra points for working Natalie or Soviet Russia into the car analogy :)

Re:

[Mantrid42]

It's really jarring to use someone else's computer to browse the web. I'm running Opera with an extensive content blocker, and whitespace removal. I forget how loud the vanilla web is.

Re:

[bmo]

It' can happen on any site that advertisers have malware on their ads/sites

Fixed.

InvestorVillage once had a problem with malware. Blue now pays much more attention to who the advertisers are.

--
BMO

Re:

[Aighearach]

according to the hosting company, the ads had a malware vendor.

Confusing Headline

[Anonymous Coward]

I interpretted this as:

The demonoid resurrection was dismissed
because
the malware was legitimate.

Even after reading the summary I was stilll completely lost for about 5 more passes.

Please write your headlines more clearly.

Not even making sense

[Anonymous Coward]

What the fuck does "as soon as I logged in I was phished" mean? Do you even fucking understand what "phishing" means? How do you even decide you've been phished if this is your only place with this user and pass? (well, no, last one might get you a notice for failed attempt to log in to your mail box, though I don't think I've seen those from many services)

tl;dr: parent's seemingly shilling for some shitty "very useful program", Go away and come with proper MyCleanPC success story.

Re:

[AK Marc]

What the fuck does "as soon as I logged in I was phished" mean?

The only reasonable intrepretation I can think of is "Shortly after logging in, my (previously dormant) registered email received a phish-email."

Why do you assume their error when there's a clear explanation that satisfies the description given?

As far as I can tell, the shitty program he's hawking doesn't even exist. So none of that matters.

PGP

[Rinisari]

All this "is it real" crap could have been avoided with a single, PGP-signed message.

Re:

[flimflammer]

What exactly would that avoid? It's not the original admins who are doing this, so who exactly among the people doing this, delivering a secure message, would you trust?

Re:

[VortexCortex]

What exactly would that avoid? It's not the original admins who are doing this, so who exactly among the people doing this, delivering a secure message, would you trust?

The ones who had keys the original admins had signed as trusted...