Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Software Security Technology

uTorrent Quietly Installs Cryptocurrency Miner 275

New submitter Eloking sends news that uTorrent, a popular BitTorrent client, is silently installing cryptocurrency mining software for many users. [uTorrent] brings in revenue through in-app advertising and also presents users with “offers” to try out third-party software when installed or updated. These offers are usually not placed on users’ machines without consent, but this week many users began complaining about a “rogue” offer being silently installed. The complaints mention the Epic Scale tool, a piece of software that generates revenue through cryptocurrency mining. To do so, it uses the host computer’s CPU cycles. ... The sudden increase in complaints over the past two days suggests that something went wrong with the install and update process. Several users specifically say that they were vigilant, but instead of a popup asking for permission the Epic Scale offer was added silently.
This discussion has been archived. No new comments can be posted.

uTorrent Quietly Installs Cryptocurrency Miner

Comments Filter:
  • Why uTorrent? (Score:5, Informative)

    by Anonymous Coward on Friday March 06, 2015 @01:08PM (#49198373)

    For something as important and risky as BitTorrent, why would you use a proprietary client?

    • Re:Why uTorrent? (Score:5, Insightful)

      by greenwow ( 3635575 ) on Friday March 06, 2015 @01:27PM (#49198611)

      It used to be great. It did exactly what you needed it to do and no more. Now it is a bloated mess like Azureus/Vuse. Now when I load UTorrent, my Windows machine slows down so much it is unusable. It loads gigabytes of ads per day. I have ISDN at home right now, and if you let it run 24/7, you can still download a surprising amount of files. That is except with the new version of uTorrent. It makes the ads a higher priority than BitTorrent so your files take days or weeks longer than they should.

      • Re:Why uTorrent? (Score:5, Informative)

        by Anonymous Coward on Friday March 06, 2015 @01:41PM (#49198819)

        Exactly. It was great but not anymore. Either use an old version that had no advertising or switch to something else like qBittorent.

      • by Anonymous Coward on Friday March 06, 2015 @01:42PM (#49198827)

        Torrent used to be great. It had over 100 million users and was the most popular client for years. I remember the first version fit on a floppy, and you could xcopy install it. It was awesome. I did a test of different BitTorrent clients for a PC magazine, and Torrent won easily when it came to download speeds. It beat Vuze, as the poster I'm replying to mentioned, by more than 30%.

        It was small and fast. It did everything you need. Now it is bloated and too slow to leave running when using your computer. Also, it wastes tens of megabytes of bandwidth per day downloading animated ads plus it uses so much CPU to show the ads that it overheats my new Dell laptop. The guy above exaggerated with this gigabytes claim.

        So why was this guy marked a Troll? He is correct. Do we have a Torrent fanboi with mod points?

      • by Lumpy ( 12016 )

        Why are you using any version above 2.2.1?

        That was the last real version.

        • by nmb3000 ( 741169 )

          Why are you using any version above 2.2.1?

          Came here to say exactly this.

          After seeing what version 3 looked like on a friend's computer (code isn't the only thing that got bloated with crap) and reading about the hassle people were having with advertising, user-hostile admins, and finally seeing uTorrent get bought out, I'm glad I never bothered to update past 2.2.1. Some private trackers even block 3.x.

          I've also heard good things about Deluge, so if I'm ever forced into updating I'll probably give that a try.

      • Re:Why uTorrent? (Score:4, Informative)

        by Chris Katko ( 2923353 ) on Friday March 06, 2015 @02:30PM (#49199379)
        Yeah, people forget the 'u' really stood for "micro" torrent. It was tiny, it did what it was supposed to, and that's it. It's slowly become more and more of a monster, but you could at least disable the ad bars in the advanced settings. I refused to upgrade to the newer versions, and it looks like that was a good thing.
      • Re:Why uTorrent? (Score:5, Informative)

        by MagicM ( 85041 ) on Friday March 06, 2015 @02:31PM (#49199399)

        Ads? What ads? Am I the only one who messes with settings?

        Options->Preferences->Advanced
        offers.left_rail_offer_enabled=false
        offers.sponsored_torrent_offer_enabled=false

        I'm sure you should change these settings at your own risk. But it was worth the risk to me.

        • Yes, I adjusted those settings a while ago, after uTorrent started showing video ads with audio. However, in light of this recent news about a silent install of Cryptocurrency miner, maybe its time for me to switch to something like Qtorrent.
        • Re:Why uTorrent? (Score:5, Informative)

          by LinuxIsGarbage ( 1658307 ) on Friday March 06, 2015 @05:01PM (#49200725)

          Ads? What ads? Am I the only one who messes with settings?

          Options->Preferences->Advanced
          offers.left_rail_offer_enabled=false
          offers.sponsored_torrent_offer_enabled=false

          I'm sure you should change these settings at your own risk. But it was worth the risk to me.

          Ads I could deal with (disabling). The problem is going to upgrade to a new version (when offered), you have to be extremely careful when installing to disable all the shitware. What broke it for me was missing the checkbox for conduit once. Conduit hijacks your home page and search engine, and is very difficult to remove. That was it. I stopped using uTorrent after that. Currently I use qBittorrent.

          It's irritating enough to deal with the useless bundled shitware during installation, it's even more irritating to have to carefully opt out of everything when installing an upgrade. Adobe Flash / Reader, and Java are bad at that as well.

      • Deluge (Score:2, Informative)

        by Garybaldy ( 1233166 )

        Try Deluge. It is everything uTorrent used to be.

      • Re:Why uTorrent? (Score:5, Informative)

        by Bacon Bits ( 926911 ) on Friday March 06, 2015 @05:16PM (#49200865)

        I saw the writing on the wall years back. I posted an bug in the official bug forum, and the thread got locked in less than 5 minutes with a complaint that I didn't search. Except I did search. The first line of my post was even, "I searched, and while I found a similar bug, this one is actually different," and went on to explain why. Mine dealt with default column sorting (column A ascending, column B descending), theirs dealt with default column order (changing columns A, B, C to B, A, C). There was no similar request. It was locked so fast, the mod couldn't have actually paid attention to it. Alright, that's kind of stupid, but whatever.

        About half an hour later, I was in a post and made a comment on a different bug. This one was about interface layout, but it seemed to me like there was confusion going on about what the bug was, so I made an image with arrows describing the issue rather well (IMO) since I was able to replicate it. 5 minutes later, my post was deleted and my account was banned. No reason given.

        Contribute to community? Get told to fuck off. I've never encountered such blatant hostility to your own community before, and knew immediately that whatever uTorrent was doing wasn't worth my time. I was so irritated that I uninstalled uTorrent immediately and a found another client even though at the time they were all significantly worse (I started with Transmission, when was just getting popular on OS X, then Deluge, still in beta, then eventually qBittorrent where I've stayed since 1.x days). I didn't even wait for my current torrents to finish downloading or seeding. I have never and will never use any software from that company ever again under any circumstances. They're below Oracle. They're below Symantec. They're below Pearson. I'd install BonziBuddy before uTorrent. It's been a secret pleasure of mine watching those fuckers crash and burn over the last several years.

    • For something as important and risky as BitTorrent, why would you use a proprietary client?

      Glad I ditched it in favour of Tixati months ago.

    • Re:Why uTorrent? (Score:5, Interesting)

      by MrBigInThePants ( 624986 ) on Friday March 06, 2015 @01:58PM (#49199019)
      I switched to http://www.qbittorrent.org/ a while ago.

      Kicks uTorrent's butt in every way.

      If you are too lazy to switch to a better client after it becomes rubbish then YOU are the problem, not them.

      Choice is only meaningful if you can and will exercise it....
      • Transmission is where it's at. It's everything I used to love about uTorrent: small, fast, and unobtrusive.
        • Nah. Its probably a lot better but I am just too fat and lazy to move clients...

          JK. ;)
        • I run transmission on my WD MyBook Live hard drive (it's got a linux variant on it), and connect to it using the desktop client. I cue up whatever I want it to DL, then I can power off my desktop, and let the hard drive (network attached) DL the torrents. My XBMC client(s) just serve the content up from there. No bloatware, no ads, no hassles.

  • Worth it? (Score:5, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Friday March 06, 2015 @01:08PM (#49198379) Journal
    Aren't bitcoins, between the drop in value and the ASIC enthusiasts, at the point where clandestine CPU mining is close to pointless? I realize that free as in stolen has its virtues; but it likely wasn't free to get their shitware, rather than somebody else's, bundled with utorrent, so I'm surprised that it was worth it.
    • Re: (Score:2, Insightful)

      At scale, a world wide army of CPU's will easily crush an ASICs. Mining is about number of hashes per second, one system is slow, an army of misappropriated systems will be very fast.

      • by itzly ( 3699663 )

        At scale, a world wide army of CPU's will easily crush an ASICs

        A million CPUs can crush a single ASIC, yes, but people are running warehouses full of ASICs.

        • Re: (Score:2, Insightful)

          by Jawnn ( 445279 )

          A million CPUs can crush a single ASIC, yes, but people are running warehouses full of ASICs.

          And if they're paying for the space, and the electricity, my army of stolen mining machines is still more profitable. "Anything stolen is pure profit."

      • by jandrese ( 485 )
        It might be somewhat more viable if the client uses the GPU. Then at least you are only behind by an order of magnitude or two. Of course people will start to notice if their GPU fans kick into high gear when they aren't playing games.
      • by jythie ( 914043 )
        I am not sure that is the case anymore. CPU mining was already orders of magnitudes less efficient than GPU, and GPU mining less efficient than ASIC by a similar scale. Even with 'free' CPU time, even on a mass scale, the trickle it would likely generate would be next to worthless.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      The conclusion of your reasoning isn't to be "surprised", but to deduce that they're probably mining a cryptocurrency other than bitcoin.

    • by jdavidb ( 449077 )
      If there's something I can still mine with a CPU that is worth it, I want to know, and I want to install software to mine it myself, and I want to trade it out immediately for Bitcoin or something else. Every so often a currency does pop up where this is true, but it's been awhile. So I want to know what uTorrent is mining.
    • When you're not the one paying the power bill, anything above 0% is worth it.
  • by Anonymous Coward on Friday March 06, 2015 @01:10PM (#49198397)

    Time to abandon utorrent. In fact, time to abandon all software who's owners bundle in adware/malware/anything-other-than-the-program-the-user-is-trying-to-install.

    The only way this practice will stop is if users refuse to download and use software that does this.

    • by juanfgs ( 922455 ) on Friday March 06, 2015 @01:21PM (#49198527)

      If only we have software that we could trust, that we could see the code. And that when one vendor starts doing this, we'd be free for forking the project and making one without the bundled spyware. We could even come up with a license that protects this code, and ensures that everyone that forks the project has to respect the liberties of the user in the same way.

      Ohh well, I guess one can just dream

      • If only we have software that we could trust, that we could see the code.

        That's necessary, but not sufficient. Even Free Software can get bundled with malware if you don't obtain it from a reputable source (e.g., the first-party website or your Linux distro's package management tool). Even previously-reputable download sites like Sourceforge have been guilty of bundling shit.

      • Plenty of GPL'ed software is bundling things like OpenCandy with the installer.
    • No, the time to abandon uTorrent was when they started showing ActiveX ads. That was a while ago. I've been using Transmission running on my DroboFS ever since (which considering that was where most of my downloads were going in the first place ended up simplifying things).

      uTorrent is just the latest piece of software that started off pretty awesome, and was ruined by greed.

    • Re: (Score:3, Informative)

      by DaRanged ( 735002 )
      Basically almost anything from cnet and download.com.. their 'network' installer is sickening.
    • by jandrese ( 485 ) <kensama@vt.edu> on Friday March 06, 2015 @01:49PM (#49198913) Homepage Journal
      This means I have to abandon Java and Flash.

      ...

      I can live with that.
    • by Nemyst ( 1383049 )
      Go grab qBittorrent [qbittorrent.org] instead. Free, open-source, not owned by the Bittorrent corporation.
    • Time to abandon utorrent. In fact, time to abandon all software who's owners bundle in adware/malware/anything-other-than-the-program-the-user-is-trying-to-install.

      The only way this practice will stop is if users refuse to download and use software that does this.

      Wrong.

      The only way this practice will stop is if users stop demanding every damn thing for free and actually come off their wallets and pay for the damn software.

      It is up to the cheap-ass customer to decide whether that is through incessant ad revenue or a one-time charge.

    • Deluge is a good option. I find it to be everything uTorrent used to be.

  • by derideri ( 214467 ) on Friday March 06, 2015 @01:12PM (#49198425)

    A couple of years ago uTorrent started installing adware with their software as well, and everyone either bailed or went back to v2.2.1. So why would anyone be using the most current version of uTorrent anyway?

    • by gbjbaanb ( 229885 ) on Friday March 06, 2015 @01:16PM (#49198467)

      people new to torrenting and need a client might look at old links (there are many on the internet) and go and install the very pretty looking uTorrent, and of course they'll want the latest version.

      Frankly, I ditched it when they started getting shitty with the adware, I moved to qbitorrent which doesn't look too dissimilar from uTorrent and all is good now.

      • by vux984 ( 928602 )

        Seconded, I switched to qBittorrent as well; even before utorrent got truly awful:

        c++ so no dependency on Java; but does require python if you want to use its built in search.

        Opensource / GPLv2+

        So hopefully much less likely to end up the mess that utorrent became.

      • Yeah, I tried out uTorrent a few weeks back after not having played with torrents for a few years. Between the installer that asked me if I wanted to install optional crapware, the in-app advertisements, and some rather obvious things not working right, I promptly uninstalled it within a half-hour. It was bad enough that it made me suspicious whether it was an automated mole for the MPAA/RIAA.
    • by Kjella ( 173770 )

      A couple of years ago uTorrent started installing adware with their software as well, and everyone either bailed or went back to v2.2.1. So why would anyone be using the most current version of uTorrent anyway?

      Laziness, in my case. I've just upgraded with each new version, no crapware has been installed and the ads... I don't spend any time in the uTorrent UI, I don't understand how they make money. I launch torrents and is gone, occasionally I check if something done but it's just open -> scoll list -> yes, launch file or no, oh well. I literally can't remember any product or service they've had an advertisement for. Before that I used Azureus Vuze, but it turned into such a horrible mess. I'm sure there's

  • by Eloking ( 877834 ) on Friday March 06, 2015 @01:12PM (#49198427)
    I'll not post any link here (it's quite easy to Google it anyway), but I suggest going back to utorrent 2.2.1. It's the last stable build without any malware/ads/crap. There's already many torrent site that doesn't allow utorrent version higher than 2.2.1.
  • A very rough estimate reveals that one $400 ASIC mining device for bitcoins that can make about $500 a year profit is equivalent to 150,000,000 i5-2400's running the hashing algorithm. So in other words, realistically, all the computers running uTorrent in the entire world combined would probably make the company about $5 or so, maybe $10 per year. Litecoins running Scrypt don't turn out to be much more profitable either. I actually don't think this news story is true.
    • by itzly ( 3699663 )

      One i5-2400 does 14MH/sec, so 150 million of them can do 2100 TH/sec, which would be $6000/day.

      • I calculated this at 8 MH/s out of my memory and missed a comma but if it's 14MH/s that's only $3,534.62 per day. It's something like a 100:1 loss on electricity at $0.11/KWH by the way. Hurray for efficiency. I doubt they're installed on 150 million i5 systems and running at full blast on all cores for 24 hours a day though. This is still utterly pointless.
        • by itzly ( 3699663 )

          https://alloscomp.com/bitcoin/... [alloscomp.com] says $6000/day for 2100 TH/sec.

          I agree that the installed number is going to be much less than 150 million though. Just pointing out that the math is way off.

        • It's something like a 100:1 loss on electricity at $0.11/KWH by the way.

          except they aren't paying for the electricity, so it's all profit. even if they are only making $100, that's still pretty great. considering they probably spent a week hacking together existing software ... and after that it's zero expenditure and all profit (except what they are paying bittorrent).

        • by ncc74656 ( 45571 ) *

          I calculated this at 8 MH/s out of my memory and missed a comma but if it's 14MH/s that's only $3,534.62 per day. It's something like a 100:1 loss on electricity at $0.11/KWH by the way. Hurray for efficiency.

          Of course, when it's your vict^H^H^H^Husers paying for the electricity and not you, you really don't need to care what it costs.

  • Crap Reports (Score:3, Informative)

    by TimSSG ( 1068536 ) on Friday March 06, 2015 @01:19PM (#49198497)
    "Reports that uTorrent silently installs Bitcoin crapware are... crap" http://betanews.com/2015/03/06... [betanews.com] Tim S.
    • by Holi ( 250190 )
      Yes because that piece was such great reporting.
    • As far as these companies are concerned, not a single piece of punctuation dropped any old place in the middle of there 50 paragraph EULA is 'silent.' See? It's written right there in plain english!

      As far as user behavior goes, silent has a very different meaning.

      Betanews is so heavily riding the tip of the VC backed new tech industry that they are clearly not going to go against any sort of new fangled tech-oriented revenue generating schemes.

  • by mr_jrt ( 676485 ) on Friday March 06, 2015 @01:19PM (#49198509) Homepage

    When they started pulling this crap I switched to something else that apes the older, simpler, cleaner versions: http://www.qbittorrent.org/ [qbittorrent.org]

  • With so many people using laptops these days, all the sudden additional heat, blowing fans and lack of battery life would become immediately obvious.

    You just can't hide CPU-bound processes on machines these days and expect people not to notice. Especially people who are into torrents!

    • by mlts ( 1038732 )

      There are ways to hide a program so that increased CPU life would not be noticed:

      1: Wait for the MSI install/upgrade mechanism to be used, then start using the CPU after it completes. The program installed will get the blame.

      2: Ramp it up over a period of time, so the user gets used to his MBA eating its battery in two hours.

      3: Wait until the laptop is plugged in and the screensaver is on, and hit it.

      It eventually will be caught, but there are ways to keep all but the more astute people from noticing.

      I

  • by jacks smirking reven ( 909048 ) on Friday March 06, 2015 @01:24PM (#49198571)
    I used uTorrent when it was fairly new and it was excellent but in this day and age does it offer anything versus the number of matured open-source alternatives out there? I'm really asking if it has some special sauce that gives it an edge. When it was released one could look past it's closed source nature since it made it's mark being lightweight yet feature packed. Once the major update that brought advertising on-board I saw no reason to use it anymore.

    I've been using qBittorent [qbittorrent.org] for a couple years and it gives me all the relevant functionality without the mess as well as Transmission QT [sourceforge.net] for Windows and Deluge [deluge-torrent.org], I can see no reason to use uTorrent when it's been shown repeatedly to be scum-ware.
  • by Voyager529 ( 1363959 ) <voyager529@yahoo. c o m> on Friday March 06, 2015 @01:29PM (#49198645)

    ...because it's popular.

    Older versions could fit on a floppy disk, and didn't require an Installshield Wizard. Now, it's not at Vuze levels of bloatedness (though Vuze beats to a different drum and has a pretty nice "content store" for Creative Commons content and similar), but it's gotten big and annoying. Transmission works on Windows (...and OSX...and *nix...and plenty of routers and NASes...) and is nice if you don't need RSS feeds. QBittorrent does RSS and is simple to use. Deluge, while being a bit awkward, does a good job. if you're into a super-configurable ecosystem, rTorrent has 101 plugins and browser based frontends, but can also run exclusively from the CLI if that's your thing. The list goes on and on, but utorrent seems to be coasting on inertia, nothing more, nothing less.

    The interesting thing is that a similar "we'll borrow some unused CPU cycles" method of revenue generation caused a huge mess with Digsby, an IM client that was great and had a pretty good following until that point. Then again, with most technical folks opting for one of the plentiful alternatives to utorrent, I don't see this being a major impact.

    • I have seen several people point out this "fits on a floppy" thing. I don't get this, please explain. The reason for using bittorrent is to download large amounts of data as fast as possible, why would it matter if the install is 1.44MB or 10MB?

      If you are already intending to download CD or DVD sized files, why would it matter how big the installer is?

      • by GuB-42 ( 2483988 )

        The 10 MB file is not the problem, the problem is that if everything useful can fit in 1.44MB, then 86.66% of the installer is for things you don't want.

  • I'd run my torrents exclusively on one of my Linux boxes, but none of the clients support proxies. WTF?

    It doesn't matter what I'm downloading.... I'm not hanging my ass out there for potential DMCA abusers to hand out subpoenas.

    • Well, looks like qBitTorrent supports the proxy service.

      I would consider using VPN, but I already have a proxy service and setting up VPN to only run for the torrent on a (relatively) headless Linux box introduces some complications, like being able to administer it over the web.

      I understand the reasoning that removed proxy support from the more popular torrent clients a while back, even if it was incredibly and mindblowingly dumb and naive.

    • Try "Deluge". Supports proxies, is cross platform, and supports RSS.

  • by Nukenbar ( 215420 ) on Friday March 06, 2015 @02:13PM (#49199209)

    Just another reason to have a seedbox for all of your torrent needs.

  • Fortunately, that was a couple of weeks ago, when I wanted to download LibreOffice. I recalled from the last time that "utorrent is the thing". Back then, it didn't do ads. I would have left it installed to re-seed LibreOffice, but it didn't take much getting pelted with "Hottttt Roooskie wimmin are lusting after U" ads for me to remove it, with prejudice.
  • to mine my 6 year old atom "powered" netbook.

    How many millions of years would it take my netbook to generate a bitcoin?

  • by BillX ( 307153 ) on Friday March 06, 2015 @11:04PM (#49202615) Homepage

    All this furor over Epic Scale bitcoin miner, and none over other crud like Wajam that uTorrent installs?

    Have a look at the last image in this article [vice.com]. "...may change your local proxy settings...collect...URLs of the pages you visit...content of encrypted webpages...Wajam may protect itself from other software that tries to wrongfully interfere with it."

    Yikes. Lenovo got spanked pretty hard for packaging advertising malware that MITMs your encrypted sessions, but at least theirs doesn't officially threaten a counterstrike against your antivirus too.
     

    • by ihtoit ( 3393327 )

      yeah, only way I could rip out wajam was to boot into a knoppix session and force-kill the files then boot into safe mode and hack the registry.

      What a pain the fucking arse that was.

  • by Zanadou ( 1043400 ) on Friday March 06, 2015 @11:45PM (#49202739)

    uTorrent alternatives you should have moved on to a long time ago; cross platform clients, with clickable links for the lazy:

    qBittorrent v3.1.12 [qbittorrent.org]

    Deluge v1.3.11 [deluge-torrent.org]

"jackpot: you may have an unneccessary change record" -- message from "diff"

Working...