Google's search results lacks moderation

Atlas147

Level 30
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
So awhile back a friend was trying to torrent stuff (I do not condone it and I ask him to be extra careful), and kept running into the same exe file that was being downloaded when he clicked download torrent. He asked me over to take a look, on checking it, the URL was hxxp://summotorrent.com. I quickly noticed this and told him this wasn't the real site although it looked like an exact clone, it was so well done and if you hadn't noticed the URL it would just slip you.

So I decided to analyse the site (in a sandbox of course).

First we find out how he landed on the site, if you google "kickass" on google the first result you get is hxxp://summotorrent.com, and then the real kickass.to next on the list, clearly it shows malicious on WOT.
Screenshot (420).png

Next when you click into the site it is an exact clone of Kickass torrents. Even the links they show for downloading the series shows are only slow by a few days and it even had comments on the page.

Screenshot (422).png
I tried to "torrent" something next, and got this junk, Avast quickly picked up the junk.
Screenshot (421).png
Here are the results from a virustotal scan on the junk.
https://www.virustotal.com/en/file/...35e138cdd5ba13867bb07a29/analysis/1432306342/

Moral of the story is don't think for a second that just because the result is on the first page, that it is the best results :)
 

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
@Hanmin147, good detective work!:):)
Thank you for an important lesson for everyone! The images you'd shared provided a clearer visual understanding for my family about malware sites, torrents, & the Virustotal scans we've often spoken about.;)
 

Atlas147

Level 30
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
@Hanmin147, good detective work!:):)
Thank you for an important lesson for everyone! The images you'd shared provided a clearer visual understanding for my family about malware sites, torrents, & the Virustotal scans we've often spoken about.;)
Always glad to help! :)
 
  • Like
Reactions: Cats-4_Owners-2

Atlas147

Level 30
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
KickassTorrents is a dodgy website. Same applies to summotorrent.

I attempted to download Google Chrome (which is freeware) off summotorrent. Want to know what I found? VT link speaks for itself: https://www.virustotal.com/en/file/...ecfcb288e9ffb121815572c8/analysis/1432317356/

They are full of malicious software, adware, illegal content... On a website like that, you shouldn't expect to be "safe".
I think they just load the same crap on your PC whatever you try to download, and they try to mask from scanning sites by having a "click ok to start download" tab that opens when you try to download something
 
  • Like
Reactions: Cats-4_Owners-2
D

Deleted member 21043

I think they just load the same crap on your PC whatever you try to download, and they try to mask from scanning sites by having a "click ok to start download" tab that opens when you try to download something
After my test, it appears they try to do that very thing. They also have a change in the bytes to create a new MD5 hash for each sample.

I got a direct download link to the sample after analysis with it. I uploaded it (sample) to the Malware Hub and I also tagged you in the thread. Seems the server they use (IP: 54.213.72.9) has been involved in Adware since at least March, 2015 (according to HA as a source).
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Well actually torrent site itself may considered legitimate like KickAssTorrents, ThePirateBay and others; however the collection of files are not always in their control which makes you put on risk. Illegal/cracked software also makes as a trap to violate any victims for piracy.

You may live without torrent except in such instance you need to find like ISO for Windows.
 

Atlas147

Level 30
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
After my test, it appears they try to do that very thing. They also have a change in the bytes to create a new MD5 hash for each sample.

I got a direct download link to the sample after analysis with it. I uploaded it (sample) to the Malware Hub and I also tagged you in the thread. Seems the server they use (IP: 54.213.72.9) has been involved in Adware since at least March, 2015 (according to HA as a source).
Thanks for the help! :D
 
D

Deleted member 21043

Well actually torrent site itself may considered legitimate like KickAssTorrents, ThePirateBay and others; however the collection of files are not always in their control which makes you put on risk. Illegal/cracked software also makes as a trap to violate any victims for piracy.

You may live without torrent except in such instance you need to find like ISO for Windows.
I understand what you mean: I used to think the same way for KickassTorrents however due to the amount of malicious software, adware and illegal content (cracks, pirated content) I'd advise anyone using the site to take care of what they download and run. In my opinion.

The actual website (KickassTorrents) itself is not malicious (this is not what I was trying to say).

If someone needs a ISO for Windows then yes, maybe they would use KickassTorrents. However if it's a simple user they might not even realize they downloaded a *.exe (for this example let's say it's Adware.MultiPlug) and then they run it thinking it's a torrent to start it with their Torrent client (this is the situation with the other clone site @Hanmin147 found)... Of course a user like yourself would know if it's a *.exe downloading and cancel, go back to find a real torrent... But a beginner user? Maybe not.
 
Last edited by a moderator:

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
@kram7750 : Yes in such case, it needs a training eye to analyze which files they download is safe; cause sometimes comments made it very misleading especially the number of seeders and leechers. + No trust at all due to numerous adverts even using adblocker.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top