uTorrent server delivered malware for two hours on Tuesday

The H-Security: The BitTorrent company has confirmed that its uTorrent servers were hacked on Tuesday 13 September and, for almost two hours, anyone downloading the uTorrent client software from the servers received a scareware fake anti-virus package instead. The malware package has been identified as belonging to the “Security Shield” family of scareware; once installed, it falsely informs a user that malware has been detected on their machine and requests payment in order to clean the system.

According to BitTorrent, anybody who downloaded the uTorrent client from utorrent.com between 12.20pm and 2.10pm BST is likely to have received the malware instead and should scan their system with a reputable anti-virus package. BitTorrent took down its servers towards the end of this two-hour window to prevent further downloads, and says that they are now running normally again. Originally it was thought that the bittorrent.com server was also compromised, but the company states that, after testing, it does not believe this to be the case; the BitTorrent Mainline/Chrysalis clients were not affected.

VirusTotal Result of downloaded sample: http://www.virustotal.com/file-scan/report.html?id=ecec8a6a9751d58ea125e280117960cf901911e909c3288706208350daf8668a-1316016874

Credit to my friend, ‘Pondus’.