Technology / 99 per cent of torrent mirrors adding malicious scripts to content

99 per cent of torrent mirrors adding malicious scripts to content

Nearly all torrent site proxies - used to access blocked websites - are delivering extra content, often with "malicious intent", according to research.


99.7 per cent of the mirrors were found to be injecting additional JavaScript into traffic, serving content including malware and click fraud.

Researcher Gabor Szathmari compared the original content provided by torrent site The Pirate Bay to that provided by the proxies to check for additional scripts.

He found that only 0.3 per cent of the mirrors left the traffic untouched, with the vast majority of them adding four or five new scripts to the mirrored website.

Szathmari noted that these could be “innocent” Google AdSense placements, but that they could also include “dodgy scripts serving drive-by downloads and exploits”.

Among the malicious content discovered were fake Adobe Flash Player update pop-ups that directed users to download malware to their systems.

The researcher also found that an additional script was carrying out click fraud by generating views for “some car racing videos” in the background.

For more on the study, see Gabor Szathmari’s blog.

When your business is hit by a cyber attack, how should you respond? Find out this September at the R3 conference in London.


Get our latest features in your inbox

Join our community of business leaders