Attackers on Tuesday hacked the uTorrent.com service, replacing the uTorrent software download with a rogue antivirus program that demanded payment from users in order to remove non-existent malware from their machines.
The attack occurred Tuesday just after 4 a.m. Pacific time and the rogue AV download was available on the site for roughly two hours, officials said in a statement. When users attempted to download the uTorrent client during that time frame, what they got instead was a piece of scareware that behaves in the way that scareware does–badly. The attack used a compromise of the uTorrent Web server in order to insert the scareware file.
“We have completed preliminary testing of the malware. Upon installation, a program called ‘Security Shield” launches and pops up warnings that a virus has been detected. It then prompts a user for payment to remove the virus. We recommend anyone who downloaded software between 4:20 a.m. and 6:10 a.m. Pacific time run a security scan of their computer,” the statement from BitTorrent officials said.
The uTorrent client is a freeware client that is published by BitTorrent and enables users to download large files from torrent sites. Torrent users often use such clients to download music, movies and other such files.
Initially, BitTorrent officials thought that the main BitTorrent.com site and the BitTorrent client had been compromised as well, but later discovered that was not the case.