Uploading fake files to file-sharing networks is nothing new. Older networks such as KaZaA’s FastTrack and LimeWire’s Gnutella have long been a haven for junk and malicious files but as more and more people migrated to BitTorrent, it naturally became a target.
Uploading fakes to a BitTorrent network is relatively easy, but keeping the torrents active is a much more difficult task. The moderation teams on private trackers remove fakes as soon as they appear - if people are stupid enough to even try to upload them. Other directories such as The Pirate Bay and Mininova, however, are more difficult to police due to their open nature but these sites continually battle fakes too.
There are several forces driving this phenomenon. Of course, the likes of the MPAA and their partners like to upload fakes in order to waste downloader’s time and to monitor their activities. That said, there are others who are uploading fakes in order to make themselves money, with many of the fakes simply encouraging the use of malware such as Domplayer, or sending the user ostensibly to get passwords to view the video, but in reality directing them to spammy sites.
Unless you’ve been on Mars for a few years, you will be aware that aXXo is one of the strongest BitTorrent-related brands and as such, the aXXo name is ripe to be exploited with fake torrents and the schemes behind them. This morning, Mininova was bombarded with hundreds of fake aXXo torrents linking to various malware and spam schemes. Luckily the moderation staff at Mininova are very much on the ball, and their skills and experience allowed them to remove them very quickly. Indeed, the thousands of users at Mininova also help by informing the site that a torrent is not what it should be, but it’s an on-going battle.
When a fake is removed from the site, the IP address of the uploader is also banned, meaning that unless the uploader gets himself a new IP, he won’t be able to upload any more. However, the problem is a lot deeper than just the odd person here and there uploading a fake. Just recently malware and spam peddlers have been advertising online for people to work for them on a freelance basis, uploading fakes to torrent sites and getting paid for each one. Hundreds, maybe thousands of people have taken them up on their offers, getting paid around 20 cents for each successful upload. The scammers mitigate the effects of their worker’s IPs being banned by torrent sites by advertising for people with dynamically assigned IP addresses, while encouraging them to use proxies.
We spoke with Moe1210 at Mininova who told us that for them, although time consuming, the aXXo fakes are easiest to spot, and they are often removed from the site in a matter of minutes. However, due to these teams of hired individuals doing the uploading, the sheer number of fake torrents is significant. Even though the mod team are checking the site every 5 minutes, sometimes in that period 50 fakes could’ve been uploaded. On a regular day, the amount of fakes uploaded can reach 2,500.
In the ongoing battle the scammers are getting a little smarter, adjusting the way they operate as the challenge is met by Mininova. They became aware that at certain times of the day the fakes stayed on Mininova for longer periods before being removed, which was down to fluctuating staffing levels due to people having to sleep, rest and venture back into real-life every now and again. To counter this, Mininova now have a worldwide team which cover the major time zones.
Speaking of fake aXXo torrents, Moe1210 told TorrentFreak, “It’s a pretty pointless task uploading a torrent with aXXo in the title trying to trick people [on Mininova]. I’d say that 75% - 80% of our members know that if the torrent is not from aXXo’s account, its fake - meaning, if they check the ‘general’ tab and aXXo’s name is not in red letters, it’s fake! They [the scammers] have no way of spoofing this.”
Many fake torrents are using a tracker located at h**p://bt9.c7q.fast1010.info, which is hosted with Ecatel in The Netherlands. In order to trick users into believing the torrents it tracks are real, the tracker is faking the download statistics, as can be seen with this fake on TorrentPortal, which at the time of writing is reporting 76278 seeders and 82380 leechers.
The torrent contains an unusable video and a password.html file which claims to reveal a password to play the file, but instead leads the user into a quagmire of spammy sites.
Subject: Fake aXXo Torrents Bombard BitTorrent 
Sun Mar 15, 2009 1:57 pm
