Shocker: BitTorrent now carrying malware
From Slashdot, an eWeek article describing how spyware-infested files are showing up on BitTorrent. The Slashdot article is, for once, a more signalicious source of information on the topic, since the eWeek writup is full of half-researched nonsense like the following:
Because BitTorrent strips digital files into tiny shreds and reassembles them locally once a user completes a download, it has emerged as the perfect place to bundle adware programs among the bits, without the end user ever knowing.
Just to clarify: this is not how the spyware vector works. The spyware/adware companies are infecting individual movie files and illegal software packages, and then seeding those through BitTorrent. Your BitTorrent client is perfectly happy to let you download the Trojan at your leisure; BT doesn’t care what’s inside a file, it just cares about getting it to you quickly and accurately. The BT protocol is not susceptible to “sneaking bits in” alongside legitimate chunks of your download, because to do so would invalidate the known cryptographic hash (taken from the benign version of the file), tipping your BT client off that the data can’t be trusted.