Torrent Trouble: Demonoid Resurrected Or Massive Malware Scam?

  @ryanWneal on May 09 2013 12:11 PM

Has Demonoid, one of the most popular torrent trackers of all time, returned? Or is it an elaborate phishing scam looking to infect millions of computers with malware?

[[nid:1248405]]

Former Demonoid users received an email on Wednesday morning from a website called D2.vu, which claimed to be the resurrection of the torrent tracker.

“The heart and soul of Demonoid lives on” said the email, which claimed that “safe hands” from the torrent community obtained Demonoid’s database from the former Ukranian servers and planned to relaunch it. The email also included an invite to join, and said the website wouldn't give out new invitations until the system was stable. The fact that the message reached the email addresses registered to Demonoid accounts supported the claim that D2.vu did, in fact, have access to the torrent tracker’s database. 

It wasn't long before red flags were raised by the torrent community. While the email claimed that D2.vu was registered in Hong Kong, TorrentFreak discovered that it was actually hosted by a company called RamNode based in the U.S. RamNode detected malware at the domain and immediately suspended it. They also recommended that anyone who logged in to D2.vu immediately change their usernames and passwords if they use the same login for other sites.

D2.vu is back up and running on a new domain outside of the U.S, and the admins claim that the website has no malicious intent. They just want to reconnect the infamous torrent community.

“We completely understand the community’s need to be cautious and questioning,” an anonymous D2.vu admin told TorrentFreak. “We aren’t phishing or pushing malware or attempting anything malicious. We intend to do our best to keep the site up and current. It’s in the hands of the community to participate as they did before to co-create and thrive.”

During its heyday, Demonoid was one of the largest and most beloved torrent trackers on the Internet, ranking No. 538 on the list of most popular websites in 2010. Demonoid boasted a massive collection of movies and music, as well as an engaging and active discussion forum for its users. A huge DDoS and hacker attack in July 2012 crippled Demonoid, and its Ukranian servers were seized shortly thereafter. Demonoid's millions of torrent users have waited anxiously for a return.

D2.vu doesn’t have a discussion forum, nor does it have the very thing that made Demonoid famous in the first place: A torrent tracker. Every torrent on D2.vu is tracked by outside sources, making it more like an invite-only version of The Pirate Bay.

The admins say this was done to avoid the legal scrutiny put on peer-to-peer file sharing websites, adding that the new torrent website is a “work in progress.” TorrentFreak tested several Demonoid logins, and all of them worked, supporting the claim that D2.vu is using Demonoid’s old database.  

RamNode eventually eased its original position, saying that D2.vu may not be intentionally hosting malware. A spokesperson said the malware alerts may have been triggered by an ad banner.

This isn’t the first time a fake website has tricked users. A Demonoid.mk caused massive confusion in March. D2.vu is also an independent effort and not affiliated with the former admins of Demonoid.

Torrent users should proceed with extreme caution. 

Follow Ryan W. Neal on Twitter

Join the Discussion