Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

uTorrent installs Bitcoin miner on customers' machines


  • Please log in to reply
29 replies to this topic

#1 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:20 PM

Posted 06 March 2015 - 08:25 AM

Warning: EpicScale "riskware" silently installed with latest uTorrent

One more reason to not use torrent software.

Credits to Malware Study Hall Sophomore iangcarroll for sharing this with me.

Edit: Apparently users can opt out as per Malware Study Hall Admin Elise's post in #3 down below - it's the users that are not looking.

Still, I do not approve of bundling anything in with legistimate software ever.

Alex


Edited by Elise, 06 March 2015 - 08:50 AM.


BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:06:20 AM

Posted 06 March 2015 - 08:30 AM

Well, time to change torrent client, this is just not acceptable. Also, I made a member uninstall that program from its computer yesterday, I'll try to find the thread.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,599 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:20 PM

Posted 06 March 2015 - 08:45 AM

Actually they inform the user quite clearly, a lot more so than many other vendors. Especially the Accept Offer and Decline Offer buttons are a lot less confusing that the usual "Next" button IMO. It is still bundling and could be qualified as PUP. Also, I wouldn't call EpicScale a coin miner, its more a form of distribute computing (for example like Folding@home).

 

utorrent-es.png 


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,599 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:20 PM

Posted 06 March 2015 - 09:04 AM

To add to my previous post.... Actually I find it funny nobody comments on the Skype offer that comes after EpicScale, which is a lot less ethical, see screenshot ("I do not accept" is greyed out and looks like its not an option although you can just tick it).

 

utorrent-skype.png 


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Sintharius

Sintharius

    Bleepin' Sniper

  • Topic Starter

  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:20 PM

Posted 06 March 2015 - 09:06 AM

Probably because Skype is a legit app and can just be uninstalled if you accidently got it, while EpicScale is something else?

#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:06:20 AM

Posted 06 March 2015 - 09:13 AM

This is the first time I've seen Skype as a bundled app. Microsoft programs being bundled, this is something.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,588 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:20 AM

Posted 06 March 2015 - 10:00 AM

Microsoft has been bundling Bing and MSN for a while so I'm not surprised to they are doing the same with Skype ...see Even Microsoft is Doing the Bundling Nonsense
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:06:20 AM

Posted 06 March 2015 - 10:07 AM

I can understand that they try to bundle Bing, since it's not as popular as they want it to be, but Skype. Pretty much everyone have it, uses it or wants to install it, hence why it surprises me.

Also, here's the thread where a user on BleepingComputer have EpicScale installed:

http://www.bleepingcomputer.com/forums/t/566617/bsod-after-bsod-after-bsod/?hl=%20epicscale

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,599 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:20 PM

Posted 06 March 2015 - 10:13 AM

Not the first time I see Skype really, I can't recall what bundler included it, but its really not the first time.

 

As for legitimate, EpicScale is not more or less legitimate than Skype, it is i just a different application. They don't hide what they do; distributed computing is by no means illegal. It is only illegal if CPU cycles are used without the user's knowledge, which is not the case as you can see in the first screenshot I posted (if you scroll down the license agreement, it is quite clearly stated what it does).


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Sintharius

Sintharius

    Bleepin' Sniper

  • Topic Starter

  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:20 PM

Posted 06 March 2015 - 10:17 AM

Information sources are conflicting here Elise... In your screenshots I clearly see that they ask to install EpicScale, yet others are reporting that it installs without their permission.

Maybe I should try it out myself and see what gives.

#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:06:20 AM

Posted 06 March 2015 - 10:23 AM

Well I can try to update my uTorrent tonight and see if I get this message. I've been pushing back it's update for long enough anyway. Let me know how it goes for you too Alex!

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Sintharius

Sintharius

    Bleepin' Sniper

  • Topic Starter

  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:20 PM

Posted 06 March 2015 - 10:39 AM

They did ask to install EpicScale, it seems.

5_zpstypzusdh.png

However...

1) When I started the installer, right after I accepted UAC warning then MBAM popped up with a warning about OpenCandy;

2) Instead of Skype I got an offer of some weird music album bundle. Needless to say I declined it.

Still a reason to get another client if you use torrents (for legit purposes). There are plenty of those out there without all the crapware and ads.

Alex

#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:06:20 AM

Posted 06 March 2015 - 10:42 AM

I guess they offer Skype if you don't have it installed. I should test it in a VM without Skype and see if they prompt it or not. It's like Adobe products. If you download it from Google Chrome, it offers you McAfee Security Scan Plus but if you download it from another web browsers it offers Google Chrome and the Chrome Toolbar.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,599 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:20 PM

Posted 06 March 2015 - 10:43 AM

1) When I started the installer, right after I accepted UAC warning then MBAM popped up with a warning about OpenCandy;

 

See utorrent's UELA, it uses OpenCandy. Hence the warning.

 

2) Instead of Skype I got an offer of some weird music album bundle. Needless to say I declined it.

 

I got that as well, but iirc it was a bundle in torrent format with some "exciting stuff i really wouldn't want to miss out on".


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Sintharius

Sintharius

    Bleepin' Sniper

  • Topic Starter

  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:20 PM

Posted 06 March 2015 - 10:46 AM

I got that as well, but iirc it was a bundle in torrent format with some "exciting stuff i really wouldn't want to miss out on".

I didn't see the "exciting stuff i really wouldn't want to miss out on" part, but that's probably because I did not bother to look.

Alex




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users