Why using Torrents can trap your computer into a botnet
As of 2020, there are 7.7 million IoT devices on the Internet. Most of these devices are not protected by antivirus or some security engine, and some of them fall under the trap of botnets – huge groups of computers controlled by hackers to do whatever they want.
If you ever used a Torrent, your computer might be a part of these huge organizations. In this article, you will find out what botnets are, what they do, and how to prevent turning your machine into a bot controlled by others.
Table of Contents
Disclaimer: You should not download copyrighted material from the Internet using Torrents, as this is illegal and may be punishable by law in your country.
What is a botnet?
A botnet is a cluster of computers called “bots” connected over the Internet, controlled by one entity, and formed to perform a large-scale attack or series of attacks.
The possessors of the hacked devices are unaware that their computer is a bot, or a “zombie”, as such machines are called, and attacks can even be performed without owners realizing. However, being a part of a botnet, your computer may slow down and perform usual tasks slower.
What are some commonly known botnets?
Some currently known botnets are Kraken, Necurs, Emotet, Mirai, GotBotKR. Below you can see in what year they were discovered and what they are known for.
|
Botnet
|
Year
|
Purpose
|
Estimated number of bots
|
|---|---|---|---|
|
Kraken
|
2008
|
It infected 10% of the Fortune 500 companies and was sending 9 billion spam messages a day at some point.
|
495,000
|
|
Necurs
|
2012
|
It corrupted over 6 million computers by 2016 and is commonly known to deliver other malware.
|
>6,000,000
|
|
Emotet
|
2014
|
It is considered the most dangerous botnet today, and it was initially used to steal sensitive banking information.
|
-
|
|
Mirai
|
2016
|
Originally created to hack Minecraft, it now exploits IoT devices using DDoS attacks.
|
380,000
|
|
GoBotKR
|
2018
|
It is still being built in order to perform DDoS attacks.
|
-
|
While botnets are usually used for DDoS attacks, you can see from the example above that bots can also send spam emails, steal sensitive information, recruit other “zombie” machines, do crypto-mining, etc.
What is a DDoS attack?
To understand this type of attack, we firstly must discuss what a DoS (Denial of Service) attack is.
A DoS attack is used to take down a service, an application, or a website by making huge amounts of requests to the software in a short amount of time. This is done to overwhelm the system and temporarily make it unavailable to its normal users.
A DDoS (Distributed Denial of Service) attack is enhanced by using a botnet. Instead of just one machine performing the requests, a botnet is directed towards the target.
This does two things:
- it increases the power of attack since more requests can be made;
- it makes it almost impossible to stop it because you cannot simply block millions of IP addresses without hitting your clients’ too.
What is a torrent?
Torrent is a method to download files and folders from the Internet.
If you’re going to use Torrents to download something over the Internet, you will need two things – the torrent file and the torrent client.
The torrent file is a file that contains metadata about what is to be distributed, participants in the downloading process, and others.
A torrent client is a software that manages those special torrent files and connects the recipient of the to-be downloaded material to the senders. Some examples are BitTorrent, uTorrent, and The Pirate Bay.
Torrent works in a peer-to-peer fashion. That is, the distributed files and folders are not stored in one centralized place but rather on many computers that then connect to others using the torrent client in order to exchange data.
The recipient, called a leecher, receives the data from seeders – users that already own those files.
Why are torrents dangerous?
Firstly, it all depends if what you're downloading is copyrighted or not. It is illegal to download something copyrighted using a Torrent, and it may be punishable by law in your country.
Torrents can be used to download legitimate files, but it is very common to also use them illegally. Considering this aspect, copyrighted material may come with malware such as viruses, Trojan horses, spyware, ransomware, and others.
Besides these risks, you must be aware that by using a torrent illegally, your computer may be trapped inside a botnet without you being aware of this. In this situation, your computer actually starts doing illegal things over the Internet, which might get you even more in trouble.
The botnet GoBotKR has been gathering South Korean victims based on downloads of South Korean movies, games, and TV shows, according to a trusted source. The botnet uses torrents to multiply all across South Korea, China, and Taiwan with the purpose of building up one or more DDoS attacks.
GoBotKR not only uses South Korean and Chinese torrents but also uses BitTorrent and uTorrent clients, which are popular all over the world. The botnet is currently designed to only affect South Korean and Chinese machines, but this could change and spread worldwide.
Besides this, there could be other dormant botnets currently being created, and for sure, torrents are a great way for them to spread. This is why torrents are very dangerous and should only be used properly.
How do you prevent your computer from becoming a bot when using torrents?
- First of all, you should only download legal files. Files that are copyrighted should not be downloaded through Torrent because they can contain various malware.
- Make sure none of your appliances and network devices have default passwords. Set strong passwords for them and keep those passwords safe.
- If you do download files using Torrents, check them with an antivirus.
- Only use torrents paired with a VPN to remain anonymous.
- Make sure to keep your devices up to date by installing any updates and patches that appear.
How do I tell if my computer is a bot? How do I fix it if it is?
Here are the signs that may help you find out if your computer is a bot:
- Excessive resources utilization: a botnet may keep your CPU and memory usage higher than normal.
Press CTRL+Shit+Escape and open the Task Manager. Under the “Performance” window, you can see your CPU and memory utilization.
Your CPU should be at about 2-4% when not using any program, up to 30% when using an Internet Browser. It also depends on what else you're running. For example, if you're playing demanding games or using complex applications, your usage can spike quite a lot. However, if you’re not really using anything too demanding and your CPU usage is abnormally high, it could mean you have a problem.
- Abnormal network traffic: if web applications are very slow or don’t work, your network might be a part of a DDoS attack. You can very easily check your Internet speed on any free speed tester online. On average, download speed is between 12 to 25 Mbps (unless you live in Romania, in which case you’re lucky!)
Of course, slow Internet can mean other things too, but if it's not related to your Internet provider, you might want to check it out.
- Weird processes: press CTRL+Shit+Escape to open your Task Manager and go under the Processes window. Do you see any weird process that you haven’t heard of?
Scroll down to find the processes. Look at them. Do you see any weird process that you haven't heard of that maybe is using a lot of your resources?
- You cannot update your operating system.
- Your antivirus detected malware or, specifically, a botnet infection.
- Check in the Kaspersky database: is your IP among the infected ones?
- Make sure you’re not downloading EXE files unnecessarily; if you’re trying to get a movie or a photo, it should not contain executable files
- Be careful when downloading archives; .zip and .rar files may contain hidden malware.
Make sure to check the archive with an antivirus before opening it and unarchiving the files inside
If you find yourself in any under the above categories, you may want to look further into this. It is important to take action if you think you are trapped in a botnet.
I suggest you use an antivirus that will locate and remove the botnet for you, if possible, or contact your local CSIRT (Computer Security Incident Response Team) for further assistance.
Infographic
I created the following infographic to show what torrents and botnets are, how your computer can become a victim of famous bots, and how you should protect yourself on the Internet.
You should only download files that you know are coming from safe sources because many targets become victims of botnets, with some hackers gathering even 12 million bots under their command.
Conclusion
Using torrents to download something illegally from the Internet comes with huge risks for you. I recommend you make sure you only download legitimate files which are not copyrighted and take all of the precautions when using torrent clients.
Being a part of a botnet is no joke, as your machine may become a weapon against others. Botnets are very dangerous entities that have caused huge financial losses over the years.
If you have any other safety recommendations, please share them in a comment below!
Comments
Your email address will not be published. Required fields are marked