The Quickest Way to Investigate a Fake BitTorrent Tracker

Anti-piracy groups and malware spreaders have been seeding fake files on BitTorrent for a long time now. They use a mix of open and public BitTorrent trackers and some also decide to set up their own trackers. Here we’ll be looking at the easiest way to find out more information about them.

As you may have been aware we’ve covered a few pieces on how malware and fake files are spread through torrent. We have showed how they get users to install programs such as DomPlayer.

After receiving an email yesterday from a user of ours who pointed out a problem with a torrent for the “Wolfman DVD rip” we decided to check it out and dig a little deeper into this obvious fake torrent. When looking at the file we discovered it was tracked using many trackers but one caught our attention straight away.

tracker.torrentq.com/announce.php currently lists 48,416 seeds and 37,496 seeders for the supposed ‘The Wolfman’ movie, a highly attractive proposition for those inexperienced in dealing with fake torrents.

The stats shown above are indeed fake and have been run from a tracker who has the sole responsibility to deliver fake torrents. The tracker is run on a subdomain of TorrentQ which has been previously shown to be a terrible client. Below we’ll be explaining how we investigated the tracker. This in our opinion is the simplest method to try.

First you need to use “scrape”; this will now make it possible to find out the information about the files which are indexed on the trackers. For TorrentQ the scrape URL is: tracker.torrentq.com/scrape.php. When you are on this site you’ll be given the ability to download the file – “scrape.php”; download it.

This file will have all the information about the files being seeded on this tracker.

Now using the online tool DumpTorrentCGI by DeHackEd browse to the “scrape” file on your computer and change the output type to ‘/scrape’ and click the ‘decode’ button. You’ll be left with a report.

In the report you’ll be able to see that the files are very popular, but you need to remember the stats are fake. To prove this you can use any torrent search site. Every search engine creates its torrent URLs by using a torrent’s hash value. All you need to do is test each torrent using Torrentus or Torrentz.eu followed by the hash value. You’ll be left with comments about the torrent in question.

Source: http://torrentus.to/blog/the-quickes...t-tracker.html