Kurz Posted December 2, 2005 Report Share Posted December 2, 2005 Note I found this post in a thread at AnimeSuki. http://forums.animesuki.com/showthread.php?t=43280I hope I could hear some sort of response on the subject.For all those out there using uTorrent...I just caught uTorrent making cloaked emails to:PROCESS NAME: utorrent.exeURL: 10001264536.0000028728.acesso.oni.pt:110DIRECT IP: 213.58.83.225REMOTE PORT: POP3PROTOCOL: TCPAs long as AVG was monitoring the email traffic directly, it would close the port immediately upon connection and not send anything outward.However, once AVG was not monitoring the traffic anymore, the connection was made immediately and a packet of data was dropped off at that server, and a payload was delivered to my machine and written somewhere.Unlike many other Bittorent clients out there, uTorrent does not open it's source code to anyone. So, anything can be hidden in there. Has anyone found their systems compromised after using uTorrent? Can anyone verify what uTorrent sends and received via this email?This is NOT the "update" process! That does a different connection elsewhere.Another thing I have noticed as well. Once you CLOSE uTorrent, it takes about 2 minutes before it "closes" and the application does not register as uTorrent anymore - HOWEVER - it is still running in the background, but now without a name. It is seeding off files from your machine to Bittorrent networks around the world.The only way to completely close uTorrent is to shut down your machine and re-start it. Dont use uTorrent. Link to comment Share on other sites More sharing options...
ben Posted December 2, 2005 Report Share Posted December 2, 2005 i believe someone said it had to do with some people using ports such as 25(smtp) to send data through the client, and your firewall software thinking its suspicious. Link to comment Share on other sites More sharing options...
Animorc Posted December 2, 2005 Report Share Posted December 2, 2005 That's correct ben. Or rather, they set the port to 25 so that your client is sending data on port 25.And Kurz: If you want more information:http://forum.utorrent.com/viewtopic.php?id=1568http://forum.utorrent.com/viewtopic.php?id=1634 Link to comment Share on other sites More sharing options...
chaosblade Posted December 2, 2005 Report Share Posted December 2, 2005 How many times was this issue raised before? OoAnd i thought AnimeSuki had significantly smarter people.. Link to comment Share on other sites More sharing options...
slayers Posted December 2, 2005 Report Share Posted December 2, 2005 Another thing I have noticed as well. Once you CLOSE uTorrent, it takes about 2 minutes before it "closes" and the application does not register as uTorrent anymore - HOWEVER - it is still running in the background, but now without a name. It is seeding off files from your machine to Bittorrent networks around the world.This is the only thing worth comenting, it still amazes me the reaction that false positives create on ignorant people.It has happened in the past that uT would not close properly and remain in the background. With Task Manager, you could easily shut it down without any ill effects. If the OP can consistently reproduce this behaviour he should report it as a bug. Link to comment Share on other sites More sharing options...
1c3d0g Posted December 2, 2005 Report Share Posted December 2, 2005 That ignorant person who made that stupid post should be taken out back and shot! :mad: Bah! I still can't get over some people's incompetence! :mad: Link to comment Share on other sites More sharing options...
hofshi Posted December 2, 2005 Report Share Posted December 2, 2005 and still, I think that we can try to be a little bit more polite, and less angry in our responses. Link to comment Share on other sites More sharing options...
splintax Posted December 2, 2005 Report Share Posted December 2, 2005 I dunno about 'shot', but I agree that what that person said is completely ridiculous.They have no proof, and if this results in µT getting banned from anywhere.. bah.edit: can someone with an AnimeSuki account reply to that thread and link them back here so they can see what's going on? Link to comment Share on other sites More sharing options...
Firon Posted December 2, 2005 Report Share Posted December 2, 2005 It doesn't take 2 minutes to close, it takes UP TO 15-30 seconds, usually far less (depends on tracker status I guess)I'd post there but I can't be arsed to register I love firewalls, they give so many false positives, and their users tend to not be very smart... Link to comment Share on other sites More sharing options...
Animorc Posted December 2, 2005 Report Share Posted December 2, 2005 Redleer and DWKnight has posted in that topic (and hopefully cleared some rumors). Link to comment Share on other sites More sharing options...
Kurz Posted December 3, 2005 Author Report Share Posted December 3, 2005 Thanks for the inquery. Sorry about this being discused earlier I was searching on the forums though I guess I didnt use the right parameters. I thought it was a false positive so I though why not make a thread in utorrent forums to link too if i get a response for you guys. Link to comment Share on other sites More sharing options...
Firon Posted December 3, 2005 Report Share Posted December 3, 2005 Nope, definitely not the peer's fault...After doing some more research:(1) It is definitely uTorrnet sending the emails - nothing else(2) uTorrent automatically begins to make several hundred connections upon startup now that that one email has sucesfully worked - and I have no torrents in my list to work on - it just starts sending stuff from computer to hundreds of computers all over the place.(3) The email traffic is definitely outgoing email from my computer to elsewhere.(4) I have no idea what the contents of the email actually is yetIn the meantime, I've turned uTorrent over to a security research group. It may take a few days, but I will have some official information about it sometime soon. I have stopped using uTorrent for obvious reasons. It's too bad that a potentially great program has to be marred by stuff like this.Apart from the fact that I'm lol'ing at that last statement (silly firewall users), he's wrong on every damn point, and the security research group is gonna laugh him out of the country as well.This isn't the first time we've had AVG users' e-mail protection go insane like this, or hell, any other firewall (none of them actually examine the packet, they just do port-based filtering)1) No e-mails are being sent, you're just connecting to peers who use a remote port of 25 (the SMTP port). It's regular BitTorrent data. If you honestly are that paranoid, install Ethereal, Winpcap, and capture packets that are using port 25, simple as that... Then you can easily examine the contents (and see that it's just regular BT data)2) The 'hundreds' of connections are UDP packets being sent out for DHT. Since UDP is connection-less, the firewall probably registers every single packet as a connection.3) Read #14) Read #1This is why I don't like the technically less inclined to have firewalls, especially not 'dumb' (ones that don't analyze packets) firewalls that pop up silly alerts like this. But there's not much we can do about it...I'd post this there myself but I can't be arsed to register. Link to comment Share on other sites More sharing options...
Leech_Hunter Posted December 3, 2005 Report Share Posted December 3, 2005 That guy/gal koitenshi should drag himself away from his japanese cartoon shows & read some books on networking & security topics...perhaps the embarrasment at being so wildly wrong will make him/her commit seppuko Link to comment Share on other sites More sharing options...
bleh Posted December 3, 2005 Report Share Posted December 3, 2005 Whaha, this is just too much Seriously, it's pretty bold making these kinds of accusations if you can't even analyse one packet Firon, you're right on the money with using etheral, in fact... I'm doing my first lab session next week with that application Link to comment Share on other sites More sharing options...
ColdArmor Posted December 3, 2005 Report Share Posted December 3, 2005 READ THE FAQ Link to comment Share on other sites More sharing options...
stevvi Posted December 3, 2005 Report Share Posted December 3, 2005 Hmm... I am amazed at all this. Seeing that Ludde is clever enough to make uTorrent as good as it is, I am quite sure that, if he so wished, he's clever enough to enable spyware in a far more subtle and less detectable way than sending out damn emails... especially knowing how paranoid the BT community is.I am in no way inferring that uT does actually contain spyware Link to comment Share on other sites More sharing options...
1c3d0g Posted December 3, 2005 Report Share Posted December 3, 2005 That ill-informed Koitenshi person should've kept his mouth shut and be thought a fool, than to open it and resolve all doubt, which in this case, he has. :mad: Link to comment Share on other sites More sharing options...
ColdArmor Posted December 5, 2005 Report Share Posted December 5, 2005 especially knowing how paranoid the BT community is.Where have I been? Link to comment Share on other sites More sharing options...
Firon Posted December 5, 2005 Report Share Posted December 5, 2005 every community on the internet is paranoid Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.