20 comments

[ 0.25 ms ] story [ 63.0 ms ] thread
(comment deleted)
For the curious, the magnet link is: magnet:?xt=urn:btih:a4a75d2e4095d457467777673e96cd331575b511&dn=AF

file(1) has nothing to say about it but at a glance it doesn't look like a uniform encrypted blob...

That whole list is kind of fascinating. Interesting to see the movies and shows that are particularly popular when it comes to piracy (Marvel, Marvel, Marvel...)
..and GTA San Andreas? That game is more than 10 years old!
I'm going to guess at a password database of some kind, perhaps a "rainbow table". There seem to be frequent occurrences of long strings of the alphabet. Byte value counts are almost equal.
Aren't rainbow tables EXTREMELY large?
If I was making a botnet I would use the DHT to download updates, settings etc. Not sure what else.
P2P update for a videogame?
Looks like this piece of Windows malware: https://malwr.com/analysis/NDI4YmUxNjM0ZTUwNDY0OWFhNjM3YzFiZ...

It uses a data file called AF.dat and connect to bittorrent.

Aha, the long .torrent file it drops matches the magnet link too. The MD5 of AF.dat from that page doesn't match what I've got but maybe it gets modified...
(comment deleted)
There's another curious entry too, "x86", with filenames consisting of a random collection of unzipping .dlls and other weird stuff... Why would anyone want to torrent such a seemingly useless collection of random files?
I think this has something to do with a Korean antivirus program called ALYac.
i'm pretty sure the most popular torrent in the DHT doesnt have 644 downloads in the last week.

this must be measuring downloads/hits from btdigg.org (only), so someone is linking directly to it and relying on them to jump clients into the DHT perhaps?

I can't imagine btdigg can scrape the whole DHT, but I think the idea is that the traffic they see by running many "fake" nodes is proportional to the whole, because the DHT spreads all traffic around fairly equally? I'm presuming they're using a method similar to the one presented here: https://www.usenix.org/legacy/event/woot10/tech/full_papers/...