Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Former Demonoid Members Receive Email Claiming Resurrection, Get Malware Instead

Unknown Lamer posted about a year ago | from the probably-riaa-conspiracy dept.

Piracy 62

New submitter giveen1 writes "I recieved this email as a former Demonoid.me user. I tried to go to the website and link is dead. ... 'Dear Demonoid Community Member, We have all read the same news stories: The Demonoid servers shut down and seized in the Ukraine. The Demonoid admin team detained in Mexico. The demonoid.me domain snatched and put up for sale. The Demonoid trackers back online in Hong Kong, but then disappearing. ... Now for some good news: The heart and soul of Demonoid lives on! Through an amazing sequence of unlikely events, the data on those Ukrainian servers has made its way into the safe hands of members of our community and has now been re-launched as d2.vu.'" But it turns out that the site was distributing malware, hosted on an American VPS, and quickly shut down after the provider discovered this. No word yet on how the Demonoid user database was acquired, but if you did make the mistake of trying to log in Torrent Freak warns: "New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

cancel ×

62 comments

Sorry! There are no comments related to the filter you selected.

sad pants (2)

Anonymous Coward | about a year ago | (#43665755)

I miss Demonoid

Re:sad pants (0)

Anonymous Coward | about a year ago | (#43666025)

I don't... got better things to do than try to get on their membership list to access the private tracker for the six seconds they might deign to offer some type of enrollment to the unwashed masses. That, or find some warez hound that is in with the admins enough.

Easier to use the Source That Is Not To Be Mentioned... and one won't get a motion of discovery request from the RIAA/MPAA/BSA either. The warez scene got old in the days of 2 digit #warez channels on IRC.

Re:sad pants (1)

Anonymous Coward | about a year ago | (#43666459)

If you had some friends, they could have sent you an invite

Being an anonymous internet troll, apparently you didn't have any.

Re:sad pants (1)

bmo (77928) | about a year ago | (#43669689)

Or you could have just signed up on Thursdays when registration was completely open.

Or if you weren't a complete dick, people would have fired invites over to you. I had more than I knew what to do with.

--
BMO

Re:sad pants (0)

Anonymous Coward | about a year ago | (#43724263)

Try demoniod.mk. It has been running for about 6 months.

Not much to speculate about (0)

Anonymous Coward | about a year ago | (#43665783)

No word yet on how the Demonoid user database was acquired

Well, it's either the law enforcement or the record companies got hold of the user database. Whoever it was decided to sell the database to scammers.
I don't know about the Ukrainian police but I know that many record companies have done even sketchier stuff in the past (As in outright illegal.) so I'm not really surprised.

Re:Not much to speculate about (0)

gsslay (807818) | about a year ago | (#43666173)

Yeah, cos no-one else would dream of infecting the community members of Demonoid. And every single person who wandered within snatching distance of that data, as it was pushed from one backstreet ISP to another, all have impeccably highest of high morals. It must be the feds or the evil record companies. No doubt.

Re:Not much to speculate about (1)

westlake (615356) | about a year ago | (#43666337)

Well, it's either the law enforcement or the record companies got hold of the user database.

More likely to be an inside job. More likely and more profitable.

Good Advice (4, Insightful)

DarthBling (1733038) | about a year ago | (#43665793)

"New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

Yup. After all those LinkedIn passwords were leaked last year, I wised up and changed the passwords to all the websites I visit each to something different. So now if my username/password combo is compromised, it's only good for that one particular website.

Re:Good Advice (1)

gstoddart (321705) | about a year ago | (#43665833)

I'm more shocked that people have been doing that all along.

This has been good security practice for a very long time.

Re-using login/password combos has always been a bad idea.

Re:Good Advice (3, Funny)

war4peace (1628283) | about a year ago | (#43665861)

Depends. If your password is complex enough, then you can use one for a core of websites (2-3 most secure).
And for all the ever-so-many bullshit websites you don'r care about, you can have the same U/P combo; if it gets hacked, you lose access to many bullshit sites you don't care about. Good. Losing my miniclip account would only translate as more free time and better productivity :)
That's why my password there is "12345" - same as my luggage's...

Re:Good Advice (1)

Pentium100 (1240090) | about a year ago | (#43666015)

Not everybody can remember many different passwords that do not follow some pattern (like "asd!@#slashdot"). So, you either need to use some sort of password database (hope it's accessible from any device and that its password is not compromised) or only a few passwords.

Re:Good Advice (1)

Noughmad (1044096) | about a year ago | (#43666087)

That's why it's good practice to use password patterns. They are easy to remember, and offer reasonable security against automated attacks. Anyone who sees one of your passwords can easily deduce the others, but it takes just enough effort to require a targeted attack.

Re:Good Advice (1)

neminem (561346) | about a year ago | (#43666417)

This. This isn't at all similar to my password to anything, but the sort of thing I switched to doing a few years ago, after some other site I used my (at the time) "more secure" password got hacked - if, for instance, my old password I'd used for everything was asdf!!11, I might have changed it to gasdf!!11l for gmail, sasdf!!11t for slashdot, etc. Something like that. (That isn't the actual pattern I use, either. :p) Just as easy to remember, but a hacker would have to have a reason to specifically want *your* account info, rather than just hitting easy targets.

Re:Good Advice (1)

FictionPimp (712802) | about a year ago | (#43666451)

lastpass.com

Re:Good Advice (2)

Salgak1 (20136) | about a year ago | (#43666591)

PassWORDs ??? Stopped using those years ago, PassPHRASES are the way to go. . .

*Be-beep!* Error! (0)

Anonymous Coward | about a year ago | (#43667141)

Your password must be 8-12 characters long. PassPHRASES, ha!

PS: It must also contain at least one digit and symbol, not contain spaces, not repeat any of your previous 5 passwords, can't contain swearwords (or any dictionary words at all, if we're at it) or use name or surname of any of your relatives up to three degrees removed. Have a nice day.

Re:*Be-beep!* Error! (1)

mark-t (151149) | about a year ago | (#43667639)

Interesting requirements. Most of them are even practical... other than the one about surnames of relatives, because that would be impossible to do without already having an exhaustive list of all relatives within 3 degrees of the individual, not the least problem of which that it is not necessarily a static list, and the logistics behind keeping it up to date alone would probably make the endeavor infeasible.

The next step. (0)

Anonymous Coward | about a year ago | (#43665795)

Is to get this information into the hands of a Nigerian Music Executive.

Obligatory XKCD (5, Funny)

Anonymous Coward | about a year ago | (#43665817)

Re:Obligatory XKCD (-1)

Anonymous Coward | about a year ago | (#43665901)

Your mom.

Re:Obligatory XKCD (1)

chromas (1085949) | about a year ago | (#43667461)

WRONG! [xkcd.com]

Re:Obligatory XKCD (0)

flayzernax (1060680) | about a year ago | (#43666001)

Call of duty sucks and I call shenanigans on anyone cool at google who's been alive for more then 15 years thinking call of duty is any good.

Re:Obligatory XKCD (1)

zlogic (892404) | about a year ago | (#43666615)

They should revise Google's punchline to "Now let's shutdown everything and watch civilization collape".

Re:Obligatory XKCD (0)

Anonymous Coward | about a year ago | (#43667891)

Let civilization collapse... or use Bing?

People still use common credentials? (2, Insightful)

Anonymous Coward | about a year ago | (#43665851)

Look, I know credential soup is a pain in the rear, but if you want to protect yourself online, it's essential these days. I follow an approach like this:

Tier 1 - For ultra important stuff, such as banks, online merchants, and credit cards. These credentials are very, VERY long and random. Good luck cracking those while I'm still alive.

Tier 2 - For less important stuff, like MMOs and websites I frequent. They'll still be fairly unique, but I'll use some mnemonics to aid myself here and reduce the headache without sacrificing too much security.

Tier 3 - For everything else, especially those damn one-off sites that demand you create an account before you use them. These credentials are usually pretty common, as they're mostly disposable junk anyway and not connected at all to my main stuff.

Oh, and one more thing: use yahoo or other disposable email addresses for Tier 2 or Tier 3 sites. Banks and credit cards should use a unique e-mail address that is not connected in any way to anything else to limit the effectiveness of keyloggers and phishing attempts.

Re:People still use common credentials? (5, Insightful)

hedwards (940851) | about a year ago | (#43665911)

Or just use something like keepass and give them all strong passwords. It's not like you're going to be remembering hundreds of passwords anyways. Last count I had over 400 log ins and little or no clue as to how many of them I actually will ever need to use again. For most people, even a dozen passwords is more than they can reliably remember.

Re:People still use common credentials? (1)

gstoddart (321705) | about a year ago | (#43665993)

Last count I had over 400 log ins and little or no clue as to how many of them I actually will ever need to use again

Holy crap, that's a lot ... I'm not sure I've had 400 different logins over the last 25 years.

Re:People still use common credentials? (1)

hedwards (940851) | about a year ago | (#43666311)

Well, keep in mind that everybody demands a log in these days and often times just to view something that you might not want to ever use again. That's probably 15 or so years worth of accounts that I've created and many of them are probably no longer usable, but it's not really worth going back through all of them on a regular basis.

Re:People still use common credentials? (0)

Anonymous Coward | about a year ago | (#43666073)

I don't use anything like that because if it fails due to corruption or something else, you're now locked out of everything and have to do a LOT of work to recover.

If you use a password regularly, you will memorize it.

If you don't, you won't.

Re:People still use common credentials? (1)

hedwards (940851) | about a year ago | (#43666333)

That's what backups are for. You're not going to memorize more than a dozen good passwords, and especially not if you're changing them regularly. I can back up my password database every day and then I don't have to worry about corruption or something else.

The only real downside to it is if my password to the database is stolen. But, then again, they would also have to steal the file itself and the 2nd factor to it.

Re:People still use common credentials? (1)

flimflammer (956759) | about a year ago | (#43666981)

I've found myself using that program only because sites like to enforce their own ideals about what a secure password is, rendering my actually secure password "weak" by their standards. So I keep track of those rogue sites by recording which variant I need to use for that special snowflake website.

Re:People still use common credentials? (1)

Anonymous Coward | about a year ago | (#43667477)

For those random accounts on random website, better to use a site like bugmenot.com. If they don't have a login for the site, post yours there. A good practice is to also use a disposable email address that others can access. That way when some jerk changes the password another user can reset it back.

Re:People still use common credentials? (1)

Kanasta (70274) | about a year ago | (#43670647)

Or better yet, a keepass that holds keys to other keepass databases. Seeded with fake logins.

I remember Demonoid (0)

Anonymous Coward | about a year ago | (#43665855)

Wasn't that the site where you never sign up, because the sign-ups were always "closed for the week"? Or they had permanently run out of user space or something? I could never get a login, so I rarely used the site. Bah, good riddance.

Re:I remember Demonoid (1)

X0563511 (793323) | about a year ago | (#43666221)

You just needed an invitation from someone who had an account.

The reason those didn't get tossed around willy-nilly is that you were held accountable for the problems caused by people you invited.

For example, had I invited you, and you got banned for uploading porn torrents, I would be banned as well (and perhaps everyone else I invited)

Re:I remember Demonoid (1)

neminem (561346) | about a year ago | (#43666375)

I had an account there, used it occasionally (when my primary private torrent site didn't have something). I'm curious how you "rarely" used it, if you didn't have an account... wouldn't that be "never"?

Relying primarily or entirely on invites for new members is pretty common for sites like that. Demonoid was just a lot more *famous* than most of them. Which explains why it got axed, and a bunch of other, smaller, less famous (but still highly active) torrent sites are still up.

What kind of malware? (1)

K. S. Kyosuke (729550) | about a year ago | (#43665857)

As in, would it justify renaming the site as 'Daemonoid'?

Re:What kind of malware? (3, Funny)

Freshly Exhumed (105597) | about a year ago | (#43666013)

All I wanna know is if downloading the malware affects my ratio?!!!

Oh Well (1)

Oronar (942125) | about a year ago | (#43665951)

Supposed I should have been more suspicious that searches failed. But I was hopeful it was just some sort of database failure explaining why I couldn't login. Whatever. I didn't use that password for anything else, spammers. Have fun with it.

Although this raises the question why even make a functional password reset form? I tried it after my login didn't work and they sent me a new one.

Re:Oh Well (0)

Anonymous Coward | about a year ago | (#43666031)

Hahah, noob. ;)

Yeah, I got there too late and the site was already down... but I was actually planning to look around, then wait 24 hours (to see if reports popped up that it was some sort of MAFIAA scam) before trying to login with my demonoid account, honest! (Actual truth, not that anybody should believe me.)

Re:Oh Well (1)

wagnerrp (1305589) | about a year ago | (#43666125)

Perhaps they were expecting you to log in with it, and set it back to your original password?

Re:Oh Well (1)

Oronar (942125) | about a year ago | (#43666283)

Except there was no logging in. Just the form to phish passwords.

Think About IT (0)

Anonymous Coward | about a year ago | (#43666029)

So, Demonoid was shut down, and no one has any idea who might want to distribute malware to its former users computers?

Shocked! I'm shocked to find such and unworthy lack of speculation on Slashdot.

Just as shocked as Claude Reins was in Casa Blanca when he feined ignorance of gambling and took his "pot-de-vin."

Actually... (3, Informative)

giveen1 (2727899) | about a year ago | (#43666111)

I never actually logged into the website, nor got my password stolen, nor got malware. Links are always checked out, email header completely read, domain looked up in WHOIS, and link opened in a VM.

Afghan (0)

Anonymous Coward | about a year ago | (#43666143)

/9j/4AAQSkZJRgABAQEASABIAAD/2wBDACgcHiMeGSgjISMtKygwPGRBPDc3PHtYXUlkkYCZlo+A
jIqgtObDoKrarYqMyP/L2u71////m8H////6/+b9//j/2wBDASstLTw1PHZBQXb4pYyl+Pj4+Pj4
+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj/wAARCAAQABADASIA
AhEBAxEB/8QAFgABAQEAAAAAAAAAAAAAAAAAAgAD/8QAHBAAAgIDAQEAAAAAAAAAAAAAAQIDEQAE
IRIF/8QAFAEBAAAAAAAAAAAAAAAAAAAAAv/EABcRAAMBAAAAAAAAAAAAAAAAAAAREyH/2gAMAwEA
AhEDEQA/AMoND3rpIVSioNnLY0vEDsFTgJ5gj+i666RWlBQKrDJvO0Dx2lMK5hFHGz//2Q==

Re:Afghan (0)

Anonymous Coward | about a year ago | (#43666561)

I can never understand those foreign fuckers...

Re:Afghan (0)

Anonymous Coward | about a year ago | (#43667045)

base64, but Iran, not Afghan

Sounds like demonoid used bcrypt. Yay! (5, Insightful)

Sloppy (14984) | about a year ago | (#43666335)

Someone has the database, but it's not enough: they want people to send them passwords associated with the records. That leads me to one conclusion, to the old Demonoid's credit.

Re:Sounds like demonoid used bcrypt. Yay! (0)

Anonymous Coward | about a year ago | (#43667589)

Someone has the database, but it's not enough: they want people to send them passwords associated with the records. That leads me to one conclusion, to the old Demonoid's credit.

Or that they figured they could phish more passwords out of their userbase regardless.

Re:Sounds like demonoid used bcrypt. Yay! (0)

Anonymous Coward | about a year ago | (#43667721)

"Demonoid's back! Just log in here! But now you have to change your password, because the old one was compromised."

Now you have their latest omniuse password!

Saw it coming (1)

HairyNevus (992803) | about a year ago | (#43667077)

I saw this e-mail on my phone this morning, and my first thought was "Sounds pretty sweet... so I bet it's not real". Then I came in and saw this headline before I even remembered it. Oh well... kat.ph is everything Demonoid was, maybe more.

Re:Saw it coming (1)

runeghost (2509522) | about a year ago | (#43667443)

Not quite. Demonoid had a ton of ancient and obscure movies, tv shows, and books, many of which were obtainable literally no where else. Kat.ph appears to be a nice torrent site, but it's far more focused on popular stuff than demonoid was.

Re:Saw it coming (1)

zerocommazero (837043) | about a year ago | (#43668015)

Yeah, Demonoid was a geek's dream. You could find just about anything niche related (well at least the niches I liked) and the search interface/categories were easy to use to find obscure related things.

Re:Saw it coming (1)

Linsaran (728833) | about a year ago | (#43668359)

Amen to that, I've yet to see a torrent site with the same level of Niche stuff that Demonoid used to have. If ever I found another site with that same quality of content I'd join in an instant.

Re:Saw it coming (0)

Anonymous Coward | about a year ago | (#43675553)

Same here. Demonoid was the place I found many TV pilots (the two Three's Company pilots with different actors being a favorite,) obscure movies, band demos, and basically everything you can't buy off the shelf legally, but would if I could. They are missed!

I was skeptical about that e-mail, so I waited to see what story would inevitably pop up here. I figured it was some "forces of evil" trying to get info on us former members. Pirate Bay is okay, but I'm starting to feel like going back to the old place-of-no-mention that predates the WWW, but unfortunately requires one to subscribe to a service to reach now.

Re:Saw it coming (1)

bBarou (834305) | about a year ago | (#43668653)

I wish I had mod points. Demonoid was one of my favorite place for hard to find stuff. Is there anything close to it nowadays?

Re:Saw it coming (0)

Anonymous Coward | about a year ago | (#43670463)

Private trackers.

Re:Saw it coming (0)

Anonymous Coward | about a year ago | (#43703885)

Private trackers.

Bullshit. A private (or public) tracker is as good as its members.

Fill a tracker with people who want to donate their bandwidth and who also have extensive collections of whatever, and a great community is born. Just look at the pirate bay. What you can't find you can probably request, and for the most part things come down pretty quickly.

OTOH sign up for a supposedly exclusive high end private tracker with 1,000 members and you'll be greeted with snobbery and dead torrents. Good luck getting something after the initial seeder pulls the seedbox off. That takes about 2 days on average, and there will be no swarm to speak of because maybe 5 people grab the thing in the first place.

Get on a big private tracker and things are better. The problem with those is they're starting to become prime targets for the copyright nazis and their never ending genocide of internet freedoms.

Didn't go to all users (0)

Anonymous Coward | about a year ago | (#43667725)

Hmm, I would suggest they either didn't get a full membership database or they were selective as to who they sent it to - I didn't get an e-mail, and I was a user.

Lastpass (1)

bmo (77928) | about a year ago | (#43669647)

"New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

Password sharing is bad. I've moved all my passwords and password generation over to Lastpass. All my web passwords are 20 char random alphanumeric/symbol/randomcase automatically generated by Lastpass' randomizer. They are all completely different from each other - none are shared. Even I can't remember them. They require entry by Lastpass or copy-paste from a text tile or typed from dead tree archive.

There are other password tools that do similar things, and I highly recommend this style of password generation and usage.

--
BMO

hoping (0)

Anonymous Coward | about a year ago | (#43695755)

Welcome back to d2.vu
Its using your old demoniod user name and pass word hope its legit. Worked for me

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>