Topic: MalwareBytes labels famous torrent sites "LimeTorrents" & "Isohunt" as malicious

[Samker]

It's no secret that torrent sites can be sketchy, but now MalwareBytes is trying to do something about it by adding several sites to its block list.

According to TorrentFreak, MalwareBytes Anti-Malware has tagged Isohunt.to and LimeTorrents.cc as malicious, along with several other smaller sites. Users of the website protection tool in MalwareBytes' premium service won't be able to visit these sites without unblocking them first.

It's worth nothing that MalwareBytes doesn't consider the sites themselves to be harmful. However, they may be relying on hosting services whose IP addresses have been associated with malware. “We’re blocking the IPs (amongst others) because there’s a plethora of IPs on the [same network] housing a ton of malvertising and fraud sites,” MalwareBytes analyst Steven Burn told TorrentFreak. In other words, it's guilt by association.

Separately, Malwarebytes is blocking certain IP addresses when users connect to a torrent swarm. The rationale is similar--the software avoids IP addresses that are associated with malicious activity--though TorrentFreak points out that a torrent's hash content should act as built-in protection against bad behavior, making sure every peer is hoting the same material. When called out on this issue, MalwareBytes analyst Jérôme Segura said the company would consider managing these IP addresses in a better way.

This is hardly the first time that torrent sites have been punished for questionable connections. Earlier this year, Google Chrome started throwing up warnings for sites that encourage downloads of unwanted software: http://googleonlinesecurity.blogspot.nl/2015/02/more-protection-from-unwanted-software.html , ensnaring several major torrent sites in the process: https://torrentfreak.com/chrome-blocks-major-torrent-sites-over-harmful-programs-150710/
Again, the issue was not with the sites themselves, but with third-party ads that may try to install toolbars or other ad-injecting software.

Why this matters: MalwareBytes may draw some heat for overzealous blocking, but at the same time it's trying to protect people who are paying a subscription fee to stay malware-free. It makes sense that MalwareBytes would want to err on the side of caution, while giving users the option to unblock the affected sites: https://support.malwarebytes.org/customer/portal/articles/1835326?b_id=6400

(PCW)