'Vigilante Malware' Is Preventing People From Visiting Their Favorite Piracy Sites

This annoying crusader modifies files on your computer to keep that BitTorrent site out of reach.

There’s a “vigilante” malware campaign stalking the digital streets, with an apparent grudge against pirating websites and their patrons.
Photo: FREDRIK PERSSON/AFP (Getty Images)

There’s a “vigilante” malware campaign stalking the digital streets, with an apparent grudge against pirating websites and their patrons.


The malicious program essentially tries to deter you when you go to filch your favorite TV show or video game from one of many popular BitTorrent sites, write researchers with Sophos. Well, sorta.

After infecting a computer, the program blocks the user from visiting a list of websites—a large number of which are related to torrenting.

It does this in a pretty crude, simplistic way: by hijacking the computer’s HOSTS file, which is the plaintext file in computers that maps hostnames to IP addresses as they connect to a device’s network. By modifying the file, you can stop your device from connecting to certain domains.

The virus ensnares unsuspecting victims by hiding in a number of fake software packages, including ones claiming to be pirated or free versions of “popular games, productivity tools, and even security products,” researchers write.

Andrew Brandt, lead researcher with Sophos, said that the malware’s “motivation seemed pretty clear.” That is, it prevents people from visiting software piracy websites (if only temporarily),” Brandt writes.

The “vigilante” is an interesting sub-genre of malware—and it does pop up from time to time. Since the internet is a veritable cesspool of criminality and bad behavior, the occasional Paul Kersey-type is somewhat welcome. Last year, amidst a resurgence of activity by the destructive Emotet botnet, someone started sabotaging its infection operations by replacing its malware payloads with funny GIFs and memes. Similarly, a couple of years ago some unknown party hacked into 10,000 home routers, not to fuck them up but to patch their vulnerabilities and make them more secure.


And yet, as far as vigilantes go, this anti-piracy renegade isn’t super sophisticated, effective, or useful. For one thing, of all the crimes on the internet, is watching a free version of the latest Hulu series really high up on the list?

Also, it’s apparently really easy to disable the effects of the malware, and thus re-access the websites you were previously trying to reach: “Anyone can remove the entries after they’ve been added to the HOSTS file, and they stay removed (unless you run the program [i.e., the virus] a second time),” writes Brandt.


So, yeah, it’s hardly the Travis Bickle of malware—cleaning up the internet’s streets. It’s more like an annoying neighborhood watch member, handing out flyers on your local street corner. As in that situation, the best course of action here is probably to perform a casual eye-roll and continue on your way.



What are the chances the malware is sponsored in some way by the MPAA or RIAA?