5 August 2014. Picture this: you're downloading a file from a torrent site. It's almost done. Suddenly, you get a sinking feeling that something just isn't right. You shrug and let the download continue. As it finishes you open the file and instantly realize something is wrong. Your computer hangs, and then something starts loading in the background. You've just become the next victim of torrent poisoning.

What Is It?

Torrent poisoning refers to some type of corruption of a file or a system or index to prevent users on torrent networks from accessing copyright-protected files.

Decoy Insertion

When you use a bittorrent client to download files, you have a lot of choices. You start off by choosing a torrent file to download. Here's where the “magic” happens. When a content producer wants to stop you from getting their content without paying for it, it may use something called decoy insertion.

This is a method where a corrupted version of a particular file is inserted into the network. The corrupted file gets transmitted to multiple users, thus corrupting the network. It also deters users from finding an uncorrupted version of the file while simultaneously increasing the distribution of the corrupted file.

A content creator can corrupt any file by converting to another format that looks like an uncorrupted file. From here, creators may entice users to download and spread the corrupted file using high bandwidth connections – users like high bandwidth connections because they provide speedy downloads.

Index Poisoning

Index poisoning is a method that targets the index found in many P2P sharing sites. An index allows users to locate the IP of desired content. This method makes searching for target material difficult. The attacker will insert a large amount of invalid information into an index to prevent users from finding the correct file. This method requires less effort on the part of the attacker.

Spoofing

Spoofing involves fake URL and P2P file sharing links on sites. Content creators design software that directs users to non-existent locations through bogus search results. This method relies on demoralizing the user before they can find the content. Hopefully, users give up before they find the content.

How To Protect Yourself

The best way to protect yourself is to not download content that is copyright protected. Seriously. Even if you think that the content-creators have made enough money, odds are that there's an attacker out there willing to defend their creation. In some cases, attackers will defend their content using viruses, corrupted files, and ransomware (stealing your files through the corrupted target file and then demanding payment for the return of your files).

Any defensive measures will have disastrous effects on your computer, but they could also potentially cause you some legal trouble as well. If a corrupted file is actually logging your IP, you may face civil or criminal prosecution.

If you want to protect yourself when downloading files legally, just make sure you're downloading from a trusted site. Ideally, you'll join a private community or a community where the users are active enough to apprise you of any corrupted files.

Corey Dudley is a web management leader. From programming to file sharing to information security, he often blogs about the innovations and concerns for web users.