Response from the admins
From where I’m sitting it looks like classic overconfidence. I would say keep your eyes open in the future but don’t pick up the pitchforks just yet.
Thanks. This community needed your logical input. I’ve been following this over the past few days and it seems like a blatent Reddit-type pitchfork situation. Based on the mods response and the absolute lack of proof surrounding the mods profiting from the crypto miner (honestly who the actual fuck even came up with this?), I think we need to all take a beat.
Also I don’t follow cracked games but this Emperess person seems like a fucking psychopath and the fact that literally anyone here believes a word she says is absolutely astonishing.
I am asking this community to PLEASE STOP REPOSTING THIS. Don’t let this community follow the ways of Reddit, please. We are better than that.
I agree, this entire thing looks very blown out of proportion to me. It’s not the first time and not the last time there will be malware in a brand new game torrent on 1337x.
This exact situation has happened before with a new game torrent that had malware, torrent eventually got taken down, and nobody raised a huge fuss other than not to download that torrent.
I feel like this community and the reddit one are made up of 14 year olds who figured out how to torrent 2 weeks ago and are freaking out over the prospect that downloading exe files isn’t safe…who would have thought!
So why did he defend the torrent in the comments and said it was not dirty and the uploader is not banned? This defence is laughable.
You should pin it
You can feel their frustration in this post. Being a mod is a thankless job.
deleted by creator
I see Empress is still subtle and classy as always.
That post is a bit older IIRC, couple of months.
Someone posted it because of relevancy i guess. Your point might still stand, i haven’t heard anything about him.
I wouldn’t trust anything from a P2P site that purports to be:
- A cracked game / application for desktop and mobile platforms. Maybe it’s legit but assume it is malware.
- A serial number generator. If you absolutely must run one of these do it from a throwaway VM, or via WINE emulation to mitigate what it might do.
- An encrypted archive with a README. It’s a scam designed to make people sign up to other scams to release a non-existent password.
- A movie / audio with an extension such as .scr, .wma, .com, .exe etc. It’s malware.
Movies, audio & books are generally safe providing they use a recognized extension - mp3, mp4, pdf, mkv, aac, flac, epub etc. Stuff that runs under emulation like console games is generally safe. I say “generally” because an exploit could still be crafted to escape a popular media player or emulator and cause actual harm to your computer.
All the ads and 3rd party scripts should be considered malicious too and should be erased with an adblocker, or even better use Tor.
So basically use some common sense and if you really want some game or app, just buy the damned thing or wait for it to go on sale.
WINE is not safe to run malware in, it’s not a secure sandbox. AFAIK, anything expecting it can do anything a Linux binary can. (Also, not an emulator, it’s in the original name - WINE Is Not an Emulator)
I know what WINE is and the gist of “Wine is not an emulator”. I have used it extensively and for a while it even contained some of my code (not sure if it still does). But it is still emulating but not in the way people think. WINE is not emulating the operating system but it is emulating the interface that an executable interacts with Windows, aka the Win32 APIs and other DLLs.
They even touch on this in their FAQ - *That said, Wine can be thought of as a Windows emulator in much the same way that Windows Vista can be thought of as a Windows XP emulator: both allow you to run the same applications by translating system calls in much the same way. Setting Wine to mimic Windows XP is not much different from setting Vista to launch an application in XP compatibility mode. *
As far as a potentially malicious executable is concerned, you can create a throwaway wine folder to run the thing and delete it as soon as it is done, e.g.
e.g.
export WINEPREFIX=~/tmpwin winecfg # disable wininet from libraries tab, remove Z:, unlink all desktop integration folders wine keygen.exe # when done... rm -rf tmpwinIt doesn’t matter if keygen.exe is evil because it can write anything it likes to the fake C: and the fake registry and it’s blown away. As a precaution disable networking so it can’t reach out either. In the extremely unlikely event that keygen.exe had code to detect it was running under WINE, it would still be subject to the permissions of the uid you had run it as, so you could take even more precautions if you felt so inclined. You could even use a dockerized WINE if you felt like it.
On the topic of whether or not it’s an emulator, sounds like semantics in the end - fair enough, I disagree but you make a fair point.
That said, in terms of security I think it’s very important to point it out that it isn’t any more secure than running a random Linux executable. In my view, the original comment is advocating for running unknown executables under wine as a security measure, and the further argument is that it’s more secure because most attacks don’t target that.
Sounds like if people rely on that for security, malware will just start targeting that after people get used to assuming it’s safe.
I doubt many people are ever going to do what I suggested so the effort / payoff for malware writers makes it very unlikely they’d bother. They’ll just assume 99.999% of people running the binary are doing so on Windows and code accordingly. Of course anything is theoretically possible.
wine is a windows api implementation, it’s specifically NOT an emulator
Read their own FAQ. It’s not an emulator in the classic sense of emulating the OS. It is however emulating the API of Windows. I quoted the pertinent line of the FAQ elsewhere and made my point clearer
Not sure what the thumbs down is about. It’s right there in their own FAQ.
In fact it ends by saying - “Wine is not just an emulator” is more accurate.
There is a storied history in computing to use tongue in cheek self referential acronyms to denote some humor and finality in distinguishing things that purposely fill a niche in the world of competing, often pricey, commercial software and other hackable reasons.
So I bet you’re rubbing wrong those of us who remember that gnu is not unix, and more specifically wine is not an emulator. Because they really aren’t.
This is a piracy community.
-
You could trivially verify an emulated game with a checksum
-
If a game is released on GOG, there are Checksums that are hidden from the user. GOG games are DRM-free, so there’s no reason anyone would modify the installer.
-
Are cracked games no good anymore? You used to be able to get just about any cracked game back in the day. Sure, some of them might be malware, but it was easy to find one that wasn’t.
I’ll translate: “I find actions of the 1337x admins disappointing. Deleting my torrents causes confusion for the user base, and these actions reflect poorly on your character, suggesting pusillanimity and insufficient discretion when selecting a sexual partner.”
There should be an Empress translator bot
It’s a screenshot of a tweet so you know it’s true
It’s definitely a real Tweet but I agree, if you visit the site to take a screenshit why not just copy that damn link!
You know it’s bad when the almost constantly unhinged ‘Empress’ is the one speaking sense.
Something something broken clock
Yeah, except EMPRESS was just complaining that her own torrents got deleted, not that others were unsafe
You looked at that screenshot and said, “Ah yes, here’s someone speaking sense” ?
I know this is probably obvious to many people, but if a charitable soul could explain to me what a miner is and why the admins are involved in it, it would be very much appreciated. Also, explain like I am 5 if possible
A cryptocurrency miner. It uses your computer to generate currency, which costs you resources (electricity, compute power, etc.).
Except the currency mined doesn’t go to you, but to the malware designer
Before even worrying about the content of individual torrents people should worry about the sites themselves being full of ads, spyware and other garbage that generates revenue for shady people. There’s a reason beyond just privacy that people use rss and magnet links. In an ideal scenario you never go to an actual torrent website.
Part of the reason I moved to Usenet
I have seen multiple posts about the situation by now with various claims but no one seems to have actually looked into it so I have questions! Is it true that moderators defended the upload and silenced criticism, is it true that the crypto address in question can be linked to the sites admins and is it true that the same malware is all over the internet in countless releases? Not all of those are from this particular pist but if someone here knows the answers I would be happy to read them!
There is a discord group in the official 1337x subreddit, the user was just a vip user, not a staff/moderator and he deleted comments after posting a malware in order to keep the release alive. Maybe he was trusted before posting it, and 1337x staff are a few people (lately even less) so he wasn’t blocked quickly. Nothing more. I hope 1337x will make an announcement. The user who posted malware was under a blue nikname:
- Black - admin
- Green - moderator
- Blue - vip
- Yellow - uploader
- Red - trial uploader
- Grey - user
There wasn’t any member of the staff that was helping the vip user to delete comments. He was just deleting comments under its own post by himself.
There is no official 1337x subreddit or discord group. Go to the 1337x official chat room (link on the front page of 1337x.to) and ask about a discord group or sub reddit and they will tell you its fake.
Thanks! I don’t know why a VIP would have this kind of power but that’s exactly the kind of explanation I was looking for because (as usual) a lot of people claim all kind of shit whenever they get a chance and it can be hard to understand what actually happened, glad it’s not as bad as it seemed at first glance! :)
But that doesn’t make it better. It makes it worse. So there is a VIP who uploads a miner. First the mods defend the VIP and the upload but later have to admit that it’s a miner. Then mods can’t do anything because the admin, the only one who could ban the VIP and uploader is AWOL since who knows; a long time. So effectively the topic is correct, the site is not safe. Uploaders can do what they want and cannot get punished because the few mods left can’t do anything and the admin is missing.
So the VIP can’t even be banned by a mod? That’s a fucked up system and I can only woder why it worked at all for such a long time!
That’s at least what the mods claim in defense that the uploader is not banned. But don’t forget, the same mods also said that the upload is “not dirty” until they had to admit it had a miner included.
I honestly don’t get why this behaviour gets defended here. Only because Empress was quoted? And that quote hasn’t anything to do with this incident.
I’m very doubtful too. Crypto mining isn’t profitable on computers nowadays. You would need millions of infections to even generate a dollar a day. It doesn’t make any sense that someone would work on such malware
With enough machines (especially powerful gaming rigs) you could probably still make a really decent amount and since the malware is detected by common antivirus tools and even Windows Defender as far as I can tell it’s most likely old and just used again by someone but you always have to be careful with all claims in the cracking scene and considering how long that site has been reliable I definitely have my doubts!
Even if 100% of all pirates on earth downloaded it, it would still earn shit
I don’t know why, but I think calling people “pathetic cowardly whores” in this specific situation is hilarious.
What, exactly, does one have to do when moderating a torrent site to earn the title of “whore”?
If I were to wager a guess, empress is not a first language English speaker, and to her , it’s just a preferred general severe insult.
combined with her being completely unhinged lol
Naturally, haha
I’m gonna guess you’ve never played COD
Well, doing something “wrong” for money is basically the definition of a whore, so yeah it fits in this case if the alligations are correct.
deleted by creator
Seriously, wtf is going on here lol
In the middle of this controversy there is just one thing I don’t really understand: why haven’t they banned the offending account?
There is literally no public torrent tracker out there that has no issues…
What evidence has been found that links the crypto-mining wallets with the 1337X admins?
Literally nothing. This entire thing is one of the stupidest controversies that I’ve ever seen. One idiot made a wild accusation about the 1337 mods based on no evidence and apparently that was good enough for this community…we are better than this people, grow up.
See my reply to Whiskey Pickle for the evidence.
I read through the wayback link you had, but it really just sounds like admin are busy with their other lives and getting frustrated with new users spamming “trojan found” which is an extremely common thing to see from new users and they don’t have time to verify everything out there. Even saying it has “unpacker.exe” wouldn’t mean anything as the release was packed. Unless the wallet address can actually be tied to admin/mods, then that’s just heresay.
That VitaminX user sounds shady as all hell, but that doesn’t mean admin are doing backhanded deals with some users.
For those asking “private trackers what’s that?”
/r/trackers (on the bad site I know) has a lot of info
For those who may be interested in getting into private trackers, you should start with Myanonamouse.net in my opinion. They do an interview on the irc which is easy and you can join that way https://www.myanonamouse.net/inviteapp.php
It is a tracker for ebooks/audiobooks/comics that is easy to maintain a ratio on (via their generous bonus point system) as long as you are a decent seeder.
Once you’re on the site for a few months you can access the invite forum which can get you access to other private trackers. Think of it like a ladder.
Torrentleech (a general private tracker) occasionally has open signups throughout the year.
I’m on multiple private trackers, and they all hosted the infected version (they’ve been taken down now). Private doesn’t make it safe, especially when people are using automated tools to be the first to upload a torrent.
I didn’t say anything about that and don’t disagree but private trackers definitely have less of it due to their content having more scrutiny and standards.
Nothing is perfect. My comment only strived to let people know about private trackers as I saw multiple people ask about it.
deleted by creator
I’ve been on private trackers since demonid went down. Its the only way to sail, I’ve had zero issues and the content is heavily moderated for quality.
deleted by creator
No kidding. I pirate for the convenience of downloading whatever I want. I’m not interested in joining the cool kids club by trying to keep up with what’s freeleech and stress about how to maintain a ratio lest face their wrath.
I’ve never stressed over my ratio
Public trackers are great for when everything you’re looking for is common or freshly released/uploaded.
Ppl looking for niche content, it’s not gonna be on public trackers.
Also the main benefit of private vs Public is that you can find a 10-15 year old torrent of some niche content and it will still be actively seeded.
With public trackers, there is less retention of seeders, even more so for less common content.
Public trackers often end up with tons of dead torrents with 0-1 seeders after a couple years pass.
And on a private tracker there is incentive to keep old torrents alive. On public there is none. Ppl grab and run.
If you don’t mind me asking, do you think it would be possible to keep a an account on a few of these chillest private trackers without a seedbox? The main reason I’ve been avoiding private trackers for years now is that from the way people talk, those are a necessity.
Things get downloaded in an orderly manner and seeded forever(in a much slower rate that I’d like but), it’s just that Seedboxes are mostly a US and Europe run service and my country’s currency can’t handle that lol
some private trackers economies are easier than others and let you benefit off seed TIME rather than upload amount, so as long as you actively seed you still can gain points to gather buffer, etc. So yes it is possible.
Also depends on your internet speeds. I don’t use a seedbox and have done just fine, though I’ve had the luck of having had 300 mbps -> 500 mbps -> gigabit ethernet within the last 5 years.
Then that just means everything you’re looking for is common or freshly released/uploaded.
Ppl looking for niche content, it’s not gonna be on public trackers as often.
Also the main benefit of private vs Public is that you can find a 10-15 year old torrent of some niche content and it will still be actively seeded.
With public trackers, there is less retention of seeders, even more so for less common content.
Public trackers often end up with tons of dead torrents with 0-1 seeders after a couple years pass.
And on a private tracker there is incentive to keep old torrents alive. On public there is none. Ppl grab and run.
It’s one torrent that’s not safe. That doesn’t make the entirety of the website unsafe!
If the admins endorse malware, it’s best to assume the entire site is compromised.
![ATTENTION: 1337X IS NO LONGER SAFE [Reposted from Reddit]](https://lm.madiator.cloud/pictrs/image/46fa2d88-10a1-4ec6-81ee-c487321a15e1.jpeg){kind=link}