1337x.to, one of the world's most popular torrent sites, is being blocked by anti-malware company MalwareBytes. The tool claims that 1337x is engaged in "fraud" and is a "scam to try to steal your information or credit card details" yet Google gives the torrent site a clean bill of health. MalwareBytes is also claiming the same against PCgames-download.com, without supporting evidence.
People browsing the Internet on a Windows-based computer should always presume that their machines are vulnerable to attack.
From using a decent firewall to anti-virus and similar tools, prevention is always better than cure when it comes to the various threats lurking in the online space.
For people who frequent torrent and streaming sites, the rules are no different. Anti-virus, anti-malware, and sometimes aggressive ad-blocking tools are considered a must, to ensure that rogue adverts or booby-trapped downloads don’t gain traction on a user’s machine.
One of the most popular tools in this space is MalwareBytes. In addition to dealing with malware already present on a user’s machine, its premium product also offers real-time protection, ensuring that users aren’t even allowed to visit dangerous or untrustworthy websites by blocking them automatically.
In normal and sensible use, MalwareBytes is generally hard to trigger but during the past few days, the software has been preventing access to a pair of popular ‘pirate’ sites.
The first brought to our attention was PCgames-download.com, a portal that specializes in downloads of the latest PC games. During the middle of last week, MalwareBytes declared the site dangerous, preventing all users from visiting the platform.
Worryingly, MalwareBytes flagged the site as “fraud”, declaring it is a “scam” that tries to “steal your information or credit card details.” Given that the site isn’t known for such activity and tests via Google’s malware checker gave it a clean bill of health, TorrentFreak contacted MalwareBytes asking for more information. We received no response.
We did, however, have an email exchange with the operator of PCgames-download.com who told us that he wasn’t surprised at the block, given that MalwareBytes has done this to similar sites in the past. He pointed out that none of the main anti-virus vendors has a problem with his site, going on to detail the measures taken to ensure that rogue advertising networks aren’t allowed.
While a single blocking issue isn’t particularly surprising, we’ve now learned that one of the world’s most popular torrent sites is also being blocked for the same reason. As the screenshot below shows, 1337x.to is also being flagged for “fraud”, with MalwareBytes users blocked from visiting the site.
Again, 1337x.to – which at the start of the year was placed 3rd in our annual overview of the world’s most-visited torrent sites – doesn’t have a reputation for engaging in malicious or abusive behavior.
However, according to MalwareBytes, the site is being blocked due to the reason shown in the screenshot below.
Since MalwareBytes has been unresponsive to our requests for clarification, we have no idea why the 1337x.to is being blocked or whether the claims have substance or are the result of a false positive. However, when cross-checking the domain with Google’s sophisticated malware checker tool, we can see that 1337x (just like PCgames-download.com) is given a clean bill of health.
If MalwareBytes do get round to answering our questions we’ll update this article with their comments. In the meantime, however, it might be worth the company providing more information when it decides to block an entire website.
Anti-virus companies display the names of the viruses they find to inform users, so doing the same for visitors to allegedly fraudulent websites would certainly clear up some of the confusion. Fraud is a big allegation and should be backed up with some evidence, whenever possible.
Update: In the case of 1337x, MalwareBytes is blocking the IP address 104.31.16.3, which is registered to Cloudflare. It is shared by more than 150 other sites, which could also be subject to blocking and the same message about fraud.