BitTorrent users are facing a new enemy. A BitTorrent client named ZipTorrent, allegedly created by our friends from the anti-piracy organization Media Defender, leeches bandwith and spreads useless data chunks.

The goal of ZipTorrent is to slow down popular downloads as much as possible. They use hundreds of these clients at the same time and this can potentially bring the average download speed down to zero. Even more so, it is not unlikely that it will record your IP-address in the process so they can send you a copyright infringement notice on top of it.

On the Media Defender website we read:

“Decoying and Spoofing are the most commonly known techniques that we employ. We send blank files and data noise that look exactly like a real response to an initiated search requests for a particular title.”

According to ubisuck over at the mininova forums, Media Defender is doing just this with ZipTorrent. Apparently the fake client is a mod of the popular BitTorrent client Azureus which can be configured to send fake data.

Here’s a full screenshot of the ZipTorrent configuration screen. As you will see, there are some dubious settings like “fake upload ratio mode”, “no upload” and “safe fake download”.

It is not hard to check whether you are connected to these fake clients. In the peers list of your BitTorrent client they will show up as “ZipTorrent” and most of the time you will be connected to a bunch of them all originating from similar IP addresses with either 0% or 100% of the file completed.

However, there are blocklists to stop these malicious clients from connecting to your BitTorrent client. Pasted below is a list of the known IP-ranges ZipTorrent is on. The ranges were identified by The Pirate Bay team and are posted in several forums. You might want to add these to the blocklist of your BitTorrent client or PeerGuardian.

There’s one problem though, Media Defender will probably move to new IPs if they read this, a never ending story.

Update: The legitimacy of the screenshot and “ZipTorrent” is doubtful but the IP ranges are correct. Spoofing is not limited to a client like ZipTorrent and I’m told that clients like uTorrent and Azureus are also used to do this job.