Home / Opinions / Epic Scale and uTorrent: Bitcoin mining 'riskware' investigated

Epic Scale and uTorrent: Bitcoin mining 'riskware' investigated

by

Epic Scale and uTorrent: Bitcoin mining 'riskware' investigated

What is Epic Scale, is it being installed silently and should you be concerned?

Earlier today we broke a news story that discussed accusations against BitTorrent client uTorrent.

uTorrent users claimed the software's latest update was being bundled with a Bitcoin mining program called Epic Scale. It was alleged that the installation was taking place silently – i.e. users weren’t aware the software was being installed.

Update: We've also had further tips from users both on Reddit and in our comments sections suggesting that multiple attempts at installing uTorrent result in an omission of the Epic Scale verification page.

BitTorrent Inc., the company that created uTorrent, flatly denied a silent installation was taking place.

What is Epic Scale?

Epic Scale, for context, is a piece of software that purports to use your ‘unused processing power to change the world.’ In short, it mines Bitcoin in the background for charitable purposes – although it also claims to help process scientific data.

We have no reason to suspect it does anything other than what it says, but equally there's no tangible evidence – other than its word – that Epic Scale does donate to the charities it claims and how much of its revenue it donates if it does.

Comments on the internet from what appears to be an Epic Scale team member suggest it is working on ways to show their charitable contributions more clearly on its website and within the software. Its current terms and conditions only refer to a "portion" of revenue going to charities.

With that cleared up, we decided to test the installation process to see wherein the problem lies.

Installing uTorrent: Silent install or deceptive design?

At the time of writing, uTorrent was listing version 3.4.2 build 38913 as available to download. That’s the build we installed.

The installation went as follows:

1. Download the software. The file size for the Windows version was 1.66MB.

uTorrent

2. We were then greeted with a browser pop-up that asked us to enter our e-mail for news updates from uTorrent. The checkbox was ticked by default. Nothing unusual here.

uTorrent 5

3. The actual installation wizard begins with an intro that briefly explains the software.

uTorrent 7

4. The next page warned ‘Beware of online scams!’ and detailed how third-party websites were emulating uTorrent software for nefarious purposes.

uTorrent 9

5. The next page was an End User License Agreement. This outlined all of the terms a user agrees to when installing a piece of software. This page had two options: ‘Back’ and ‘I Agree’.

uTorrent 11

6. The next page has three checkboxes, all of which are ticked. These options mean you accept that the software will create a Start menu entry, create a Quick Launch icon, and create a Desktop icon.

uTorrent 13

7. The next page has two more checkboxes, all of which are ticked by default. These enable two settings; the first is an exception for uTorrent in Windows Firewall, while the second ensures uTorrent launches every time you start Windows.

uTorrent 15

8. The next page details a ‘special offer’ for BitTorrent users, namely in the form of an album download – 700 Fill by Ratking. The checkbox to download this is ticked by default. The next icon glows blue, while the back icon is grey.

uTorrent 17

9. The next page refers to Epic Scale, the software in question. There are no checkboxes on this page. There are two options: ‘Accept Offer’ and ‘Decline Offer’. The former glows blue, the latter is grey.

uTorrent 19

10. The next page pushes an adware called Wajam onto users. The checkboxes are smaller on this page, and ask whether the user wants to accept the software or not. There is also a ‘Finish’ icon.

uTorrent 3

11. Once completed, the software is installed and loads up.

The Good

The good thing about all of this is that there were indeed options to decline every single item of bundled software, which gels with BitTorrent’s claims that it wasn’t silently forcing software onto users.

The Bad

Where uTorrent falls down in our view, and the views of some of its users, is the clarity of its process. What you have here is an installation wizard that actively makes it difficult for users to avoid installing bundled software.

The obvious trick is that most users looking to install a piece of software just click through the ‘next’ icons. This especially true for anyone who is in a rush, or is otherwise unaware about the practice of bundling other software as part of installs. Anyone who has 'debugged' a relative's PC will understand how easily this happens.

The problem is that many of the checkboxes in uTorrent’s installation wizard are selected by default, which means spamming the ‘Next’ button will result in potentially unwanted software installations.

Moreover, Epic Scale didn’t actually have a checkbox. This means that if a user were to be spamming next, it would definitely install Epic Scale, irrespective of any boxes ticked.

We also feel the option of "Accept" or "Decline" is designed to make users think the installation may be cancelled on selecting "Decline", thereby making "Accept" a much more favourable option. And even if it's not designed as such, it is needlessly confusing.

It must be said, however, that many companies employ these methods, and not just for software. Many of you will recount times you accidentally signed up for an automated e-mail newsletter, a browser toolbar, or an added surcharge for an online purchase. However, the mix of check boxes and Accept/Decline buttons on our build of uTorrent just adds to the confusion.

The Ugly

The ugly aspect of this is that installing Epic Scale is very different to signing up to a newsletter, and here’s why.

Unlike toolbars and newsletters, Epic Scale isn’t a tangible addition to your cyber-life. If you accidentally installed it, you likely would never notice.

This is because Epic Scale runs in the background, only interacting with your processor. The software basically outsources processing heft to a wide net of users running the program, which is far more demanding on a system than e-mail spam.

There is clearly something wrong with a company propagating a situation whereby users are inadvertently running software – either through ignorance or deception – that affects the performance of a computer.

Moreover, Epic Scale is the kind of software often referred to as 'riskware'. This is software that doesn't pose a threat in and of itself, and we should stress that there's no evidence that Epic Scale does any harm to your PC, but which could if abused by malware.

The relatively discreet nature of Epic Scale and its method of installation makes it open to such abuse, which is no doubt why several anti-virus programs, including ESET, Kaspersky, Panda, Sophos, GData, classify Epic Scale as 'potentially unwanted' a 'risk tool' or similar variations of.

We can't help think it would be better if uTorrent designed its installer in such a way as to make it harder for users to accidentally install software like this. Let us know what you think in the comments.

Denardo Monroe

March 6, 2015, 7:38 pm

Where do the bitcoins go?

Jeremy L

March 6, 2015, 7:48 pm

This just goes to show you can't spam click "yes" and "next" during installs. Perhaps next time these morons will read what they click.

gadfdsaf

March 6, 2015, 10:15 pm

This account was created to create comments on this situation involving uTorrent and Epic Scale. Affiliation is entirely possible and is likely.

Abresh Arquah

March 6, 2015, 10:34 pm

Exactly, Jeremy. This is a case of moronic user "NEXT NEXT NEXT GET IT BLIPPING INSTALLED!" syndrome. Something that I ridicule people for having today.

Hudster72

March 6, 2015, 10:37 pm

Jeremy...Spoken like a true misanthrope. People make errors, that doesn't make them morons. One errant click would be quite easy for those less savvy.
Please, tell us all YOUR secret to infallibilty?

Evan

March 6, 2015, 10:53 pm

I first installed uTorrent in June of 2013, and even back then it had the confusing "accept" or "decline" options. Though it was for something other than Epic Scale.

someone

March 6, 2015, 10:59 pm

Life is simpler on Mac

moeburn

March 6, 2015, 11:04 pm

Your investigation neglected to point out the fact that the choice to install Epic Scale only appears about 25% of the time, but installs 100% of the time. Try going through the installation process a few times, I guarantee you that you will find it doesn't always ask you.

andyvan

March 6, 2015, 11:07 pm

That's very interesting, thanks for the tip. We will look into this. Is this something you have seen, or is it something reported by other users?

BearDAD

March 6, 2015, 11:31 pm

Can anyone give me the ACTUAL file being installed? If it's this ghostly I'd probably not be able to find it without knowing what I'm looking for. Remember... the ACTUAL NAME and EXTENSION please.

abcde.???

Anyone?

JT

March 6, 2015, 11:45 pm

I would also like to see the name of the process along with the file.

With uTorrent running and no programs actively in use, my CPU idle is 95%. To mine bitcoins you need to use A LOT of processor power to get anything worthwhile.

I also noticed that Epic Scale didn't deny any of these allegations. They just put out a BS statement. This is a criminal activity. This level of theft would qualify as a felony. If I rob a bank, is it legal if I donate the money to charity?

Andreas

March 6, 2015, 11:48 pm

You guys (and everyone else I've seen) missed what most users have done - accept an update... I can assure you that nothing in the update process asked anything about EpicScale. That was the last drop for me, I've uninstalled uTorrent and performed some manual cleaning to get rid of any leftovers on disk or in the registry. Trying out qBittorrent since it's open-source and supposedly free from ad-/risk-/malware.

moeburn

March 7, 2015, 12:00 am

Anecdotally speaking, about half of reddit users are proving with screenshots that they got the miner without the checkbox asking permission, and the other half are proving that the checkbox shows up.

But also, Torrentfreak did their own investigating, and found it to be entirely random:

http://torrentfreak.com/utorre...

"The silent install appears to happen selectively, and not on all machines. TF had confirmation from various sides and with screenshots of every step of the install process where no Epic Scale screen appeared. In one case, the opt-out screen was eventually shown after several re-installs."

Tracy Campbell

March 7, 2015, 12:48 am

I agree...you don't buy a car without reading the purchase agreement, right?

...okay, well some people do. And it's a horrible idea. You ALWAYS read what you're agreeing to, especially when you're downloading something and it's very easy to know what you might be getting into.

Captain Obvious

March 7, 2015, 1:18 am

Life is limited and slows down after time (with no repair) on Mac

MightyMule

March 7, 2015, 1:26 am

I agree in the case of a fresh install but that's not how this gets installed Jeremy. It comes in a program update to software you already have installed. You click one time on the update button and it is all automatic from that point.

Dark Star

March 7, 2015, 1:55 am

http://forum.utorrent.com/topi...

Borkr

March 7, 2015, 2:17 am

I researched this issue about a month ago when updating Vuze after AVG antivirus popped up a warning during installation warning me of potentially unwanted program (pup). I'm really careful when installing software so this warning irritated and alarmed me to the extent I went and did some reading, not something you really wanna do every time you update something.

This TR article is a good and timely warning for people to be really careful when installing even trusted software from trusted sources. There is a difference in installation method when just updating from the program itself (as I did with VUZE) and doing a fresh install. There's even a difference in the program and what's bundled with it depending on where the user downloads the software.

Sources such as Filehippo.com benefit from having loads of adware bundled into installations and it's depressing to see even the likes of Java and Adobe Flashplayer bundling loads of crap into its installation routine too. Updates - exe's that then download the install files separately from a smaller 'update file' are a risk too. They can however, with more diligence and further searching, be avoided in preference for the full proper and complete install file. But that's hard work and that's clearly what these companies are capitalising on as TR have nicely demonstrated.

It's a shame that even the likes of Grisoft's antivirus program has crapware added to it. If you're not paying close attention you can get caught out by the necessity to pay attention to clicking the appropriate close it boxes, accept or decline distinctions and next and hidden checked boxes in Ts and Cs you could entering a world of pain with hard to remove toolbars and suchlike installed in your favourite browsers. Sometimes these toolbars are next to impossible to remove, even from responsible (you'd think) vendors like McAfee and suchlike). And yes, you might not fall foul to this yourself, being a savvy and experienced user but chances are, you will be the point of support when fixing friends or a family member's computer as Sean says. It's a pita.

It's also a shame the EU should put so much focus on needlessly and persistently alerting us to the presence of 'cookies' that are far more benign when compared to commercial practises employed these days by the majority of software companies when they could be dealing with larger issues to make such installations a safer experience for ordinary users.

Anyway, some ways around the shovel-ware are to source the program directly from the creator's website rather than somewhere like Filehippo (as convenient as these software aggregating sites are), to do a clean installation rather than an update, to be aware of downloading just the updater exe as opposed to full installers and to sometimes use older software versions that can be obtained from sites such as http://www.oldapps.com/. There's often good advice on websites like http://malwaretips.com/blogs/v... for example and wikis: http://en.wikipedia.org/wiki/C... as well as forum discussion pages on site specific pages like at Vuze itself or Grisoft etc. Of course, when it comes to Adobe and Java you're still getting more than you bargained for if you're not careful even sourced directly!

Well - gotta ask why does TR always put my comments on hold? Such a lack of trust. I've only using this site 10 years+ or more now.. :( Oh, I guess it's the web links. Gotta make sure I'm not putting anything nefarious up I suppose.

Finpower

March 7, 2015, 2:38 am

Open your window task manager-->Click performance tab-->Resource monitor-->CPU

You should see from there which program rapes your cpu atm

buttholepunch

March 7, 2015, 3:45 am

I just downloaded and did my own test install, same build, and I got no mention of Epic Scale. So either you are lying or they quietly pulled it.

My money is on them pulling it.

cashew

March 7, 2015, 4:00 am

This is why I use Utorrent 2.2.1 without ever updating, It works great as it is without a bunch of crap added. Every site I've been on wstates that 3.4 has many problems including reporting stats incorrectly

alansmithee88

March 7, 2015, 5:53 am

uTorrent seemed a lot less greasy before BT Inc bought them out...

Guest

March 7, 2015, 5:56 am

Or just use tixati :o

Everlast

March 7, 2015, 12:53 pm

A very good article, TR. It is important to highlight practices like these.

1-2 years ago they got me with this same Accept/Decline trap, although I am careful when installing freeware specifically due to the bundled search bars/browsers, etc.

This design of the installer definitely tricks the user into clicking Accept in order to continue the installation, especially as there is no tick box to enable the Accept button.

No normal user used to the linear installation process - Next, Next, Accept, Next, Next, Finish - will realise that you can click Decline and still continue the installation.

To be honest they've made it a bit clearer now by adding the word 'offer', before the buttons only read Accept' and 'Decline'.

rangerdanger

March 7, 2015, 5:40 pm

Very honest and smart article that gets to the heart of the issue.
I
feel utorrent has crossed a line into being a sellout; imo, knowingly
prioritizing shady, deceptive and possibly harmful cash grab behavior
from their partners over supplying the end user with a solid program
with the users best interests in mind. I've used utorrent for many
years, it's all I've used for torrents since the start, but I'd feel
like a fool to continue..I'd be a fool to continue. Lots of great
alternatives I'm just seeing for the first time today.

comments powered by Disqus