Trojans and viruses are often included in keygens, as those programs must be run manually in order for a downloader to play many games or use downloaded software that is protected by a serial No./challenge-response code. Usually, though, if you need to crack it, there’s a strong chance you’ve downloaded something you perhaps ought not to have.
If someone makes a torrent containing an infected file, the MD5 hash will check out OK, and your torrent client will not reject the data. In this instance, the uploader is, perhaps, uploading an infected file deliberately in order to infect others’ computers with a virus/trojan/keylogger. These people are relying on the fact that on any given swarm, there are likely to be some people who are ignorant of good PC security practice, which is to scan any file that you download before executing any part of it.
Effectively, the malicious uploader is playing a numbers game. Imagine a swarm of 20,000 computers, all down/uploading an infected file. Assume that 10% of those computers’ users are running with admin privileges, and that 10% of those admins don’t scan the files they download. Instead, they hurriedly click on the install.exe or the keygen.exe, neither reading the comments for the torrent nor virus scanning the file first, as they are desperate to get that game or (and I’ve seen this happen) watch the latest episode of a show. That still makes a healthy 200 computers infected and further distributing the infection through the swarm. If the malicious code is a keylogger, then credit card details are the likely target for the attack, and I dare say that with 200 compromised computers, it is likely that it will be worth the attacker’s while eventually.
In short, if you’re going to use Bit Torrent, you need to know how to minimise the inherent risks:
1. Read the torrent comments first
2. If you’re jumping on a torrent early, consider waiting – you’ll likely get better speeds when there are more leechers/seeders, and you can check the comments section again.
2. Don’t ever just double-click on the files! (this goes for pretty much every download you do, via torrent or not)
3. Scan the files before you run them, preferably with more than one AV scanner.