Demonoid redirecting to malware after DDoS attack

File-sharing torrent site Demonoid has been down for a week now, after its latest in a long string of DDoS attacks.

It's nothing new for Demonoid. Users of the site are well acquainted with a "Down for maintenance" notice, a "server too busy" notice or a 404 error. But outages don't usually last longer than a few days, at most, although they have been known to last longer and, in one instance, resulted in a change of domain from .com to .me.

This time, the attack was particularly severe and, thanks to some staffing problems (there is only one person taking care of everything, and he has real-life issues to take care of, according to Torrent Freak).

"It started as a DDoS, but then it caused a series of problems. These problems need to be fixed before the site can go back up, and it’s a complicated fix this time," a Demonoid admin told Torrent Freak last week.

This week, though, users are reporting redirects from the Demonoid URL to an ad network, some of which are serving up a dose of malware. Torrent Freak reported that the redirect was a deliberate move to alleviate the mounting bills resulting from the DDoS attack — although, whether Demonoid admins knew about the malware ahead of time is a different kettle of fish.

It is unclear at this time whether the attack is at the hands of an anti-piracy group.

Like Lazarus, we are confident that Demonoid will once again return from the dead, but the question remains: how long can it continue to do so?