I'm thinking of the Jon Evans novel "Invisible Armies" and the "bug" / backdoor in the P2P software that it's author users to pwm machines.

I don't really think so. The tracker is just a tiny part of the whole Bittorrent setup, and it's only really used by clients to get a list of peers. It's basically just an HTTP call to the tracker, returning a response. The only thing that I can quickly think of is returning some malformed bencode which could cause a memory exhaustion a client written by a novice.

The peer protocol (and variants, like uTP) are much more interesting to attack, and you don't need to host a tracker for that, you can just get peer IPs from trackers or DHT, connect, and do your magic.

utorrent v2.1 is still widely used by too many people, and it certainly is exploitable.