PCMag: Game of Thrones Torrents are Perfect for Delivering Malware

Snowdog

[H]F Junkie
Joined
Apr 22, 2006
Messages
11,262
This alarmist story is making the rounds everywhere, claiming that downloading GoT torrents is dangerous.

381268-malware-400.jpg

Every single person we spoke with gave the same answer: pirating television shows is not only illegal, but dangerous.
https://securitywatch.pcmag.com/mal...s-torrents-are-perfect-for-delivering-malware


But is it? Lets Dig in a bit more and go to the original Kaspersky report that everyone is basing their stories on:
https://securelist.com/game-of-threats/90116/

It is revealed (only after wading through a lot of alarmist stuff) that it's really only torrents that have Executables and Shortcuts, that people are dumb enough to click on. A little research will also show that if you stick to common sources, you will probably never even see a TV torrent with Exes or Shortcuts.

So basically, it's really only dangerous to the clueless. You need to work hard to avoid to valid popular torrents, to find a fringe one that has malware, then you need to be clueless enough to click on the Exe/Shortcut, when you should be looking for a Video file.

Not to say that it wouldn't apply to lots of people, but saying it's dangerous, and all the alarmist reaction seems over the top.
 
I'm not quite sure how they suggest that someone is embedding malware in a video file...

If you get a video torrent, and there is an executable in it, don't run it ;)
 
Sounds like a Windows users problem. Us Linux users are immune to such things.

No, We are no more immune to malware than Windows users are. Most of the same or similar attack vectors exist in Linux as do on Windows.

We benefit mostly from obscurity. With <2% of users on Linux, why would you waste your time writing Linux malware, when the payoff is so much larger by writing a Windows version?

We also benefit from using package managers to update all software installed on a system at the same time, so there are fewer missed old installed software revisions with open vulnerabilities.

Other than that, Windows - ever since UAC was introduced with Vista - has mostly caught up from a secure OS design perspective.

What remains are things outside of Microsofts control, like being a bigger target than Linux, and unpatched installed 3rd party software.
 
I'm not quite sure how they suggest that someone is embedding malware in a video file...

They aren't. You have to read through most of the report, to find that they are just talking about torrents, that contain, exe and shortcuts, when they should just contain the video file you are looking for, and user being clueless enough to download it in the first place, and dumb enough to click the exe/shortcut in the second place.
 
GOT.S1.E1.amazingrip.mp4...........8GB
RUNMEFIRST.EXE.........................160KB
They aren't. You have to read through most of the report, to find that they are just talking about torrents, that contain, exe and shortcuts, when they should just contain the video file you are looking for, and user being clueless enough to download it in the first place, and dumb enough to click the exe/shortcut in the second place.


As always, the weakest link in security is between the keyboard and the chair.
 
I'ma go out on a limb here and predict GOT will be the most pirated show again this year, propaganda or no. I guess I'll be pirating it as well since according to the new propagandized mass media shaming vocabulary I share an HBO account with someone. And btw mediainfo ftw.
 
GOT.S1.E1.amazingrip.mp4...........8GB
RUNMEFIRST.EXE.........................160KB

Or you could do what I did and write a filtering script.....

Code:
@echo off
REM **** Switches to folder,collapses subfolders into main unpack folder,
REM **** optionally deleted undersized files, copies specified file formats to destination or destinations ***
REM **** Renames old data structure to "MOVED-"plus the orignial folder name.
REM **** USAGE IS: fc2 [foldername] [destination1] [destination 2 optional]

REM *********CONFIGURATION************
REM *** FILE EXTENSIONS TO COPY, SPACE BETWEEN DIFFERENT FILE TYPES ***
set ext=*.MKV *.WMV *.AVI *.MP4

REM ***** DELETE FILES OF COPY EXTENSIONS IF LESS THAN A CERTAIN SIZE, this is case sensitive (yes or no) and (size in bytes)****
REM ***** Prune enables/disables
set prune=yes
set prunesize=41240000

REM ****ADDITIONAL FILE EXTENSIONS TO PRUNE, NO FILESIZE LIMIT****
REM ****prune2 = case sensitive (yes or no) to enable or disable deleting, SPACE BETWEEN DIFFERENT FILE TYPES
set prune2=yes
set prune2ext=*.SRR *.NZB *.EXE *.SRS
REM *******END CONFIGURATION**************


REM *** GO TO UNPACKED FOLDER ***
cd %1

REM ***Collapse all subfolders into main unpack folder, overwrite duplicates***
for /r %%i in (*) do @move /y "%%i" "%%~nxi"

REM **** DELETES all Files of  ****
if "%prune2%" == "yes" (
for %%m in (%prune2ext%) do for /F "delims=" %%A in ('dir /b %%m') do del "%%~dpnxA"
)

REM ****Delete any file less than ~40 MB to remove samples ****
if "%prune%" == "yes" (
for %%m in (%ext%) do for /F "delims=" %%A in ('dir /b %%m') do if %%~zA LEQ %prunesize% del "%%~dpnxA"
)

REM **** Copy  Files to Destination folder *****
for %%x in (%ext%) do copy /y %%x %2

        REM ****Copy files to second Destination if request exists****
   if NOT "%3" == "" (
   for %%x in (%ext%) do copy /y %%x %3
   )

REM ****Traverse back to primary directory, rename and append MOVED- to folder name for manual move verification before delete****
cd ..
ren %1 MOVED-%1
 
Torrents? How droll. Free from local library for the win. Six weeks to watch a 10 epp season. We often watch them twice. And so easy to lift, if one were so inclined ;)

Well, not really free since my county taxes pay for them anyway. So may as well use it to the max.
 
I'ma go out on a limb here and predict GOT will be the most pirated show again this year, propaganda or no. I guess I'll be pirating it as well since according to the new propagandized mass media shaming vocabulary I share an HBO account with someone. And btw mediainfo ftw.


And here I am not having seen any of these Hunger Game of Thrones things. :p
 
What? You're telling me nefarious people stick nefarious things in torrents? No way! That's impossible! Clicking random exes in random torrents is totally okay. No one would ever slip something into those.

People hiding malware in pirated copies of things is something I've seen going back to the IRC days (and, I imagine it happened in the BBS days as well). The more popular a thing is the more likely you will find someone trying to use it to infect people.
 
After you finish catching up on Leave it to Beaver, it is a great show to sit down and watch. :p


Honestly though, I'm just not that into fantasy genres. I prefer realism. Super heroes, orcs, trolls, elves, wizards, dragons, all that kind of stuff requires a bit too much suspect she of disbelief for me.

I prefer realism, either contemporary or historical. I like Science fiction too, as long as the premise is plausible (More Star Trek, Less Star Wars)
 
Torrents? How droll. Free from local library for the win. Six weeks to watch a 10 epp season. We often watch them twice. And so easy to lift, if one were so inclined ;)

Well, not really free since my county taxes pay for them anyway. So may as well use it to the max.

Stop spreading your communist ways...
 
Articles pushing malware fears are perfect for increasing a site's click-count.

The truth in advertising :sneaky:
How much you want to bet HBO (or it's parent company ATT/Warner Media) helped create this story indirectly by paying for advertisement with the outlet that wrote the article? ;)
 
No, We are no more immune to malware than Windows users are. Most of the same or similar attack vectors exist in Linux as do on Windows.

We benefit mostly from obscurity. With <2% of users on Linux, why would you waste your time writing Linux malware, when the payoff is so much larger by writing a Windows version?

We also benefit from using package managers to update all software installed on a system at the same time, so there are fewer missed old installed software revisions with open vulnerabilities.

Other than that, Windows - ever since UAC was introduced with Vista - has mostly caught up from a secure OS design perspective.

What remains are things outside of Microsofts control, like being a bigger target than Linux, and unpatched installed 3rd party software.
What can I say but it's good to be the <2%.
 
A true pirate wouldn't let their taxes pay for movies. That's why I use a VPN.
If only I had a choice. Heck. They make me pay over $1k a year in school tax alone and I don't even have kids. Library gets what people ask for. And GoT is extremely popular. Friend of mine is big into torrents. Think it's more for the sake of collecting than watching though. I will ask if he has seen any malware.
 
Fun fact: Downloading torrents is risky. Not sure why are you are hoping to calm people freaking out about malware in their torrents.

/thread
Actual fact: That is incorrect. Downloading a torrent is no more or less risky than downloading anything else. What you have to worry about is where you download stuff from, not what you download. That fake warez sites like to bait people by disguising their malware links as torrent downloads is just a trend. They also disguise them as driver downloads or dll downloads.
 
Actual fact: That is incorrect. Downloading a torrent is no more or less risky than downloading anything else. What you have to worry about is where you download stuff from, not what you download. That fake warez sites like to bait people by disguising their malware links as torrent downloads is just a trend. They also disguise them as driver downloads or dll downloads.

I mean if you are just wanting to point out minor things in what someone says then technically you are also incorrect. Downloading the file is not risky. The risk happens when you run the file. Or better yet the risk actually starts when you sit in front of your pc and start giving it commands. There was always increased risk with download 'things you arent supposed to'. The risk of more fake infected links are going to exist for whatever newest photoshop version than the newest notepad++ version. Don't act like you are new to the internet.
 
Torrents are safe. The best, ..... to eat?
But why torrent when you can stream freakin noobs.
 
I mean if you are just wanting to point out minor things in what someone says then technically you are also incorrect. Downloading the file is not risky. The risk happens when you run the file. Or better yet the risk actually starts when you sit in front of your pc and start giving it commands. There was always increased risk with download 'things you arent supposed to'. The risk of more fake infected links are going to exist for whatever newest photoshop version than the newest notepad++ version. Don't act like you are new to the internet.


Downloading sketchy SW using bit torrent is risky.

But if you are not a clueless moron, downloading video torrents isn't risky.

Current Video file containers (.mkv, mp4) have been free from exploits.

Decent torrent sites will show the you torrent contents before download, and you can can check your torrent client for contents before downloading as well. So really you should never get risky files on your computer from downloading a video torrent.
 
Downloading sketchy SW using bit torrent is risky.

But if you are not a clueless moron, downloading video torrents isn't risky.

Current Video file containers (.mkv, mp4) have been free from exploits.

Decent torrent sites will show the you torrent contents before download, and you can can check your torrent client for contents before downloading as well. So really you should never get risky files on your computer from downloading a video torrent.

This. If you stick to referable sites such as Rarbg, you never have to worry about a video file containing spyware/malware or even quality concerns. I've been doing P2P then later torrents since Napster and Morpheus, and have never gotten a bad file. File size is crucial. Never click on a 99kb MP3 or a 28kb movie file.
 
Torrents? How droll. Free from local library for the win. Six weeks to watch a 10 epp season. We often watch them twice. And so easy to lift, if one were so inclined ;)

Well, not really free since my county taxes pay for them anyway. So may as well use it to the max.

If only my local library had GOT on BluRay I might start watching it. I am a BluRay snob, especially for a series as epic as GOT supposedly is. That and I dont really have time to catch up on all the seasons! :D
 
No, We are no more immune to malware than Windows users are. Most of the same or similar attack vectors exist in Linux as do on Windows.

We benefit mostly from obscurity. With <2% of users on Linux, why would you waste your time writing Linux malware, when the payoff is so much larger by writing a Windows version?

We also benefit from using package managers to update all software installed on a system at the same time, so there are fewer missed old installed software revisions with open vulnerabilities.

Other than that, Windows - ever since UAC was introduced with Vista - has mostly caught up from a secure OS design perspective.

What remains are things outside of Microsofts control, like being a bigger target than Linux, and unpatched installed 3rd party software.

See, this just isn't really correct. Even MS themselves state that the whole idea of UAC wasn't really one of perfect privilege escalation. Linux is the operating system of choice when it comes to web facing servers and still the attack vector is low in comparison to Windows - And providing links to 'vulnerabilities discovered' just highlights the main weakness of closed source operating systems, you stand less chance at finding an exploit when you have less people inspecting the code.

Furthermore, Linux is immune to the double extension exploit that seems to be impossible for MS to resolve, the one that provides the means for most of these attacks.

Security through obscurity is simple to disprove. Android is the most popular OS globally and it's attack vector is far (as in massively) less than that of Windows.

The biggest attack vector will always be the person in front of the machine.
 
I mean if you are just wanting to point out minor things in what someone says then technically you are also incorrect. Downloading the file is not risky. The risk happens when you run the file. Or better yet the risk actually starts when you sit in front of your pc and start giving it commands. There was always increased risk with download 'things you arent supposed to'. The risk of more fake infected links are going to exist for whatever newest photoshop version than the newest notepad++ version. Don't act like you are new to the internet.
Well saying that downloading a torrent is risky suggest that it being a torrent is responsible for the it increased risk. Otherwise you weren't really saying anything.
 
Seems like everyone I know that's pirating movies isn't torrenting them anymore anyway. They're all using Fire Sticks with streaming software like Kodi + Exodus (or whatever the current flavor is) or some other app.
 
Well saying that downloading a torrent is risky suggest that it being a torrent is responsible for the it increased risk. Otherwise you weren't really saying anything.

Sorry I assumed you knew the topic at hand was downloading torrented movies. So correct how it is packaged and distributed has no bearing on its risk but where it is downloaded from, does. Next time I will be more clear so as to not confuse people.
 
Call me old-fashion, simple, whatever, but I just uncheck the boxes for all the extra junk in a torrent and not download it in the first place.

Who manually searches? That's what automation is for.

Download all via automated release tracking, apply filtering script, apply file categorization and storage scripting, let software update and build a "not yet watched" list that updates as files are watched.

.... theoretically of course.
 
Who manually searches? That's what automation is for.

Download all via automated release tracking, apply filtering script, apply file categorization and storage scripting, let software update and build a "not yet watched" list that updates as files are watched.

.... theoretically of course.

I offered my wife to spend a few weeks building our home infrastructure for all that but she declined. She doesn't trust automation and prefers to download everything on her own. Women...
 
Back
Top