cliffspab

Level 2
Why wouldnt they? torrents are not only illegal (if you use them to download paid programs) but their downloadable files lmost always contain some sort of malware.
I've seen you spreading this falsehood on Reddit too. It's simply not true. Sure some games or programs may contain malware, but films and music are almost universally safe.

I've been using torrents for more than a decade and never been infected or compromised as a result. That's thousands of files that have passed through my system with no ill effects...
 

SeriousHoax

Level 17
Verified
Malware Tester
I've seen you spreading this falsehood on Reddit too. It's simply not true. Sure some games or programs may contain malware, but films and music are almost universally safe.

I've been using torrents for more than a decade and never been infected or compromised as a result. That's thousands of files that have passed through my system with no ill effects...
+1
 

cliffspab

Level 2
not so safe, they can also contain malware or be used a vectors via embedded malicious links located in the ADS for example..
and the argument about "never being infected since x years" doesn't mean that you were not infected, you could have been without knowing it.
What ads do you mean?

And yes, ignorance is no proof of a clean sheet, but what kind of infection passes every AV and malware scan and shows itself in 0 manifestations?

If these infections have struck me (and there's no evidence they have), then there's been absolutely no impact on my life in any tangible or measurable sense (I run a firewall, AV suite, run malware scans etc) and weigh very lightly against the thousands of hours of entertainment I've had from strictly legal media.

One certainly does have to look at the sources of these files, though. Whether that means using a private tracker, or just abiding by common sense and checking file sizes and comments.

On the other hand, I did manage to totally bugger up my system downloading a keygen from a warez site. If EndangeredPootis ' replaced 'torrents' with 'warez', I'd be in full agreement.
 

Umbra

Level 22
Verified
What ads do you mean?
Not ads as advertisement , but ADS (Alternate Data Streams).

And yes, ignorance is no proof of a clean sheet, but what kind of infection passes every AV and malware scan and shows itself in 0 manifestations?
firmware-based malware, kernel exploits, fileless malware, etc...

If these infections have struck me (and there's no evidence they have), then there's been absolutely no impact on my life in any tangible or measurable sense (I run a firewall, AV suite, run malware scans etc) and weigh very lightly against the thousands of hours of entertainment I've had from strictly legal media.
cybercriminals doesn't forcibly need to impact your life (aka steal your credentials or money) , they can just use your computer as zombie in a botnet and activate the said botnet in a specific moment or use it a cryptominer.
 
Last edited:

cliffspab

Level 2
Not ads as advertisement , but ADS (Alternate Data Streams).


firmware-based malware, kernel exploits, fileless malware, etc...


cybercriminals doesn't forcibly need to impact your life (aka steal your credentials or money) , they can just use your computer as zombie in a botnet and activate the said botnet in a specific moment ot use it a cryptominer.
Interesting stuff

Just out of interest - do you ever use torrents?
 

cliffspab

Level 2
the thing is he used two contradictory terms:
Almost? indeed, way too many are malicious.
Always? no.
I wasn't going to reply and I take all your points, but it got me thinking.

You're saying that there's frequently malware in audio and video torrent downloads that:

- Doesn't trip UAC
- Isn't flagged by antivirus
- Isn't picked up by any of the major malware scanners
- Hides any in/outbound connections it makes in processes that a firewall marks as having a genuine signature

If that's the case, how do you even know it's there?
 

Umbra

Level 22
Verified
You guys still using uTorrent?
Used to use qbittorrent but using Tixati since few years.
I wasn't going to reply and I take all your points, but it got me thinking.

You're saying that there's frequently malware in audio and video torrent downloads that:

- Doesn't trip UAC
- Isn't flagged by antivirus
- Isn't picked up by any of the major malware scanners
- Hides any in/outbound connections it makes in processes that a firewall marks as having a genuine signature

If that's the case, how do you even know it's there?
1-Don't put your words in my mouth.

2- I didn't say frequently on video/audio, I said "way too many" . Did you cross those videos or audio files asking you to download the right codec? It is an old attack called "getcodec". I saw plenty.
Also, there is malware hidden inside those files (or more precisely malware using media files as camouflage), the attack is called "malsteg for malicious steganography" and lastly but more rarely, the media file malware can be used for fuzzing the player, creating a bug in it allowing code injection in its memory space.

4- UAC only prevent privileges escalation, if the malware doesn't require it, UAC won't trigger.

Antivirus only detect what is active on the disk, fileless malware which mostly run in memory won't be detected. Few AVs block exploits, macros or scripts. Compromised or malicious sites will load code and aren't detected unless discovered. I don't even mention signed malware.

Scanners are only useful if a signature exist, not If the file is obfuscated or is a true zero-day.

About FWs, malware can inject its code into a legit process previously whitelisted by your firewall. So the malicious connection will be created (unless the FW has some sort of IDS/IPS and can analyze packets, those features aren't usually in home users products)

How do you know if those infect you? By using some tools, but mostly having knowledge and knowing your system behavior, which is lacking for 90% of average users. For example, i have a static system, I can tell when my system behave improperly or when a "never seen before" process just appeared from nowhere.

Now at your credit, having all those factors embedded in the same media file is uncommon but not impossible.
I can say media files start to become interesting for malware writters, videos and photos are the new drug of the masses. People will run them without any suspicions. Luckily you seems to have some security basics which makes you a bad candidate but I can't say the same for billions others.

Remember we (security forums people) are a microcosm, we are like martial artists able to disarm an armed opponent with our bare hands, most people aren't, so your security strategy mentioned above don't applies to Average Joe.


I hope I answered some of your questions.
 
Last edited:

cliffspab

Level 2
I hope I answered some of your questions.
Thanks for the detailed reply, you did, that was really interesting. I wasn't trying to put words in your mouth, sir, just elicit the details of the threat.

I'll be even more careful from now on.

I've definitely seen dodgy codec pack downloads before! And I'm sure that audio/video files will only continue to pose more of a desirable target for malware writers as they're so popular.

I think my main point was only really that young Pootis' scaremongering seems to be borne more of a moral/ethical objection to the activity than a realistic evaluation of the risks, which I agree are real (especially after your detailed explanation), but certainly not to the extent he would like to have other users believe.

On a tangential note, you're right, it can't be underestimated how incapable inexperienced users can be, The whole 'download here' button meme is real for a reason. Some sites do their damndest to point users towards clicking on anything other than the torrent file itself!

Without a level of experience and knowledge that many users don't have, dabbling in any kind of piracy can cause myriad problems.

(y)
 

Umbra

Level 22
Verified
One behavior i observe in security forums is that many members presume that the "masses" have some kind of security basics and that they care about security.
This is just not true, the masses don't care at all, they won't have the will or time to learn safe practices until they get robbed of their incomes.
And even if it happens, some will just look for "the best AV" , buy it then continue their risky habits hoping the newly bought awesome AV will take care of everything... and if not they will complains and bash the vendors to death.