You guys still using uTorrent?
Used to use qbittorrent but using Tixati since few years.
I wasn't going to reply and I take all your points, but it got me thinking.
You're saying that there's frequently malware in audio and video torrent downloads that:
- Doesn't trip UAC
- Isn't flagged by antivirus
- Isn't picked up by any of the major malware scanners
- Hides any in/outbound connections it makes in processes that a firewall marks as having a genuine signature
If that's the case, how do you even know it's there?
1-Don't put your words in my mouth.
2- I didn't say frequently on video/audio, I said "way too many" . Did you cross those videos or audio files asking you to download the right codec? It is an old attack called "getcodec". I saw plenty.
Also, there is malware hidden inside those files (or more precisely malware using media files as camouflage), the attack is called "malsteg for malicious steganography" and lastly but more rarely, the media file malware can be used for fuzzing the player, creating a bug in it allowing code injection in its memory space.
4- UAC only prevent privileges escalation, if the malware doesn't require it, UAC won't trigger.
Antivirus only detect what is active on the disk, fileless malware which mostly run in memory won't be detected. Few AVs block exploits, macros or scripts. Compromised or malicious sites will load code and aren't detected unless discovered. I don't even mention signed malware.
Scanners are only useful if a signature exist, not If the file is obfuscated or is a true zero-day.
About FWs, malware can inject its code into a legit process previously whitelisted by your firewall. So the malicious connection will be created (unless the FW has some sort of IDS/IPS and can analyze packets, those features aren't usually in home users products)
How do you know if those infect you? By using some tools, but mostly having knowledge and knowing your system behavior, which is lacking for 90% of average users. For example, i have a static system, I can tell when my system behave improperly or when a "never seen before" process just appeared from nowhere.
Now at your credit, having all those factors embedded in the same media file is uncommon but not impossible.
I can say media files start to become interesting for malware writters, videos and photos are the new drug of the masses. People will run them without any suspicions. Luckily you seems to have some security basics which makes you a bad candidate but I can't say the same for billions others.
Remember we (security forums people) are a microcosm, we are like martial artists able to disarm an armed opponent with our bare hands, most people aren't, so your security strategy mentioned above don't applies to Average Joe.
I hope I answered some of your questions.