this post was submitted on 25 Aug 2024
98 points (97.1% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54781 readers
574 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
top 33 comments
sorted by: hot top controversial new old
[–] [email protected] 88 points 3 months ago (1 children)

HBO also noticed this bonus episode through its anti-piracy partner Marketly and took action in response. A takedown notice posted in the Lumen Database shows that the company asked Google to remove an “infringing” link to the non-existent release earlier this week.

They're claiming to own the copyright to the Trojan horse?

[–] [email protected] 26 points 3 months ago (1 children)

I think they're issuing a take down notice for using the name and posing as them.

[–] [email protected] 21 points 3 months ago (1 children)

"Takedown notice" has legal meaning, it's not some random cease-and-desist letter that you can draft for anything you want and that has no legal weight other than that it might be scary.

[–] [email protected] 1 points 3 months ago (1 children)

Using someone else's IP, such as claiming that something you're distributing is an episode of their show, most certainly qualifies for a valid DMCA takedown notice.

[–] [email protected] 9 points 3 months ago

DMCA is about copyright (that's what the "C" is). The name of a show isn't copyrighted, it's trademarked. Different type of IP altogether.

[–] [email protected] 71 points 3 months ago (2 children)

Suspect Sonarr users didn't have any issues, as it wouldn't have gone looking for an episode 9.

[–] [email protected] 20 points 3 months ago

Indeed, it’s only showing 8.

[–] [email protected] 6 points 3 months ago

They need to go through tvdb anyway and then it would need to be added by a user. Afaik it takes a while to be propagated to sonarrs skyhook/tvdb integration.

[–] [email protected] 47 points 3 months ago (1 children)

This isn't exactly special. People have been putting viruses into torrents forever.

You should assume anything you download from the internet has a virus!

[–] [email protected] 43 points 3 months ago (1 children)

What? Are you telling me that "baby one more time.mp3.exe" I got off of Napster isn't actually reliable? Gasp!

[–] [email protected] 12 points 3 months ago* (last edited 3 months ago) (3 children)

This is a perfect use case for having a VM, to handle all of your downloads before you play it.

Quite frankly in the bad old Napster days, when you downloaded random shit, if it only had a virus you were lucky, there was a tendency for MUCH worse surprises to be included.

[–] [email protected] 4 points 3 months ago (1 children)

Aren’t we still vulnerable through VMs, though? I seem to remember reading something about why Qubes OS is safer than a regular VM, having to do w/ zero trust, etc.

[–] [email protected] 8 points 3 months ago

Qubes has more layers to the security onion, its true.

But a VM is still a REALLY strong level of containment.

[–] [email protected] 4 points 3 months ago (1 children)

My fave was spending a weekend downloading the good omens radio series to find it was Queen's Greatest Hits

[–] [email protected] 2 points 3 months ago

somebody stored their tapes in the glove bkx.

[–] [email protected] 2 points 3 months ago

there was a tendency for MUCH worse surprises to be included.

Yeah, like strange unreleased Weird Al tracks with sex and drugs references... Every spoof was labeled weird Al back in 2000

[–] [email protected] 39 points 3 months ago (4 children)

The torrent was titled as .mkv (normal and expected) but the actual file was .lnk (not normal)... so you would have had to open a weird random .lnk file to activate the trojan?

[–] [email protected] 25 points 3 months ago (1 children)

Windows hides extensions by default.

[–] [email protected] 24 points 3 months ago* (last edited 3 months ago) (1 children)

Unhiding extensions is one of the first things I do when setting up windows, but it will still hide the .lnk extension on shortcuts, so it's still a vector for phishing attacks (specifically, tricking the user to do something that runs malicious code).

Experienced pirates will get into the habit of taking precautions against malware attacks and will distrust downloads until they are sufficiently vetted,

[–] [email protected] 3 points 3 months ago

Unhiding extensions wouldn't help here, as the .lnk extension is hidden even if you unhide the others, as it's the extension for shortcut files; you have to edit an obscure registry key if you want to unhide it.

(That said, it being a shortcut it should have the small shortcut arrow in the icon, unless you've used a third party tool or the registry to disable it, so it should still be easily recognisable as a shortcut.)

[–] [email protected] 21 points 3 months ago (1 children)

The comments from obvious teenagers on 1337x on pretty much every torrent suggests that a lot of people do this

[–] [email protected] 14 points 3 months ago (1 children)

Basic computer usage skill level does seem to be in decline, doesn't it lol.

[–] [email protected] 3 points 3 months ago

Operating a computer used to be a specialized skill, you used to have to look under the hood pretty often to make things work. Now all that prep work is taken care of for you, so end users are further away from the partial techs we all used to be.

Dropping into a DOS command line to install software was a normal thing in Windows 95, now if you pull up a command line people think you're a Microsoft Certified Technowizard™.

[–] [email protected] 8 points 3 months ago (1 children)

I believe the torrent included both an .mkv and a malicious .lnk file.

.lnk files are dangerous because they can evade detection and automatically open other files or executable on a computer; AFAIK you would not have had to open the .lnk file yourself.

[–] [email protected] 2 points 3 months ago (1 children)

AFAIK you would not have had to open the .lnk file yourself.

Wait, what? A .lnk file is a shortcut... you still have to click those for them to open whatever they're pointing to.

[–] [email protected] 0 points 3 months ago* (last edited 3 months ago)

It depends on the attack vector. Typically you're right, but malicious .lnk files are often paired with other malicious methods to infect machines. Sometimes they're configured as a worm that copies and spreads when a flash drive is connected, sometimes they're configured to download a remote payload when another script or program is started. The problem is that it's a type of file that's often overlooked because it seems innocent.

It isn't necessarily the case that the Trojan needs to be interacted with by the user in order to execute the malicious code. Just having the file on your machine opens the door for all kinds of attacks (especially if you're using a headless setup: you wouldn't necessarily know you have the .lnk file in the system unless you're manually unpacking your downloads yourself). All it needs is for another piece of infected code to run and look for that file, and it can open the door for more traditional malicious code.


Edit: just as a for-instance - If I was a black hat and wanted to spread some malicious code, I could include this .lnk file in a torrent (innocuous enough to slip by unnoticed by most people/unscrupulous pirates), and then maybe place a line of code in a jellyfin plugin or script that looks for that file and executes it if it's found. Because the attack isn't buried in the plugin or script itself (most people wouldn't think much of a line of code that's simply pointing to temp file already on your system), it could theoretically go unnoticed for long enough to catch a few hundred or thousand machines.

[–] [email protected] 4 points 3 months ago

I wonder if an automated setup would play it without caring about the extension. If someone had something like Sonarr dropping episodes on a Plex drive, for example.

[–] [email protected] 37 points 3 months ago

Mindlessly downloading an episode that doesn’t get a mention on the wiki page is amateur hour.

[–] [email protected] 29 points 3 months ago

Well, the good news is that it wasn't actually another episode.

[–] [email protected] 9 points 3 months ago

Maybe it's just me, but I think entities that deliberately spread and use malware should be punished and held accountable. Too bad these entities help write the laws.

[–] [email protected] 6 points 3 months ago (1 children)
[–] [email protected] 0 points 3 months ago (1 children)
[–] [email protected] 2 points 3 months ago