Slashdot Mirror
Fake Gaming Torrents Download Unwanted Apps Instead of Popular Games (helpnetsecurity.com)
Reader Orome1 writes: If you're looking for torrents to download pirated copies of popular games, be extra careful not to be tricked into downloading malicious and unwanted software instead. According to Symantec researchers, who have been trawling popular torrent websites, there's an active distribution campaign going on that delivers potentially unwanted apps posing as torrents for games like Assassin's Creed Syndicate, The Witcher 3, World of Warcraft: Legion, The Walking Dead: Michonne, and several others. At first glance, the torrent does not seem suspicious -- its size is as small as expected from a torrent file. After saying "Yes" to the UAC security dialogue that asks if they are sure they want to allow the program to make changes to the computer, users end up with a file downloaded from a Google Drive -- a file that is considerably larger than a torrent file (around 3.5 MB) and is obviously an executable.
Not even close to a new concept and has been done since back in the days of KaZaa, eMule, Napster, Morpheus, etc.
Downloading software from shady online sources is suddenly risky? Say it isn't so!
Required reading for internet skeptics
....Gay porn masquerading as movies on Kazaa...?!?!?! GASP!
"Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
>> Fake {Software/Media} Download(s) Unwanted Apps Instead of Promised {Software/Media}
Where's the "noshit" tag when you need it? This has been going on since the bulletin boards and floppy exchanges, if not longer.
A brain-dead presser like this make me wonder if anyone at Symantec even remembers Anna Kournikova.
But that Nigerian prince seemed so nice!
People on the internet will try to take advantage of you. I am shocked.
(and this was the number one infection vector in the 90s... so this being news is like a patent being new because it is "in the cloud")
IS IT REALLY TRUE? Think of the children!
I tried several times on Kazaa I think to download Reign of Fire
I kept ending up with Dude, Where's my Car
Unfortunately, when I finally found Reign of Fire, it turned out to be only marginally better than Dude, Where's my Car
So you're saying that people are getting torrents of games, and then the total size of the file downloaded is only a few *megabytes*? That's not just "suspicious", it's obviously not the game you intended to download.
At first glance, the torrent does not seem suspicious -- its size is as small as expected from a torrent file. After saying "Yes" to the UAC security dialogue [...]
What UAC security dialog? I download a torrent, open it with my preferred torrent client, and bob's your uncle. UAC isn't gonna get involved until the torrent finishes and I execute whatever file the torrent downloaded.
back in the day we had to wait for the modem to dial up while watching the snow fall outside so we can get our virus spreading keygens from Astalavista.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
You fuckers who pirate software deserve exactly what you're getting here.
If that's all we deserve, then you must not think piracy is so bad! All we're "getting here" is 1. Hover mouse cursor over link. 2. Notice "say, that's not a magnet link!" 3. Decide not to click it because it's obviously not what we wanted. See? There's nothing to it. By being so obviously bad, this situation is actually improving the signal to noise ratio. Does that piss in your cornflakes too?
Incidentally places like ThePirateBay have moderators who routinely delete this sort of thing. That particular site has enough of them that they're not accepting new ones.
Not clear to me how it goes from being a torrent file to a file downloaded from Google Drive. My only guess is it's not a torrent file but a .url file which lniks to the .exe mentioned. And this is incredibly easy to detect simply by knowing what you're expecting to get, and aborting when you see something unexpected (eg it's not actually a torrent file. the "torrent" didn't download what I expected, what it actually downloaded is incredibly suspicious). There are multiple opportunities to avoid getting infected, including the UAC dialog mentioned which should be a HUGE red flag.
Hahahahaha Well, for one, the DRM that's included in a lot of games keeps us from backing anything up, secondly there aren't demos for these games anymore, so if we want to try before we buy, we're f'ed. If someone is dumb enough to actually get fooled into running malicious software, then yes, I suppose they deserve it, but don't pass judgement on the entirety of pirates because you have some stupid, outdated hangups about piracy. Chill out.
640k ought to be enough for anyone.
So, you patronize digital whorehouses and don't practice safe hex? Didn't your papa ever have the talk with you?
They're not Unwanted "APPS", they're malware. You don't need to call everything an App. This story reads like someone who just found out that "unsubscribing" from spam is a bad idea. Also, you've got to be pretty, pretty dumb to run a 3.5 MB .exe file that calls itself "Witcher 3". Like, that's beginner level internet surfing 101.
Whether or not there is some sort of god, I'm not supposed to say/god is a word and the argument ends there-Smog
What you're describing is a very basic Trojan. Also, magnet links > .torrent files
Never gonna give you up,
Never gonna let you down,
Never gonna run around...
My favorite rick-roll of all time was when my brother bought a mod chip for his Nintendo DS, hacked it, installed the appropriate firmware, spent days downloading a torrent, went through a whole bunch of hacks and configuration steps, only to hear that amazing tune...
Then gog.com launched and now I have bought a load more games than I have time to play. I can download a stand-alone installer for any of them, which I can back up and install on any computer that I own without needing an Internet connection. There's simply no excuse for pirating games these days.
I am TheRaven on Soylent News
I mean, it's not like this has been happening since the dawn of illegal downloads, when unscrupulous people were painting viruses on cave walls.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
It seems that sometimes things on the internet are not always what they seem. Occasionally clicking on a link for a free iPad can land you on a video made by performer Rick Astley in the 1980's.
More on this later, now for a news item about a local resident named Bob who has made a living out of his love for feinting goats and how his raising of goats in the city limits has upset the city counsel.
The preceding post was not a Slashvertisement.
1) Not released
2) Requires subscription to play
3) Requires activation on battle.net
Idiots get what idiots deserve by clicking on that link.
-=This sig has nothing to do with my comment. Move along now=-
I thought these so-called thieves were just misunderstood ... and ahead of their time ... and visitors from a future world where everyone understands the value of working for free to create things without taking advantage of each other?
... Curt Schillings software and all.
... maybe these pirates are bad guys who victimize others and themselves and indicators of the government heavy dystopia to come.
I guess they're just not organized enough. If the government simply nationalized this industry and distributed the games equally to all there wouldn't be these unregulated artifacts. Also, think about how amazing government-created games are
Alternatively
Why am i seeing this in the main page on 2016?
The "torrent file" that is downloaded is always a tiny file, it's a descriptor for the torrent you wish to join. It's like a URL (but it is not a URL). The way downloading torrents on Windows works is often:
1)Download a "torrent file".
2)Open the "torrent file", which causes Windows to do a file association, which has it open your torrent application and feed it the torrent file. You join the torrent swarm and start uploading/downloading.
Step 2 is the weakness: if you download something purporting to be a torrent file that is instead an executable, you might mistakenly allow it to run when you open it. The UAC will kick in and warn you, but still, shit happens.
I mean you're at a torrent site, attempting to download a torrent file. Regardless of what button I press on the website, if I close my eyes and click in a random place on the screen and never confirm anything like the file size or the file type, who would be stupid enough to continue once a UAC prompt appears and your torrent application didn't open?
I mean people who get tricked like this deserve to have their computer catch fire.
LOL - installing malware instead of the stolen software you wanted. Cry me a river! Pirates are scum.
People stealing games not getting what they thought and possibly getting a compromised system.
Oh the humanity! Won't someone think of the thieves!
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Not if it's a 3.5MB online installer - although I'd agree most pirates don't invest heavily in content delivery infrastructure, and most of them don't have a personal datacenter. Some real clever ones might be hosting installer infrastructure on EC2. ...or it's malware. Much more likely.
It's not just games that do this. I've found Windows has become so hostile now that I really don't want to do anything whatsoever in it anymore. There's only two way I use Windows is inside a VM:
- With VT-d and a passthru to GPU for Steam games.
- As a bare host for VS2015 software development.
The first has internet access, the second one doesn't. The best way to use Windows on the internet is "not at all".
I once tried to find software to master ISOs for my VMs and ended up infecting my WIndows box. Completely innocent activity, completely bad outcome. Had to re-install (again).
Between Steam, the Humble Store, and GOG, you could set your max budget for buying any game at $5 to $10 and still end up with a massive backlog that you could never keep up to. If you're not set on 0-day, then the sale is going to happen eventually.
Ehm - I expected an .torrent - sure I'd want to Run the exe instead??
Has been going on for over a decade!
there are LITERALLY no games to download, there are """"games"""" to download, but no real pirate games
you have to be specially stupid to put this shit in torrents right in the middle of the fucking denuvo era when no games are being released and no one is downloading shit because there is no shit to download
Neither of which is an excuse to pirate games. If you pirate because you're a broke-ass student, that's surely a minor sin, but don't invent excuses.
No demo? Watch a "let's play". Doesn't work on your system, or tried it and it was total crap? Steam refund. Really want to "back up" games (as if your backups will outlive Steam - mine haven't)? Buy from GOG.
Personally, I just don't buy full-price games (I think the only game over $20 I've bought in the last 10 years was Doom). AAA games are mostly crap anyway, and there are plenty of great titles in the $5-10 range on Steam and GOG, especially during sales. Steam refunds make it easy for me to take a risk.
Socialism: a lie told by totalitarians and believed by fools.
another reason to break the tether, go outside, meet real people, get laid, forget the stupid video game crap, and live life, productively, as god intended. amen.
Indeed. These days you have paid for operating systems which will automatically download then bait-and-switch update to malware-ridden spyware. That some random software (game or otherwise) downloaded from a sketchy source could contain malware is laughably obvious.
Dude, as long as you don't click on every fucking thing you find through google and every single email attachment you will be fine.
Even if you do, you should know that the Nigerian Prince's PDF shouldn't require a UAC(sudo) prompt and deny it. No reason not to have it off the internet, the firewall is enabled on windows by default and all of the ports are filtered!
Windows doesn't even respond to pings by default.
Very prevalent as the new generation of techies come online, they know ZERO history of their industry. Exciting times!
How did enough people look at this and think ... "People need to see this."
Why is it so hard to only have politicians for a few years, then have them go away?
If you download a data file and then you get a prompt asking if you want to run an executable file, it's probably a trick.
Wouldn't this mean that Symantec, are illegally downloading torrents to find this information in the first place? They would need to be downloading enough data to make this illegal in the cases that the torrent isn't just malware, but actual illegitimate software.
This is why there are trusted uploaders on torrent sites. These uploaders generally are trusted, as they have uploaded 1000's of files with no problems. But hey, I understand what is old is new again when you got youngsters just getting into the field.
Be seeing you...
What's old is new again. I hear word macro viruses are making a comeback as well.
Use private trackers that are not in the ipt family. If you can't or won't use private trackers, then use magnet links. Also keep some basic things in mind like the fact that torrent files are not executable, and if something wants to execute, that's no torrent file.