Slashdot Mirror
Hackers Seed Torrent Trackers With Malware Disguised as Popular Downloads (grahamcluley.com)
An anonymous reader writes: Cybercriminals are spreading malware via torrent distribution networks, using an automated tool to disguise the downloads as trending audio, video and other digital content in an attempt to infect more unsuspecting victims. Researchers at InfoArmor say they have uncovered a malicious torrent distribution network that relies on a tool called RAUM to infect computers with malware. The network begins with a torrent parser, which collects information about some of the most popular torrent files circulating around the web. Computer criminals then apply their RAUM tool to create a series of malicious files. Some are fake copies of those popular torrent files that in reality hide notorious malware such as CryptXXX, Cerber, or Dridex. Others are weaponized torrent files, while others still are parsed torrent files that rely on a high download rating, a reputation which the attackers artificially inflate by abusing compromised users' accounts to set up new seeds.
unless I'm missing something to this story, getting malware from a torrent seems like an already well known issue.
Omg its 2001 again!
also its just RIAA again probably
So are we talking sharks with lasers or more IED kind of torrents? Or are they astroturfing for "Hurt Locker"?
And in other news, water is wet, Hillary is still not in prison, and Donald Trump said something offensive.
Go to TPB. Download only from green/pink skulls. Torrents are alive and well.
Okay. Show of hands.
Does ANYONE think this is news? All I see scrolling down is a flood of "Duh."
Anyone? Anyone?
thats why I use tpb or other popular lists that allow seeder and torrent reviews
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
This is pretty basic security stuff, but if you don't know if a file you want to download is malicious or not, download it within a virtual machine (or a jail, if you're using a BSD) that has no access to its host or Internet connection. If you need to move it to your host, only do so after you have tested it out while checking your VM's system log to make sure it's not doing anything suspicious. If you want to be extra safe, then you also want to use a mandatory access control (SELinux, AppArmor, etc.) to limit what the file can do.
Water is wet, Sky is blue.
ZDNet was alive and well, why are we shocked?
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
and "weaponized" torrent files. What the actual fuck are they saying?
Someone misread .wmv as .wmd again?
We're talking about your average user. A file named AwesomeMovie.avi.exe will show up as AwesomeMovie.avi with the most common settings enabled on Windows, and you can set the icon to match a real video file.
I mean, c'mon, is that really a story?
Next we'll get to hear that water is wet, that Trump has said something controversial, that Hillary has lost some mails, that Apple has removed yet another standard plug from their system and that Sony has been hacked?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I would expect even /. to get that much right. Are my expectations too high?
slashdot: A failed experiment.
Torrents have been around for HOW many years now, and they just figured this out?
Sure, Sony/BMG never put a rootkit on your computer after legally purchasing music from them. I don't pirate, or condone pirating, but plenty of people have been burned even when doing things completely legally.
The greatest good of man is daily to converse about virtue - Socrates
And everything seemed so safe once they got rid of that Napster applicaton.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Shhh! You broke the first *and* second rules there.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
And those swarms have zero seeds and zero participants and fall off the bottom of search results so about 5 people get infected, if that.
Torrents are cleaner than SourceForge ad banners were before they got sold. But.. be afraid! Be very afraid!
Hackers are distributing malware as popular warez? Stop the presses!
I wish they had published that story before I downloaded that GameOfThronesSeason7.exe file.
Now I have to run an antivirus on my machine AND I'll have nothing to watch in the meantime.
lucm, indeed.
They often just encrypt the avi file, and provide an exe called "MovieDecryptor.exe", or even "CodecInstaller.exe". Sometimes the movie is even nothing more than two hours of a screen showing a URL to visit. Very rarely, I suppose, they might try to exploit vulnerabilities in movie players though specially crafted AVI files, or whatever, but I suspect that's just simply too hard for most people. Especially when the exe files will catch plenty of downloaders.
I've seen the above methods used often, but I've never seen a file called *.avi.exe - not sure why, it seems like an even better method to me.
The method is QUITE LITERALLY 15 years old.
Did you also get AVG_Antivirus_cracked.exe? Nothing else will get rid of GOTS7.exe
...it becomes possible to 'weaponize' an MP3, MP4, AVI, MKV or ZIP file. You shouldn't be downloading executables off torrents anyway. And read the comments before downloading.
"..One hosts to look them up, one DNS to find them, and in the darkness BIND them."