AnimeSuki.com Forum

AnimeSuki Forum (http://forums.animesuki.com/index.php)
-   Download Help (http://forums.animesuki.com/forumdisplay.php?f=21)
-   -   viruses (http://forums.animesuki.com/showthread.php?t=67162)

schnub 2008-06-02 06:51

viruses
 
So after recently coming under attack from a very serious virus (backdoor.trojan), which I think came from downloading anime from torrents, I feel too scared to get back into downloading. Although, I really want to watch anime again, without having to resort to low-quality streaming sites. So I was wondering, how high is the risk of getting viruses from using bittorent compared to direct downloading? And also, are there any tips for preventing another occurance with viruses from happening ever again? Your help is greatly appreciated!

KiNA 2008-06-02 07:14

TBH I've never heard of trojan from a video files @.@ ever.

WanderingKnight 2008-06-02 10:11

I don't see how a virus can execute itself out of a video file, unless there's an unpublished vulnerability in the video player. But by simply opening it?

Either way, no fansub I ever downloaded had viruses in them, and execution of unsupported code (since it's all Windows-based viruses) *should* be apparent when running Linux.

I'd say you look for the source of your infection elsewhere. Unless you downloaded an executable file camouflaging itself as a video file by adding .avi or .mkv to the name (in which case it's first and foremost your fault, and secondly that of the OS for not telling you the full filename by default), there's no chance of such a thing occurring.

(Theoretically, it's possible to exploit such a stupid Windows behavior by embedding a video and a player into the executable, but it's such a retarded attack that the range of infection *should* be very, very small).

As for how to prevent such a thing from occurring again, well, a trojan means that there was social engineering involved (ie, tricking the user), so the first thing to do is to stop running executable files you don't trust. You can help yourself by not running in Administrator mode as that prevents access to system files, but I heard that makes XP quite unusable. If you're using Vista, for chrissake, leave UAC on and pay attention to it.

Or you can save yourself the hassle and switch to Linux :D

SeijiSensei 2008-06-02 11:47

Today's installment in this form of attack is the succession of "Britney naked on a beach" messages* my mail filters detected today. All of them exploit a security hole in one of web advertising service Doubleclick.net's web sites to redirect you to a page saying simply "Please Download". The linked file is called simply video.exe. I "played" this file using Wine on Linux (where it can't do anything bad) and sadly didn't see any footage of our favorite pop star cavorting in the altogether. If I were a naive user, I'd probably say, "oh well, guess it didn't work for me," move on, and in the process turn my computer over to a botnet manager somewhere.

This is about the only way you'd get a piece of malware via P2P; you have to download something bad and run it. I have never seen such files on well-managed trackers. I doubt any of our intrepid fansubbers would be interested in packing some trojan into one of their works, either. If you don't go downloading and running everything under the sun, and stick to files listed at places like AS, I don't think you'll have any malware problems. Whatever you got, it didn't come from downloading fansubbed anime from trackers like scarywater.

*In fact I have a variety of email filters that look for common celebrity names like Jennifer Lopez and Kylie Minogue since there are many, many emails that claim to include scurrilous photographs of female stars but are intended to encourage you to download a trojan.

Vagrant0 2008-06-02 15:24

Quote:

Originally Posted by SeijiSensei (Post 1628977)
Today's installment in this form of attack is the succession of "Britney naked on a beach" messages my mail filters detected today. All of them exploit a security hole in one of web advertising service Doubleclick.net's web sites to redirect you to a page saying simply "Please Download". The linked file is called simply video.exe. I "played" this file using Wine on Linux (where it can't do anything bad) and sadly didn't see any footage of our favorite pop star cavorting in the altogether. If I were a naive user, I'd probably say, "oh well, guess it didn't work for me," move on, and in the process turn my computer over to a botnet manager somewhere.

This is about the only way you'd get a piece of malware via P2P; you have to download something bad and run it. I have never seen such files on well-managed trackers. I doubt any of our intrepid fansubbers would be interested in packing some trojan into one of their works, either. If you don't go downloading and running everything under the sun, and stick to files listed at places like AS, I don't think you'll have any malware problems. Whatever you got, it didn't come from downloading fansubbed anime from trackers like scarywater.

And just to add to that, most fansub groups wouldn't bother with this sort of thing since it totally ruins them within the community. If the files they're hosting come with some sort of virus, people won't download from them, or keep the torrent alive. It's just a really stupid move. The virus probably got to you from somewhere else. If you were using some of those torrent search sites, you may have gotten the virus from them. One in particular I found had some coding which always linked to a site supposedly containing a torrent for whatever you were looking for. When you went to that site to download the torrent, you would be hit with malicious ads and scripts. Needless to say, never cared to use that torrent search again.

Most such instances are usually there just to get adware and spyware on your computer, which ends up earning money for the person who made the little attack, or gives them access to personal information. Any decent antivirus software in combination with spybot, and a few other security programs can usually catch these things before they happen.

WanderingKnight 2008-06-02 15:28

Also, are you using Internet Explorer? If so, you could help yourself a lot by switching to a safer browser (I suggest Firefox--the Adblock extension does wonders).

schnub 2008-06-02 18:33

Thanks for all the replies, you guys removed some of the fear I have in downloading anime again. Like I said before, I only think it came from using bittorrent, since I think that was the only program I had running at the time. Just to answer a few things that was posted: I would want to use linux, but I'm such a noob with computers, I don't know how to use it. And I do use internet explorer, but I turn on the pop-up blocker to block all pop-ups, so is that acceptable than using firefox? (I also have firefox, but it takes up too much memory whenever I run up, and considering I have a pretty crappy computer, t just runs so slow) Also I did get the download site from AS, it was SHS & FoSu's Kateikyoushi Hitman Reborn!

Ichihara Asako 2008-06-03 02:27

Use utorrent: http://www.utorrent.com/ as your torrent client, and stick to trackers listed on AS and you shouldn't have any problems. I've never, ever heard of viruses in video files, and never had any form of infection in over 5Tb of downloads in the past decade.

And no, a simple popup blocker won't protect you from anything in IE. Using FF or Opera is a safer choice; try FF3, as it has a much lighter footprint than FF2, which may help on an older machine. Opera may be worth investigating, I don't use it myself but I'm aware it has some light builds on various platforms (including the Wii, iirc?)

Using IE is asking for trouble. If you're really quite clueless and not willing to do research and experiment and learn how to run a safe machine, then you should probably invest in an idiotproof anti-virus and firewall package like Norton. Though if you educate yourself they're entirely redundant. I haven't run a resident virus scanner since 2001, when I got sick of the amount of resources they consume. >.<

Also, try to make sure Windows is fully updated, as vulnerabilities are regularly exploited, which may lead to virus and malware issues.

But really, do a bit of reading and try to brush up on basic PC security and you shouldn't have any issues at all.

-KarumA- 2008-06-03 03:04

Would like to add this, if you watch anime on stream, which i tried to do here at home at some point, there is a chance to get trojans bombarding your pc, it all depends on the site really, ive never had trouble with youtube or anysites liek that it was when i started to visit a site that would only host anime series that i suddenly got 2 trojan warnings

ive never had any virus problems with torrents and i dont direct download cause it takes so much longer.. i got nothing more to add now =3

WanderingKnight 2008-06-03 03:25

Well, that depends on the program. I'd say Flash is mostly safe, though you can never be sure (it's closed source), but if there had been a vulnerability you bet we'd be seeing a massive spread of infections. Quicktime has a legacy vulnerability that Apple for some reason refused to fix (and due to some architectural decisions it affects Firefox users the most), so I'd rule that out as a streaming player. Quicktime sucks, anyways.

JustAnotherFan 2008-06-03 12:45

Quote:

Originally Posted by WanderingKnight (Post 1630318)
Well, that depends on the program. I'd say Flash is mostly safe, though you can never be sure (it's closed source), but if there had been a vulnerability you bet we'd be seeing a massive spread of infections.

Flash is far from safe. Make sure you have the most recent version, since there is a wave of flash exploits in the wild currently on sites you consider safe (probably infected by SQL injection attacks).

Check your version here (and hope they didn't infect the adobe site :P): http://kb.adobe.com/selfservice/view...nalId=tn_15507

If you have 9.0.115.0 or lower, update immediately! Current version is 9.0.124.0 at the time this post was written.

WanderingKnight 2008-06-03 15:00

Heh, so long to the "security through obscurity" model.

Thanks for the info, I missed the Slashdot article in my feeds aggregator. Here there's a list of malicious websites.

Utter_iMADNESS 2008-06-03 15:35

I've had two instances where I almost got a virus from a video file.
I once downloaded a movie that was about 700MB in size, but when I went to open it, it said that I had to install a special media player to play it. I did some research on it and found that the player was filled with spyware and trojans. So I ended up with a useless video...

But with another video that I had, it told me that I had to download a codec to be able to watch it. So when I clicked "Download Codec", I was sent to a site and a download for "codec.exe" popped up. I wasn't really paying attention to what I was doing so I downloaded it. NOD32 instantly popped up telling me that I was about to download a virus and terminated the threat.

So the moral of the story is, make sure that you're paying attention to what you're downloading or installing, or you may be hit with a big surprise.

Synria_ 2008-06-04 01:34

It really depends on where you are getting your torrent files. No fansub group will put viruses on their releases. Only people who DL the actual file and re-upload it to a tracker that has a lot of different content. Generally anime trackers or the tracker page owned by a fansub group will be clean.

AnimeDreamer 2008-06-04 16:36

It is extremely difficult to get a virus through a video file (unless it says video.exe) It is possible, but highly unlikely for it to happen.

Quote:

I've never, ever heard of viruses in video files, and never had any form of infection in over 5Tb of downloads in the past decade.
Wow... 5000 Gb of files :twitch:

guest 2008-06-04 20:55

Quote:

Originally Posted by Vagrant0 (Post 1629302)
The virus probably got to you from somewhere else. If you were using some of those torrent search sites, you may have gotten the virus from them. One in particular I found had some coding which always linked to a site supposedly containing a torrent for whatever you were looking for. When you went to that site to download the torrent, you would be hit with malicious ads and scripts. Needless to say, never cared to use that torrent search again.

Wait, now I am concerned. I think I have just gone to one of those torrent search sites from google results. After I click the search results from google, I was on a torrent search site filled with ads and stuff. I never click on the ads or download from their torrent. What I did was just take a look at the site and, urr,yeah, close the web browser or go somewhere else. Should I be concerned?

sa547 2008-06-04 22:47

In P2P software (i.e. Limewire) it's not surprising for me now that there are fake MP3 files scattered around, and it's easy to spot them because they don't carry a bitrate.

One of my standard precautions with downloaded files is to check the properties of a file with your video editor (or a converter) to see if this is really a media file (it could be the real thing or a gigabyte's worth of binary dead weight) before right-clicking on it.

Furthermore, when visiting most torrent sites other than AS I had Noscript enabled in Firefox along with active trojan and viral detection as a deterrent, and checking the URL in the link before going. It's easy being "killed" for using IE.

Ledgem 2008-06-04 22:50

The trouble with the ads is that some of them can force other popups and/or force downloads on you. This occurs when you're visiting an ad server that has been compromised - someone slips something to the ad server so that every few ads it pushes malware on people, instead of an advertisement. Depending on what browser you're using these infected ads may or may not be able to execute the download; they may also make use of browser exploits. Unless you're using Windows Vista, Internet Explorer is a liability. You should always make sure that you're running the most up-to-date version of your browser either way. As a last resort, ideally you'd be running a virus scanner and it would catch the file before it executed.

In general, you probably don't have much to fear. Just be aware that the possibility exists. I've run across two such ads in the past two or three years. In the past year or so tech news has covered temporary takeovers of certain ad servers and corporate websites that serve up malware, and these have supposedly infected tens of thousands each time. Be cautious.

oompa loompa 2008-06-05 03:36

Quote:

Originally Posted by Utter_iMADNESS (Post 1631169)

So the moral of the story is, make sure that you're paying attention to what you're downloading or installing, or you may be hit with a big surprise.


and unfortunately i learnt this lesson the hard way. my anti-virus had expired - with a video file too.. so i ended up doing some slightly iffy tinkering with killbox to solve the problem -_- ( which as it happens, is normally a bad idea)

SeijiSensei 2008-06-05 07:40

Quote:

Originally Posted by guest (Post 1633835)
Wait, now I am concerned. I think I have just gone to one of those torrent search sites from google results. After I click the search results from google, I was on a torrent search site filled with ads and stuff. I never click on the ads or download from their torrent. What I did was just take a look at the site and, urr,yeah, close the web browser or go somewhere else. Should I be concerned?

Safe surfing rules for Windows users:

1) Don't use Internet Explorer; use Firefox or Opera instead. If you install Firefox, install the AdBlock extension as well.

2) Create a user account for yourself (Control Panel > Users) and remove its administrative privileges. By default pre-Vista users have full administrative privileges, so if you accidentally run a malevolent program it has free rein to modify the system areas on your machine (what a horror!). When you need to install something, log in as the Administrator. Otherwise always use an account with no administrative privileges. (Some badly-written software may not work unless you have administrative rights. For this situation, log in as the Administrator, run the annoying software, then go back to your ordinary user account. Or you can use the "Run As" feature to run the program as Administrator.)

3) Don't connect your computer directly to the Internet without a firewall of some kind. You can either use the firewall in Windows, use a third-party firewall, or install a hardware firewall router between your computer and the Internet. This is a more expensive, but ultimately more effective and versatile approach.

4) Somewhere in the Options setting for the Windows Explorer (the desktop shell, not IE) you can tell Windows to show you the complete file names including the extensions. Turn this on. That way you'll know that naked celeb video file is named "video.exe" not "video.avi". (Sure the icons are different, but not everyone pays attention to that.)

5) Or, just don't use Windows.


All times are GMT -5. The time now is 21:22.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.