AnimeSuki Forums

Register Forum Rules FAQ Members List Social Groups Search Today's Posts Mark Forums Read

Go Back   AnimeSuki Forum > AnimeSuki & Technology > Download Help

Notices

Reply
 
Thread Tools
Old 2008-06-02, 06:51   Link #1
schnub
Junior Member
 
Join Date: Jun 2008
viruses

So after recently coming under attack from a very serious virus (backdoor.trojan), which I think came from downloading anime from torrents, I feel too scared to get back into downloading. Although, I really want to watch anime again, without having to resort to low-quality streaming sites. So I was wondering, how high is the risk of getting viruses from using bittorent compared to direct downloading? And also, are there any tips for preventing another occurance with viruses from happening ever again? Your help is greatly appreciated!
schnub is offline   Reply With Quote
Old 2008-06-02, 07:14   Link #2
KiNA
Kira_Naruto, the ecchi
*Graphic Designer
 
 
Join Date: Dec 2005
Location: http://www.exciting-tits.com/
TBH I've never heard of trojan from a video files @.@ ever.
__________________
“This be the realest shit I ever wrote.” ~Tupac
So very dead right now.. but still breathing thank you.
Top 4 Manga Waifu
>> Tsukiumi
>> Saeko Busujima
>> Himuka
>> Yui Kotegawa


KiNA is offline   Reply With Quote
Old 2008-06-02, 10:11   Link #3
WanderingKnight
Gregory House
*IT Support
 
 
Join Date: Jun 2006
Location: Buenos Aires, Argentina
Age: 25
Send a message via MSN to WanderingKnight
I don't see how a virus can execute itself out of a video file, unless there's an unpublished vulnerability in the video player. But by simply opening it?

Either way, no fansub I ever downloaded had viruses in them, and execution of unsupported code (since it's all Windows-based viruses) *should* be apparent when running Linux.

I'd say you look for the source of your infection elsewhere. Unless you downloaded an executable file camouflaging itself as a video file by adding .avi or .mkv to the name (in which case it's first and foremost your fault, and secondly that of the OS for not telling you the full filename by default), there's no chance of such a thing occurring.

(Theoretically, it's possible to exploit such a stupid Windows behavior by embedding a video and a player into the executable, but it's such a retarded attack that the range of infection *should* be very, very small).

As for how to prevent such a thing from occurring again, well, a trojan means that there was social engineering involved (ie, tricking the user), so the first thing to do is to stop running executable files you don't trust. You can help yourself by not running in Administrator mode as that prevents access to system files, but I heard that makes XP quite unusable. If you're using Vista, for chrissake, leave UAC on and pay attention to it.

Or you can save yourself the hassle and switch to Linux
__________________


Place them in a box until a quieter time | Lights down, you up and die.
WanderingKnight is offline   Reply With Quote
Old 2008-06-02, 11:47   Link #4
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Today's installment in this form of attack is the succession of "Britney naked on a beach" messages* my mail filters detected today. All of them exploit a security hole in one of web advertising service Doubleclick.net's web sites to redirect you to a page saying simply "Please Download". The linked file is called simply video.exe. I "played" this file using Wine on Linux (where it can't do anything bad) and sadly didn't see any footage of our favorite pop star cavorting in the altogether. If I were a naive user, I'd probably say, "oh well, guess it didn't work for me," move on, and in the process turn my computer over to a botnet manager somewhere.

This is about the only way you'd get a piece of malware via P2P; you have to download something bad and run it. I have never seen such files on well-managed trackers. I doubt any of our intrepid fansubbers would be interested in packing some trojan into one of their works, either. If you don't go downloading and running everything under the sun, and stick to files listed at places like AS, I don't think you'll have any malware problems. Whatever you got, it didn't come from downloading fansubbed anime from trackers like scarywater.

*In fact I have a variety of email filters that look for common celebrity names like Jennifer Lopez and Kylie Minogue since there are many, many emails that claim to include scurrilous photographs of female stars but are intended to encourage you to download a trojan.
__________________

Last edited by SeijiSensei; 2008-06-03 at 07:02. Reason: Trust me, that's not really a picture of Jennifer Lopez naked, either.
SeijiSensei is offline   Reply With Quote
Old 2008-06-02, 15:24   Link #5
Vagrant0
Senior Member
 
Join Date: Jun 2007
Quote:
Originally Posted by SeijiSensei View Post
Today's installment in this form of attack is the succession of "Britney naked on a beach" messages my mail filters detected today. All of them exploit a security hole in one of web advertising service Doubleclick.net's web sites to redirect you to a page saying simply "Please Download". The linked file is called simply video.exe. I "played" this file using Wine on Linux (where it can't do anything bad) and sadly didn't see any footage of our favorite pop star cavorting in the altogether. If I were a naive user, I'd probably say, "oh well, guess it didn't work for me," move on, and in the process turn my computer over to a botnet manager somewhere.

This is about the only way you'd get a piece of malware via P2P; you have to download something bad and run it. I have never seen such files on well-managed trackers. I doubt any of our intrepid fansubbers would be interested in packing some trojan into one of their works, either. If you don't go downloading and running everything under the sun, and stick to files listed at places like AS, I don't think you'll have any malware problems. Whatever you got, it didn't come from downloading fansubbed anime from trackers like scarywater.
And just to add to that, most fansub groups wouldn't bother with this sort of thing since it totally ruins them within the community. If the files they're hosting come with some sort of virus, people won't download from them, or keep the torrent alive. It's just a really stupid move. The virus probably got to you from somewhere else. If you were using some of those torrent search sites, you may have gotten the virus from them. One in particular I found had some coding which always linked to a site supposedly containing a torrent for whatever you were looking for. When you went to that site to download the torrent, you would be hit with malicious ads and scripts. Needless to say, never cared to use that torrent search again.

Most such instances are usually there just to get adware and spyware on your computer, which ends up earning money for the person who made the little attack, or gives them access to personal information. Any decent antivirus software in combination with spybot, and a few other security programs can usually catch these things before they happen.
Vagrant0 is offline   Reply With Quote
Old 2008-06-02, 15:28   Link #6
WanderingKnight
Gregory House
*IT Support
 
 
Join Date: Jun 2006
Location: Buenos Aires, Argentina
Age: 25
Send a message via MSN to WanderingKnight
Also, are you using Internet Explorer? If so, you could help yourself a lot by switching to a safer browser (I suggest Firefox--the Adblock extension does wonders).
__________________


Place them in a box until a quieter time | Lights down, you up and die.
WanderingKnight is offline   Reply With Quote
Old 2008-06-02, 18:33   Link #7
schnub
Junior Member
 
Join Date: Jun 2008
Thanks for all the replies, you guys removed some of the fear I have in downloading anime again. Like I said before, I only think it came from using bittorrent, since I think that was the only program I had running at the time. Just to answer a few things that was posted: I would want to use linux, but I'm such a noob with computers, I don't know how to use it. And I do use internet explorer, but I turn on the pop-up blocker to block all pop-ups, so is that acceptable than using firefox? (I also have firefox, but it takes up too much memory whenever I run up, and considering I have a pretty crappy computer, t just runs so slow) Also I did get the download site from AS, it was SHS & FoSu's Kateikyoushi Hitman Reborn!
schnub is offline   Reply With Quote
Old 2008-06-03, 02:27   Link #8
Ichihara Asako
Horoist
 
 
Join Date: Oct 2007
Use utorrent: http://www.utorrent.com/ as your torrent client, and stick to trackers listed on AS and you shouldn't have any problems. I've never, ever heard of viruses in video files, and never had any form of infection in over 5Tb of downloads in the past decade.

And no, a simple popup blocker won't protect you from anything in IE. Using FF or Opera is a safer choice; try FF3, as it has a much lighter footprint than FF2, which may help on an older machine. Opera may be worth investigating, I don't use it myself but I'm aware it has some light builds on various platforms (including the Wii, iirc?)

Using IE is asking for trouble. If you're really quite clueless and not willing to do research and experiment and learn how to run a safe machine, then you should probably invest in an idiotproof anti-virus and firewall package like Norton. Though if you educate yourself they're entirely redundant. I haven't run a resident virus scanner since 2001, when I got sick of the amount of resources they consume. >.<

Also, try to make sure Windows is fully updated, as vulnerabilities are regularly exploited, which may lead to virus and malware issues.

But really, do a bit of reading and try to brush up on basic PC security and you shouldn't have any issues at all.
Ichihara Asako is offline   Reply With Quote
Old 2008-06-03, 03:04   Link #9
-KarumA-
(。☉౪ ⊙。)
*Author
 
 
Join Date: Jul 2004
Location: In Maya world, where all is 3D and everything crashes
Age: 26
Would like to add this, if you watch anime on stream, which i tried to do here at home at some point, there is a chance to get trojans bombarding your pc, it all depends on the site really, ive never had trouble with youtube or anysites liek that it was when i started to visit a site that would only host anime series that i suddenly got 2 trojan warnings

ive never had any virus problems with torrents and i dont direct download cause it takes so much longer.. i got nothing more to add now =3
-KarumA- is offline   Reply With Quote
Old 2008-06-03, 03:25   Link #10
WanderingKnight
Gregory House
*IT Support
 
 
Join Date: Jun 2006
Location: Buenos Aires, Argentina
Age: 25
Send a message via MSN to WanderingKnight
Well, that depends on the program. I'd say Flash is mostly safe, though you can never be sure (it's closed source), but if there had been a vulnerability you bet we'd be seeing a massive spread of infections. Quicktime has a legacy vulnerability that Apple for some reason refused to fix (and due to some architectural decisions it affects Firefox users the most), so I'd rule that out as a streaming player. Quicktime sucks, anyways.
__________________


Place them in a box until a quieter time | Lights down, you up and die.
WanderingKnight is offline   Reply With Quote
Old 2008-06-03, 12:45   Link #11
JustAnotherFan
/(bb|[^b]{2})/
 
 
Join Date: Nov 2003
Quote:
Originally Posted by WanderingKnight View Post
Well, that depends on the program. I'd say Flash is mostly safe, though you can never be sure (it's closed source), but if there had been a vulnerability you bet we'd be seeing a massive spread of infections.
Flash is far from safe. Make sure you have the most recent version, since there is a wave of flash exploits in the wild currently on sites you consider safe (probably infected by SQL injection attacks).

Check your version here (and hope they didn't infect the adobe site :P): http://kb.adobe.com/selfservice/view...nalId=tn_15507

If you have 9.0.115.0 or lower, update immediately! Current version is 9.0.124.0 at the time this post was written.
__________________
#AnimeSuki IRC channel:
#AnimeSuki@irc.synirc.net
JustAnotherFan is offline   Reply With Quote
Old 2008-06-03, 15:00   Link #12
WanderingKnight
Gregory House
*IT Support
 
 
Join Date: Jun 2006
Location: Buenos Aires, Argentina
Age: 25
Send a message via MSN to WanderingKnight
Heh, so long to the "security through obscurity" model.

Thanks for the info, I missed the Slashdot article in my feeds aggregator. Here there's a list of malicious websites.
__________________


Place them in a box until a quieter time | Lights down, you up and die.
WanderingKnight is offline   Reply With Quote
Old 2008-06-03, 15:35   Link #13
Utter_iMADNESS
Life's better in a harem.
*Graphic Designer
 
 
Join Date: Dec 2007
Location: Oakville, Ontario, Canada
I've had two instances where I almost got a virus from a video file.
I once downloaded a movie that was about 700MB in size, but when I went to open it, it said that I had to install a special media player to play it. I did some research on it and found that the player was filled with spyware and trojans. So I ended up with a useless video...

But with another video that I had, it told me that I had to download a codec to be able to watch it. So when I clicked "Download Codec", I was sent to a site and a download for "codec.exe" popped up. I wasn't really paying attention to what I was doing so I downloaded it. NOD32 instantly popped up telling me that I was about to download a virus and terminated the threat.

So the moral of the story is, make sure that you're paying attention to what you're downloading or installing, or you may be hit with a big surprise.
__________________
Utter_iMADNESS is offline   Reply With Quote
Old 2008-06-04, 01:34   Link #14
Synria_
Aboard Kallen's Bandwagon
 
 
Join Date: Jan 2008
Location: California
It really depends on where you are getting your torrent files. No fansub group will put viruses on their releases. Only people who DL the actual file and re-upload it to a tracker that has a lot of different content. Generally anime trackers or the tracker page owned by a fansub group will be clean.
__________________
http://forums.animesuki.com/image.php?type=sigpic&userid=74320&dateline=120433  1734
Synria_ is offline   Reply With Quote
Old 2008-06-04, 16:36   Link #15
AnimeDreamer
*Insert Text Here*
*IT Support
 
 
Join Date: Jun 2008
Location: Harrodsburg,Ky,USA
Age: 21
Send a message via MSN to AnimeDreamer Send a message via Yahoo to AnimeDreamer
It is extremely difficult to get a virus through a video file (unless it says video.exe) It is possible, but highly unlikely for it to happen.

Quote:
I've never, ever heard of viruses in video files, and never had any form of infection in over 5Tb of downloads in the past decade.
Wow... 5000 Gb of files
__________________
"Fantasy is not a crime."
AnimeDreamer is offline   Reply With Quote
Old 2008-06-04, 20:55   Link #16
guest
guess
 
 
Join Date: Nov 2003
Quote:
Originally Posted by Vagrant0 View Post
The virus probably got to you from somewhere else. If you were using some of those torrent search sites, you may have gotten the virus from them. One in particular I found had some coding which always linked to a site supposedly containing a torrent for whatever you were looking for. When you went to that site to download the torrent, you would be hit with malicious ads and scripts. Needless to say, never cared to use that torrent search again.
Wait, now I am concerned. I think I have just gone to one of those torrent search sites from google results. After I click the search results from google, I was on a torrent search site filled with ads and stuff. I never click on the ads or download from their torrent. What I did was just take a look at the site and, urr,yeah, close the web browser or go somewhere else. Should I be concerned?
__________________
guest is offline   Reply With Quote
Old 2008-06-04, 22:47   Link #17
sa547
Senior Member
*Author
 
 
Join Date: Oct 2007
Location: Philippines
Age: 38
In P2P software (i.e. Limewire) it's not surprising for me now that there are fake MP3 files scattered around, and it's easy to spot them because they don't carry a bitrate.

One of my standard precautions with downloaded files is to check the properties of a file with your video editor (or a converter) to see if this is really a media file (it could be the real thing or a gigabyte's worth of binary dead weight) before right-clicking on it.

Furthermore, when visiting most torrent sites other than AS I had Noscript enabled in Firefox along with active trojan and viral detection as a deterrent, and checking the URL in the link before going. It's easy being "killed" for using IE.
__________________

Last edited by sa547; 2008-06-04 at 23:00. Reason: correction
sa547 is offline   Reply With Quote
Old 2008-06-04, 22:50   Link #18
Ledgem
Love Yourself
 
 
Join Date: Mar 2003
Location: Northeast USA
Age: 29
The trouble with the ads is that some of them can force other popups and/or force downloads on you. This occurs when you're visiting an ad server that has been compromised - someone slips something to the ad server so that every few ads it pushes malware on people, instead of an advertisement. Depending on what browser you're using these infected ads may or may not be able to execute the download; they may also make use of browser exploits. Unless you're using Windows Vista, Internet Explorer is a liability. You should always make sure that you're running the most up-to-date version of your browser either way. As a last resort, ideally you'd be running a virus scanner and it would catch the file before it executed.

In general, you probably don't have much to fear. Just be aware that the possibility exists. I've run across two such ads in the past two or three years. In the past year or so tech news has covered temporary takeovers of certain ad servers and corporate websites that serve up malware, and these have supposedly infected tens of thousands each time. Be cautious.
__________________
Ledgem is offline   Reply With Quote
Old 2008-06-05, 03:36   Link #19
oompa loompa
Senior Member
 
 
Join Date: Jun 2007
Location: 28° 37', North ; 77° 13', East
Age: 24
Quote:
Originally Posted by Utter_iMADNESS View Post

So the moral of the story is, make sure that you're paying attention to what you're downloading or installing, or you may be hit with a big surprise.

and unfortunately i learnt this lesson the hard way. my anti-virus had expired - with a video file too.. so i ended up doing some slightly iffy tinkering with killbox to solve the problem -_- ( which as it happens, is normally a bad idea)
oompa loompa is offline   Reply With Quote
Old 2008-06-05, 07:40   Link #20
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Quote:
Originally Posted by guest View Post
Wait, now I am concerned. I think I have just gone to one of those torrent search sites from google results. After I click the search results from google, I was on a torrent search site filled with ads and stuff. I never click on the ads or download from their torrent. What I did was just take a look at the site and, urr,yeah, close the web browser or go somewhere else. Should I be concerned?
Safe surfing rules for Windows users:

1) Don't use Internet Explorer; use Firefox or Opera instead. If you install Firefox, install the AdBlock extension as well.

2) Create a user account for yourself (Control Panel > Users) and remove its administrative privileges. By default pre-Vista users have full administrative privileges, so if you accidentally run a malevolent program it has free rein to modify the system areas on your machine (what a horror!). When you need to install something, log in as the Administrator. Otherwise always use an account with no administrative privileges. (Some badly-written software may not work unless you have administrative rights. For this situation, log in as the Administrator, run the annoying software, then go back to your ordinary user account. Or you can use the "Run As" feature to run the program as Administrator.)

3) Don't connect your computer directly to the Internet without a firewall of some kind. You can either use the firewall in Windows, use a third-party firewall, or install a hardware firewall router between your computer and the Internet. This is a more expensive, but ultimately more effective and versatile approach.

4) Somewhere in the Options setting for the Windows Explorer (the desktop shell, not IE) you can tell Windows to show you the complete file names including the extensions. Turn this on. That way you'll know that naked celeb video file is named "video.exe" not "video.avi". (Sure the icons are different, but not everyone pays attention to that.)

5) Or, just don't use Windows.
__________________
SeijiSensei is offline   Reply With Quote
Reply

Tags
malware, virus

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 23:57.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
We use Silk.