AnimeSuki Forums

Register Forum Rules FAQ Members List Social Groups Search Today's Posts Mark Forums Read

Go Back   AnimeSuki Forum > AnimeSuki & Technology > Download Help

Notices

Reply
 
Thread Tools
Old 2008-06-05, 16:52   Link #21
Vagrant0
Senior Member
 
Join Date: Jun 2007
Quote:
Originally Posted by SeijiSensei View Post
Safe surfing rules for Windows users:
4) Somewhere in the Options setting for the Windows Explorer (the desktop shell, not IE) you can tell Windows to show you the complete file names including the extensions. Turn this on. That way you'll know that naked celeb video file is named "video.exe" not "video.avi". (Sure the icons are different, but not everyone pays attention to that.)

5) Or, just don't use Windows.
What? No comment about maybe not downloading files which claim to have naked celebrities? Atleast not those from reputible sources? That should really be common sense, right next to not clicking the links that you get sent in spammail.
Vagrant0 is offline   Reply With Quote
Old 2008-06-05, 20:42   Link #22
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Well, I did post this earlier in the thread. I thought my position on downloading "movies" about naked celebs was pretty clear. I also agree that the best defense against computer infections is between your ears.
__________________
SeijiSensei is offline   Reply With Quote
Old 2008-07-04, 12:06   Link #23
Jill Valentine
 
 
Join Date: Mar 2008
Location: Derelict Apartment Block
some times it comes from the website that you are downloading from believe me i know O.O
Jill Valentine is offline   Reply With Quote
Old 2008-07-05, 07:01   Link #24
gabbytay
Banned
 
Join Date: Jul 2007
Age: 24
You could bind a video file with a virus , you could pretty much bind a virus to any kind of file. You should scan all files you download unless its from a really really trusted source.
gabbytay is offline   Reply With Quote
Old 2008-07-05, 08:03   Link #25
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
And how, pray tell, does this hypothetical virus get executed while playing the video file? Would you like to point us to an actual example of a infected video file? I don't know of any.

At one time there was an exploit that could make a jpeg file infect Windows through a hole in the code Microsoft wrote to display graphics. This is the only case I know of where a virus was not contained in an executable file (including things like ActiveX controls). If you're worried about having a similar event occur when watching a video, don't use a mainstream player like Windows Media Player, use MPC, Zoom, mplayer, or the like.

Let's return to the original question -- if I download an anime with BT, what are the chances it will be infected? As Vagrant0 observes, it's not likely the file would have been infected by the subbers for obvious reasons. Moreoever there's the CRC consistency check that most every fansub includes to ensure the file is intact. Then there's the fact that BT itself checks the file for consistency throughout the download to ensure your copy is correct. So unless the subber put the virus there, it's not something that can just come along for the ride while downloading.

The cases Utter_iMadness mentions employ the trick I described above of telling you to download a special player or codec to view some, usually scurrilous, file. On these sites there is no video to watch; the infection occurs when you run the infected "video.exe" or "codec.exe" file. Anyone who can watch the entire range of videos released by subbers probably has all the codecs they'd need for most any legitimate video. If you need a codec, download the CCCP.

I can easily believe a lot of torrent search sites have various malware items attached. Using Firefox on Linux I don't see these, but I rarely visit such sites and only stick to well-known brands that can't be mentioned here. I do most of my "searching" on the AS main page and downloading from places like scarywater or nyaa.

@lovely angel
What browser were you using? I'm guessing it was Internet Explorer, and I bet you never set up a personal account on Windows with no administrator privileges.

Edit I did a little browsing for Windows Media Player exploits, and there have been a few. Most of these vulnerabilities appear to have been resolved in WMP 11. Some of them are embedded in things like skins rather than the video file itself. All of these vulnerabilities required that the user have administrator privileges to do their dirty work. Also while I saw a lot of "proof-of-concept' code, it wasn't so clear whether these vulnerabilities were being exploited "in the wild" as security researchers put it.
__________________

Last edited by SeijiSensei; 2008-07-05 at 08:29.
SeijiSensei is offline   Reply With Quote
Old 2008-07-05, 19:31   Link #26
gabbytay
Banned
 
Join Date: Jul 2007
Age: 24
If you download the file directly from the subbers torrent but if you download from those Direct download files those shady uploaders might have bind some sort of virus before uploading.
gabbytay is offline   Reply With Quote
Old 2008-07-07, 10:39   Link #27
forget.me.not.blues
Junior Member
 
 
Join Date: Jul 2008
Location: Somewhere awful
Age: 21
You should download Zonealarm.
Or some other anti-virus/trojan system.
That way, you can go (download anything you want) wherever you want without fear :>

*sigh*
What depraved people, putting viruses into anime downloads.

And Jesus, SeijiSensei,
You're awesome with computers.
8o
__________________


forget.me.not.blues is offline   Reply With Quote
Old 2008-07-07, 10:46   Link #28
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Quote:
Originally Posted by forget.me.not.blues View Post
And Jesus, SeijiSensei,
You're awesome with computers.
Thanks!

Well, I wrote my first FORTRAN program back in 1968, and I've been using computers ever since. For a long time, it wasn't a professional pursuit, but since the mid-90's I've been squarely in the computing and Internet field. I've learned a few things along the way, I guess
__________________
SeijiSensei is offline   Reply With Quote
Old 2008-07-07, 12:05   Link #29
Ledgem
Love Yourself
 
 
Join Date: Mar 2003
Location: Northeast USA
Age: 28
Quote:
Originally Posted by forget.me.not.blues View Post
You should download Zonealarm.
Or some other anti-virus/trojan system.
That way, you can go (download anything you want) wherever you want without fear :>
Even with those programs you're not 100% secured. They can help alert you to threats and help to block threats that you have no control over, but in the end it's up to you to be cautious and exercise "common sense" about what sites to avoid and what programs to leave unopened.

Quote:
*sigh*
What depraved people, putting viruses into anime downloads.
There's probably little to no depravity involved. There's money to be made in controlling people's computers. It's a dirty way to make money, but it's quite profitable. Anime still isn't as popular as the "Britney n00d" example that SeijiSensei likes to bring up ( ) but wherever there's a popular or widely used resource, there's a good attack vector for infection.
__________________
Ledgem is offline   Reply With Quote
Old 2008-07-07, 13:27   Link #30
forget.me.not.blues
Junior Member
 
 
Join Date: Jul 2008
Location: Somewhere awful
Age: 21
Quote:
Originally Posted by Ledgem View Post
Even with those programs you're not 100% secured. They can help alert you to threats and help to block threats that you have no control over, but in the end it's up to you to be cautious and exercise "common sense" about what sites to avoid and what programs to leave unopened.


There's probably little to no depravity involved. There's money to be made in controlling people's computers. It's a dirty way to make money, but it's quite profitable. Anime still isn't as popular as the "Britney n00d" example that SeijiSensei likes to bring up ( ) but wherever there's a popular or widely used resource, there's a good attack vector for infection.
I was assuming we all have common sense here.
Cause, you'd obviously get virus bombarded if you go into dirty sites, or so I've heard.
Ah, now I must thank you, because I just learned a new thing =]
Britney n00d? Who would want to see that?

@SeijiSensei,
*has just noticed your age*
A moment there, I thought you were joking.
B-b-but, thats even more awesome.
Your comp-skillz history, and the fact that you like anime/manga.
I need to get my mother to hang around with you so she can learn
__________________


forget.me.not.blues is offline   Reply With Quote
Old 2008-07-07, 13:45   Link #31
WanderingKnight
Gregory House
*IT Support
 
 
Join Date: Jun 2006
Location: Buenos Aires, Argentina
Age: 25
Send a message via MSN to WanderingKnight
Quote:
Your comp-skillz history, and the fact that you like anime/manga.
There's quite a fair amount of (pardon the expression ) "old-timers" here on AS. It's probably one of the reasons why this forum is so enjoyable, at least for me.
__________________


Place them in a box until a quieter time | Lights down, you up and die.
WanderingKnight is offline   Reply With Quote
Old 2008-07-07, 13:54   Link #32
forget.me.not.blues
Junior Member
 
 
Join Date: Jul 2008
Location: Somewhere awful
Age: 21
Quote:
Originally Posted by WanderingKnight View Post
There's quite a fair amount of (pardon the expression ) "old-timers" here on AS. It's probably one of the reasons why this forum is so enjoyable, at least for me.
I don't have much forum history, excluding Quizilla, which is really just a teen-site.
But yes, I understand what you mean, and it makes me regret I didn't join earlier.
:>
__________________


forget.me.not.blues is offline   Reply With Quote
Old 2008-07-12, 09:57   Link #33
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Please tell me this isn't the beginning of a new "Homer n00d" meme!
__________________
SeijiSensei is offline   Reply With Quote
Old 2008-07-12, 21:21   Link #34
Craymel
Senior Member
 
Join Date: Jul 2008
I just don't understand how people would be dumb enough to fall for a .exe file as a video... If it was really a video it wouldn't an executable file and it would be distributed with an executable file. I die a little inside when I hear some one fell for such a obvious ploy.
__________________
For proper anime playback use:
CCCP--Mplayer--Perian
Craymel is offline   Reply With Quote
Old 2008-07-12, 23:16   Link #35
Generic Asian Guy
^_^
 
 
Join Date: Dec 2007
Age: 26
Send a message via MSN to Generic Asian Guy
Quote:
Originally Posted by Craymel View Post
I just don't understand how people would be dumb enough to fall for a .exe file as a video... If it was really a video it wouldn't an executable file and it would be distributed with an executable file. I die a little inside when I hear some one fell for such a obvious ploy.
Well, I think that it would be pretty easy to fall for it if you have "Hide extensions for known file types" ticked and the exe had a Winamp or Windows Media Player video icon.
Generic Asian Guy is offline   Reply With Quote
Old 2008-07-16, 10:07   Link #36
Craymel
Senior Member
 
Join Date: Jul 2008
But the link in the email had the exe extention at the end...
__________________
For proper anime playback use:
CCCP--Mplayer--Perian
Craymel is offline   Reply With Quote
Old 2008-07-18, 04:54   Link #37
Phantom-Takaya
INTJ
*IT Support
 
 
Join Date: Feb 2007
Location: Alaska
Age: 31
Send a message via AIM to Phantom-Takaya Send a message via MSN to Phantom-Takaya Send a message via Yahoo to Phantom-Takaya
Well, other than .exe extensions, there are .bat extensions, as well as a few others. For some people, a command line window popping up and disappearing in a blink of an eye isn't typically something that would cause them to suddenly consider that they're infected. But, with that said, you'd still need to trigger it to make the computer infected.
__________________
"Even in a crowd, I was always alone." - Ernest Hemmingway
"God asks no man whether he will accept life. That is not the choice. You must take it. The only choice is how." - Henry Ward Beecher
Friend: "Evidence that you guys are made of epic win." Me: "That wasn't my goal. My goal is chaos, fear and...eggs."
Phantom-Takaya is offline   Reply With Quote
Old 2008-07-18, 09:45   Link #38
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Quote:
Originally Posted by Craymel View Post
But the link in the email had the exe extention at the end...
Actually most of the examples of this that I've seen have a non-threatening URL that just points to a bogus web site. On the site you're told you must download a "codec" file or a special "player" to watch the proffered video. These are the executable files that actually infect the machine.

Also a number of the embedded URLs exploit legitimate sites like DoubleClick or Google, by putting the URL of the infecting site in a search request or redirection of some sort.

Any self-respecting mail service that supports unsophisticated users should automatically quarantine any executable files that come attached to an email. In my experience we've actually had the most trouble with supposed computer professionals who work on proprietary Windows software. They're always surprised that they can't mail a .exe file containing product upgrades to my clients. I'm always surprised at how clueless these people are.

I use MailScanner to manage virus and spam scanning. It comes with very restrictive defaults that rule out many types of files people might otherwise consider to be acceptable such as screensavers because they are known to have exploitable flaws.

I also push all web requests through the Squid proxy (transparently) so I can block attempts to download executables at the gateway with exemptions for a few select people like IT personnel.
__________________
SeijiSensei is offline   Reply With Quote
Old 2008-07-18, 22:54   Link #39
asunder
the ancient biter
 
Join Date: Mar 2006
(info in link is true for video asf files as well)
http://www.infoworld.com/article/08/...ect_PCs_1.html

and just as an aside

long long ago, (in a planet far away) i used to download/watch realmedia anime (not rmvb). There were a few different instances where at the end of the file, my browser would try to connect to a group's website. Could definitely see this as a easy way to get infected/compromise the security of the system.
__________________
Visit ANBU at
IRC: #anbudom @ irc.rizon.net
Website/blag http://anbudom.net
asunder is offline   Reply With Quote
Old 2008-07-19, 01:45   Link #40
bayoab
Senior Member
 
Join Date: Nov 2003
It should be pointed out because that article does not clearly state it: The ability to launch URLs in an ASF file is a feature. Anything that properly handles that part of ASF file specification will launch that URL.

The virus is combining:
1) the ability to launch a URL from an ASF file as part of the specification.
2) by loading any URL, it can do a drive by exploit of any vulnerable browser/OS. (This one chooses to rely on the more effective user naivety and not drive by.)

Quote:
Originally Posted by gabbytay View Post
You could bind a video file with a virus , you could pretty much bind a virus to any kind of file. You should scan all files you download unless its from a really really trusted source.
You can't actually get this to work on every single file type out there. You can disguise almost any file type as another one that can be used though. (asf as mpg for example since any proper video handler will (correctly) look at the file header and if it supports asf, it will load it as asf )

People claim "I was infected through a video file" all the time when it is almost never actually true. While there are tons of individual exploits across all players/file types/platforms, there is no way to get every single user. (Then again, when files are downloaded 30000+ times, you only need to get 10% to get a decent number of machines.)

Quote:
Originally Posted by SeijiSensei View Post
And how, pray tell, does this hypothetical virus get executed while playing the video file? Would you like to point us to an actual example of a infected video file? I don't know of any.

At one time there was an exploit that could make a jpeg file infect Windows through a hole in the code Microsoft wrote to display graphics. This is the only case I know of where a virus was not contained in an executable file (including things like ActiveX controls). If you're worried about having a similar event occur when watching a video, don't use a mainstream player like Windows Media Player, use MPC, Zoom, mplayer, or the like.
The jpeg files weren't actually viruses. They could just run arbitrary code in things that improperly handled a size of -1.

Spoiler for normal user anti-paranoia spoiler:

Last edited by bayoab; 2008-07-19 at 02:22.
bayoab is offline   Reply With Quote
Reply

Tags
malware, virus

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 16:42.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
We use Silk.