this post was submitted on 28 Sep 2024

226 points (99.1% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54565 readers

446 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):

💰 Please help cover server costs.


Ko-fi	Liberapay

founded 1 year ago

MODERATORS

[email protected]

226

PSA/HOWTO: Avoid fake mkv torrents. Avoid getting hacked (lemm.ee)

submitted 1 month ago by [email protected] to c/[email protected]

46 comments fedilink hide all child comments

There are some torrrents showing up with .lnkextension (ex: movie.mp3.lnk, tvshow.mkv.lnk...) and automated software (Sonarr, Radarr, Lidarr, qBittorrent RSS Downloader) could pick those torrents (but not import).

These (fake) torrents include a .lnk file that executes a script on your Windows

HOW TO exclude from download on qBittorrent.

Go to Options -> Downloads
Enable "Exclude file names"
Add patterns:

(one by line)

*.mp4.lnk  
*.mp3.lnk  
*.mkv.lnk
*.torrent.lnk

Or exclude all together: *.lnk

Example on VirusTotal https://www.virustotal.com/gui/file/e74f64df6ebaf3a1b6e3f42591eb6e87d2ac2828eb5a99fd8d3d82c140137fc9/detection

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 95 points 1 month ago (2 children)

I use Arch btw

[–] [email protected] 86 points 1 month ago (3 children)

What if it executes and install Windows 11 on your machine!?

[–] [email protected] 22 points 1 month ago

That would be the very worst malware. I mean both the malware that installed it and win11...

[–] [email protected] 8 points 1 month ago (1 children)

ackshually the proprietary .lnk shortcut format can only be run on windows 🤓

[–] [email protected] 4 points 1 month ago (2 children)

A Linux executable can't be named ending on .lnk? 🤔🤔

[–] [email protected] 4 points 1 month ago

Making such a polyglot that can run on both systems requires much more effort for little gain.

[–] [email protected] 3 points 1 month ago

But its not lnk but an executable that needs to be excecuted manually?

[–] [email protected] 40 points 1 month ago

Oh lord please have mercy! Blacklisting the file extension right now!

[–] [email protected] 25 points 1 month ago (2 children)

Me too, but don't want to download GBs of malware and bandwidth

[–] [email protected] 1 points 1 month ago (2 children)

.lnk files are less than 4kb

[–] [email protected] 3 points 1 month ago* (last edited 1 month ago)

Not these ones, some could have more than 1GB, look at the virustotal link, the file had 422MB.

Also Sonarr/Radarr filter torrents by size

Here some examples
https://bt4gprx.com/search?q=The.Lord.of.The.Rings.The.Rings.of.Power.S02E08

Those where posted on 1337x (and removed) and probably other sites, Sonarr can pick those based on release name and torrent size

PS: had to rename the fine from .lnk to .com so virustotal could accept

[–] [email protected] 5 points 1 month ago (1 children)

That would seem suspicious. I'm sure they have some way to pad out the size.

[–] [email protected] 5 points 1 month ago (1 children)

Anyone paying attention to size would probably also notice they're just .lnk files.

[–] [email protected] 3 points 1 month ago

Not necessarily. Even with "hide extensions" unchecked, Windows hides the .lnk extension by default; it just shows an arrow in the bottom-right corner of the icon, which is plausibly missed when in the list view. I'm surprised antivirus doesn't know about it already tbh.

[–] [email protected] 17 points 1 month ago* (last edited 1 month ago)

Weak.
Harbor disaster. Seed the malware. Spread the fruits of chaos amongst the unworthy. Be complicit in their downfall. Feed on their agony ^^/s