Virus within a film?

[Donut417]

10 minutes ago, tlustymen said:

torrenting =/= piracy

I didn’t say it did. But it does equal piracy when it’s copyrighted. Which I assume is what you were downloading. 

[tlustymen]

16 minutes ago, Donut417 said:

I didn’t say it did. But it does equal piracy when it’s copyrighted. Which I assume is what you were downloading. 

If I told the truth, nobody would believe me, so...

[Kisai]

For those still following this thread, this is what we discovered:

 

The powershell script indeed downloaded something, or at least tried to:

https://www.virustotal.com/gui/file/674be1658ce715d63de911be19e81bef55a9dfd35fc1aaeea8a3030268ab8407/details

 

Of which the binary it decodes inside it is this:

https://www.virustotal.com/gui/file/54307fe21df2f150c3a2acbf4f65152f54063edeb6fe208e314aade1857453c1/details

 

So both would have been triggered by AV software, though the dropper itself would not have been detected by very many AV products, the actual malware is.

 

[jake9000]

For anyone wondering about this kind of attack there is a very simple mitigation here. I really wish it was enabled by default

With this, you will always see the full file name including the extension. 

I would still prefer having some kind of AV with these less than legal downloads, though. Every week I look over US-CERT's summary report and there is a new 'remote code execution with a specially crafted image' or whatever that uses non-executable files to exploit everyday software like image viewers, text editors, and so on. 

[Andreas Lilja]

1 hour ago, TomvanWijnen said:

Even excluding the (imo fair) argument of "that's expensive, especially for those who watch less than one thing a month (like me)", there are also many great movies or series or whatever that just aren't available on those sites. This means that you could either not watch them at all, or enjoy them through other means.

These days you can easily stream 4K links if you know where to look. I believe it's even technically legal, at least it is in Canada.

[TomvanWijnen]

1 minute ago, Andreas Lilja said:

These days you can easily stream 4K links if you know where to look. I believe it's even technically legal, at least it is in Canada.

I clearly do not know where to look then.

[tlustymen]

1 minute ago, jake9000 said:

With this, you will always see the full file name including the extension.

I use it normally. I most likely missed it in this case thanks to my torrent window being too narrow to see the full name.

 

2 minutes ago, jake9000 said:

Every week I look over US-CERT's summary report and there is a new 'remote code execution with a specially crafted image' or whatever that uses non-executable files to exploit everyday software like image viewers, text editors, and so on. 

Pretty scary, not gonna lie...

[TomvanWijnen]

Just now, tlustymen said:

I use it normally. I most likely missed it in this case thanks to my torrent window being too narrow to see the full name.

I never open anything from the client itself, always via file explorer. Perhaps this could help too?

[tlustymen]

1 minute ago, TomvanWijnen said:

I never open anything from the client itself, always via file explorer. Perhaps this could help too?

I meant when downloading, tho the same thing possibly happened in the file explorer? But I guess I actually just missed the two very suspicious extensions.

[TomvanWijnen]

4 minutes ago, tlustymen said:

I meant when downloading, tho the same thing possibly happened in the file explorer? But I guess I actually just missed the two very suspicious extensions.

Ah, I see. It happens to everyone! Many years ago I also accidentally installed some weird thing, went through a long slur of VERY weird things, but eventually got rid of it. Actually used that install of Windows for many more years, so I guess it must've been fine eventually...  Just be sure to learn from such experiences, as I'm sure I did back then and you did right now.

[Donut417]

13 minutes ago, Andreas Lilja said:

I believe it's even technically legal, at least it is in Canada.

Is it legal, or do the authorities not want to prosecute and waste their time? Because here in the US you rarely hear about someone going to prison over copy right infringement. Even though copyrights and patents are technically protected under the US constitution, as it gives congress rights to make laws protecting IP's. Most of the time the media companies just sue your ass in to poverty. 

 

While I know US law doesn't exist world wide, Check your DVD's, Im almost certain your going to see a message from Interpol, and they kinda do act internationally. Copy rights vary country to country. Which is probably why certain shows and movies are not offered in certain countries, where piracy is an issue. Also here in the US they tend to go after uploaders and the bootlegers selling bootleg DVD's and such. Much easier to take down the person causing the issue rather than going after users. Especially after a Federal Judge ruled than an IP address does not equal a person. 

[tlustymen]

6 hours ago, TomvanWijnen said:

Ah, I see. It happens to everyone! Many years ago I also accidentally installed some weird thing, went through a long slur of VERY weird things, but eventually got rid of it. Actually used that install of Windows for many more years, so I guess it must've been fine eventually...  Just be sure to learn from such experiences, as I'm sure I did back then and you did right now.

I sure will, thank you

[vanished]

6 hours ago, jake9000 said:

For anyone wondering about this kind of attack there is a very simple mitigation here. I really wish it was enabled by default

With this, you will always see the full file name including the extension.

Even without that on you can easily notice when something is wrong.  For one thing, if you know you have extensions hidden but it still ends in ".mp4", that would be rather suspicious and odd.  Beyond that, icon and thumbnail issues are likely.

[TomvanWijnen]

4 hours ago, Ryan_Vickers said:

Even without that on you can easily notice when something is wrong.  For one thing, if you know you have extensions hidden but it still ends in ".mp4", that would be rather suspicious and odd.  Beyond that, icon and thumbnail issues are likely.

The problem is though that (as far as I know) if that box is unchecked, SOME file name extensions will be hidden, instead of all, making it quite confusing as to what is what... Why this was ever a "feature" is beyond me.

[dalekphalm]

4 hours ago, TomvanWijnen said:

The problem is though that (as far as I know) if that box is unchecked, SOME file name extensions will be hidden, instead of all, making it quite confusing as to what is what... Why this was ever a "feature" is beyond me.

I'm not aware of any file extensions that would be hidden even if that box is checked - can you elaborate?

 

Some system files will be hidden, but that's the entire file itself, not the extension.

[WkdPaul]

4 hours ago, TomvanWijnen said:

The problem is though that (as far as I know) if that box is unchecked, SOME file name extensions will be hidden, instead of all, making it quite confusing as to what is what... Why this was ever a "feature" is beyond me.

Then you have an issue with your Windows install, having that box unchecked will show ALL file extension.

[TomvanWijnen]

20 minutes ago, dalekphalm said:

I'm not aware of any file extensions that would be hidden even if that box is checked - can you elaborate?

 

Some system files will be hidden, but that's the entire file itself, not the extension.

17 minutes ago, wkdpaul said:

Then you have an issue with your Windows install, having that box unchecked will show ALL file extension.

5 hours ago, TomvanWijnen said:

The problem is though that (as far as I know) if that box is unchecked, SOME file name extensions will be hidden, instead of all, making it quite confusing as to what is what... Why this was ever a "feature" is beyond me.

Unchecked.

 

 

[WkdPaul]

54 minutes ago, TomvanWijnen said:

Unchecked.

 

 

I think there's a misunderstanding somewhere.

 

My reply still stands, unchecking that option will show all file extension, you said SOME will stay hidden, unless there's an issue with your Windows install, that's not going to happen.

[TomvanWijnen]

3 minutes ago, wkdpaul said:

I think there's a misunderstanding somewhere.

 

My reply still stands, unchecking that option will show all file extension, you said SOME will stay hidden, unless there's an issue with your Windows install, that's not going to happen.

If you check that box all file extensions are showed, if you uncheck it some file extensions are showed.

[WkdPaul]

2 minutes ago, TomvanWijnen said:

If you check that box all file extensions are showed, if you uncheck it some file extensions are showed.

Ah, ok I probably have it reverse since I use the settings window instead of the header shown in the screenshot.

 

The complete option name is "known file extension", meaning, if the file extension isn't associated with an application, it will not be hidden

[TomvanWijnen]

4 minutes ago, wkdpaul said:

Ah, ok I probably have it reverse since I use the settings window instead of the header shown in the screenshot.

 

The complete option name is "known file extension", meaning, if the file extension isn't associated with an application, it will not be hidden

Probably yes - I've personally also never used that check mark, just found it for the first time today.

[vanished]

7 hours ago, TomvanWijnen said:

The problem is though that (as far as I know) if that box is unchecked, SOME file name extensions will be hidden, instead of all, making it quite confusing as to what is what... Why this was ever a "feature" is beyond me.

It will still show ones that it doesn't recognize (have an app associated with for opening)

[dalekphalm]

1 hour ago, TomvanWijnen said:

If you check that box all file extensions are showed, if you uncheck it some file extensions are showed.

The only file extensions shown would be ones where there's no file association, as far as I'm aware.