this post was submitted on 28 Sep 2024
228 points (98.7% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54758 readers
614 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

There are some torrrents showing up with .lnkextension (ex: movie.mp3.lnk, tvshow.mkv.lnk...) and automated software (Sonarr, Radarr, Lidarr, qBittorrent RSS Downloader) could pick those torrents (but not import).

These (fake) torrents include a .lnk file that executes a script on your Windows


HOW TO exclude from download on qBittorrent.

  • Go to Options -> Downloads

  • Enable "Exclude file names"

  • Add patterns:

(one by line)

*.mp4.lnk  
*.mp3.lnk  
*.mkv.lnk
*.torrent.lnk 

Or exclude all together: *.lnk


Example on VirusTotal https://www.virustotal.com/gui/file/e74f64df6ebaf3a1b6e3f42591eb6e87d2ac2828eb5a99fd8d3d82c140137fc9/detection

you are viewing a single comment's thread
view the rest of the comments
[–] Aatube@kbin.melroy.org 94 points 1 month ago (2 children)
[–] CmdrShepard42@lemm.ee 87 points 1 month ago (3 children)

What if it executes and install Windows 11 on your machine!?

[–] black0ut@pawb.social 40 points 1 month ago

Oh lord please have mercy! Blacklisting the file extension right now!

[–] Trent@lemmy.ml 22 points 1 month ago

That would be the very worst malware. I mean both the malware that installed it and win11...

[–] Aatube@kbin.melroy.org 8 points 1 month ago (1 children)

ackshually the proprietary .lnk shortcut format can only be run on windows 🤓

[–] avidamoeba@lemmy.ca 4 points 1 month ago (2 children)

A Linux executable can't be named ending on .lnk? 🤔🤔

[–] Aatube@kbin.melroy.org 4 points 1 month ago

Making such a polyglot that can run on both systems requires much more effort for little gain.

[–] mexicancartel@lemmy.dbzer0.com 3 points 1 month ago

But its not lnk but an executable that needs to be excecuted manually?

[–] American_Jesus@lemm.ee 25 points 1 month ago (2 children)

Me too, but don't want to download GBs of malware and bandwidth

[–] LiveLM@lemmy.zip 17 points 1 month ago* (last edited 1 month ago)

Weak.
Harbor disaster. Seed the malware. Spread the fruits of chaos amongst the unworthy. Be complicit in their downfall. Feed on their agony ^^/s

[–] catloaf@lemm.ee 1 points 1 month ago (2 children)
[–] Aatube@kbin.melroy.org 5 points 1 month ago (1 children)

That would seem suspicious. I'm sure they have some way to pad out the size.

[–] catloaf@lemm.ee 5 points 1 month ago (1 children)

Anyone paying attention to size would probably also notice they're just .lnk files.

[–] Aatube@kbin.melroy.org 3 points 1 month ago

Not necessarily. Even with "hide extensions" unchecked, Windows hides the .lnk extension by default; it just shows an arrow in the bottom-right corner of the icon, which is plausibly missed when in the list view. I'm surprised antivirus doesn't know about it already tbh.

[–] American_Jesus@lemm.ee 3 points 1 month ago* (last edited 1 month ago)

Not these ones, some could have more than 1GB, look at the virustotal link, the file had 422MB.

Also Sonarr/Radarr filter torrents by size

Here some examples
https://bt4gprx.com/search?q=The.Lord.of.The.Rings.The.Rings.of.Power.S02E08

Those where posted on 1337x (and removed) and probably other sites, Sonarr can pick those based on release name and torrent size

PS: had to rename the fine from .lnk to .com so virustotal could accept