this post was submitted on 28 Sep 2024
230 points (98.7% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

55056 readers
195 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 2 years ago
MODERATORS
 

There are some torrrents showing up with .lnkextension (ex: movie.mp3.lnk, tvshow.mkv.lnk...) and automated software (Sonarr, Radarr, Lidarr, qBittorrent RSS Downloader) could pick those torrents (but not import).

These (fake) torrents include a .lnk file that executes a script on your Windows


HOW TO exclude from download on qBittorrent.

  • Go to Options -> Downloads

  • Enable "Exclude file names"

  • Add patterns:

(one by line)

*.mp4.lnk  
*.mp3.lnk  
*.mkv.lnk
*.torrent.lnk 

Or exclude all together: *.lnk


Example on VirusTotal https://www.virustotal.com/gui/file/e74f64df6ebaf3a1b6e3f42591eb6e87d2ac2828eb5a99fd8d3d82c140137fc9/detection

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 95 points 2 months ago (2 children)
[–] [email protected] 87 points 2 months ago (3 children)

What if it executes and install Windows 11 on your machine!?

[–] [email protected] 40 points 2 months ago

Oh lord please have mercy! Blacklisting the file extension right now!

[–] [email protected] 22 points 2 months ago

That would be the very worst malware. I mean both the malware that installed it and win11...

[–] [email protected] 8 points 2 months ago (1 children)

ackshually the proprietary .lnk shortcut format can only be run on windows 🤓

[–] [email protected] 4 points 2 months ago (2 children)

A Linux executable can't be named ending on .lnk? 🤔🤔

[–] [email protected] 4 points 2 months ago

Making such a polyglot that can run on both systems requires much more effort for little gain.

[–] [email protected] 3 points 2 months ago

But its not lnk but an executable that needs to be excecuted manually?

[–] [email protected] 25 points 2 months ago (2 children)

Me too, but don't want to download GBs of malware and bandwidth

[–] [email protected] 17 points 2 months ago* (last edited 2 months ago)

Weak.
Harbor disaster. Seed the malware. Spread the fruits of chaos amongst the unworthy. Be complicit in their downfall. Feed on their agony ^^/s

[–] [email protected] 1 points 2 months ago (2 children)
[–] [email protected] 5 points 2 months ago (1 children)

That would seem suspicious. I'm sure they have some way to pad out the size.

[–] [email protected] 5 points 2 months ago (1 children)

Anyone paying attention to size would probably also notice they're just .lnk files.

[–] [email protected] 3 points 2 months ago

Not necessarily. Even with "hide extensions" unchecked, Windows hides the .lnk extension by default; it just shows an arrow in the bottom-right corner of the icon, which is plausibly missed when in the list view. I'm surprised antivirus doesn't know about it already tbh.

[–] [email protected] 3 points 2 months ago* (last edited 2 months ago)

Not these ones, some could have more than 1GB, look at the virustotal link, the file had 422MB.

Also Sonarr/Radarr filter torrents by size

Here some examples
https://bt4gprx.com/search?q=The.Lord.of.The.Rings.The.Rings.of.Power.S02E08

Those where posted on 1337x (and removed) and probably other sites, Sonarr can pick those based on release name and torrent size

PS: had to rename the fine from .lnk to .com so virustotal could accept