How Does One Get Malware from Torrents?

Discussion in 'malware problems & news' started by Brandonn2010, Jan 24, 2013.

Thread Status:
Not open for further replies.
  1. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    I don't know much about torrents. Is it you try to download a file, such as LibreOffice. You get a tiny torrent link for LibreOffice. A torrent service such as uTorrent download pieces of the file from many different computers, referred to as seeds?

    So if the file you torrent comes from many different parts, how can you get malware, as the malware would be broken up?

    Does it come from a malware torrent masquerading as a useful file, such as LibreOffice?
     
  2. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Im not that up on torrents and i dont use them personally but ive been led to believe that bit torrents are the most dangerous as "bits" of a program are coming from several unknown computers..I think thats how it works anyway.
    Others may know more.:ouch:
     
  3. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    How BitTorrent distributes files isn't particularly relevant; "seeds" are just computers that have the full file (not just bits) and are uploading, and peers are computers that are still downloading (and thus uploading the parts that they do have as well). Anyone can create a torrent and share files. So someone creates a torrent for a trojan and calls it a crack, people download and run it. Likewise they could bundle malware in with a legit program and upload it, or unintentionally upload an infected program.
     
  4. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    The adjective "share" is the real danger here..i dont get involved in any form of file sharing what so ever and the whole concept by nature is prone to abuse.o_O
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    The real problem is that if you download something from unknown sources, you have no control over it and no assurance of it being good or free from malware. When you download apps via p2p, you take your chances...
     
  6. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I have gotten Java malware before from one.
     
  7. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Simple put, you do not. You will download, what is within the torrent and nothing more, it is not sharing like Windows sharing, it is the same like downloading from a webpage through HTTP, no difference at all. I have spent years downloading torrents and I know no one, who would got infected like that. You can only download malware, if it is in the torrent in disguise. So avoid fake torrents and torrent webpages without comments, where people could reports problems, use webpages like piratebay or torrent forums.
     
  8. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    Best Answer = TOMxEU's post.

    I wholeheartedly agree. A download is a download, be it torrent or otherwise. Now what you get in the torrent is a another story.

    I am download a torrent right now (CentOS-6.3-x86_64-LiveDVD).
     
  9. m0use0ver

    m0use0ver Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    81
    Any file can be renamed to anything, matters not the download vector.
     
  10. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    If you are careful, you will not get any malware from torrents. For instance, if you download a Linux distribution you will probably be able to find the checksums for your download on the official page for that distro, so you can check the downloaded file's validity.
     
  11. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Keygens :)
     
  12. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    That's not torrent specific :)
     
  13. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    True, but it's one possible way of getting malware from a torrent.
     
  14. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    How you get malware from torrent?
    Stoopidity. :D
    Always download good torrents (By known/trusted uploaders) and scan everything in it all the time. :D
     
  15. davhag

    davhag Registered Member

    Joined:
    Jan 27, 2013
    Posts:
    2
    Location:
    USA
    Remember when you could make a copy of a cassette, or put your album on one, back up your cd to keep the original from scratches. Now if you play with torrents, or make a mix cd which don't do, you end up getting in trouble. And would it not be helpful to the musicians and actors if a few people actually got to watch a movie, show, or listen to a cd that they would not otherwise buy until they became a fano_Oo_O?
     
  16. By clicking on something that you thought was safe, but wasn't.

    Could be:
    - A PDF of some book with an embedded exploit
    - A file with the wrong extension (social engineering)
    - A cracked installer or keygen with a malicious payload

    That last is probably the most common. I cannot emphasize enough, there is no safety with warez. If you did not break the DRM yourself, using your own methods and yours alone, then you do not know what you are getting; end of story. Antivirus engines and "trusted" uploaders can both be fooled.
     
  17. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Besides the usual advises against malware...

    ..Check the MD5 Hash to see if what you got from the torrent download is what you wanted.

    A portable app that helps with that task: WinMd5Sum Portable

    Of course you will need to know the genuine MD5 Hash in order to compare.

    In the case of LibreOffice, their devs show this information in the link of the "Info" buttons available on their download page: example.

    On some sites you can get genuine MD5 Hashes for various software installers. File Hippo is an example of such site.

    Note: SHA-2 Hashes are more secure but it's generally harder to obtain them. See here:

    - http://www.techsupportalert.com/best-free-hash-utility.htm
     
    Last edited: Jan 27, 2013
  18. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,425
    Keygens are the boogyman, sure if you go to crack sites they will be infected but on torrent's it's going to be file itself that is infected. Most of the time they repack a legit file with malware and send it out in those 0-DAY packs.
     
  19. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    P2P file sharing risks
     
  20. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    The same way like any other download vector.
    You download crap and execute it.
    Mrk
     
Loading...
Thread Status:
Not open for further replies.