Torrent questions

Discussion in 'sandboxing & virtualization' started by Doodler, Aug 13, 2012.

Thread Status:
Not open for further replies.
  1. Doodler

    Doodler Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    219
    I download movies and tv shows (typically .avi format) from torrent web sites, usually only the 'better' ones, like KickAss Torrents...and I review the ratings and comments before selecting the torrent to try to select presumably good ones. I don't download pron (not sure if that matters).

    When I download the movies, I am always sandboxed (Sandboxie). I recover those .avi's out of my sandbox to a special folder on my "real" hard drive and whenever I play those movies I do so via a sandboxed Windows Media Player or sandboxed VLC.

    Other than the above, my surfing habits are very conservative and safe...and always sandboxed as well.

    Questions: Can malware hide in .avi files? If so, how commonplace is it?

    By asking the question, I'm trying to assess my risk factor. I also have Panda Cloud Anti Virus (free) on my Win7 system and I image it every other week.
     
  2. tomazyk

    tomazyk Guest

    Hi!

    To answer your question: yes, malware can be hidden inside avi and other media files. Usually it would be as some kind of exploit for media player. This kind of malware is IMO really rare and infection is quite unlikely.

    What can you do to prevent this kind of malware:
    1. Update your software - media players.
    2. Open files under Sandboxie supervision (which you already do).
    3. Instal EMET and enforce mitigations to media players.
    4. Download torrents with good "reputation".

    I don't run my torrent client under SBIE (too much data in sandbox) and also don't open files in sandboxed media player. I use only Standard user account and EMET for those files and never got any problems or infections.
    I think that your security practice is safe and your risk factor is low.
     
  3. Doodler

    Doodler Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    219
    Appreciate the comments, tomazyk.
     
Thread Status:
Not open for further replies.