211

There are some torrrents showing up with .lnkextension (ex: movie.mp3.lnk, tvshow.mkv.lnk...) and automated software (Sonarr, Radarr, Lidarr, qBittorrent RSS Downloader) could pick those torrents (but not import).

These (fake) torrents include a .lnk file that executes a script on your Windows


HOW TO exclude from download on qBittorrent.

  • Go to Options -> Downloads

  • Enable "Exclude file names"

  • Add patterns:

(one by line)

*.mp4.lnk  
*.mp3.lnk  
*.mkv.lnk
*.torrent.lnk 

Or exclude all together: *.lnk


Example on VirusTotal https://www.virustotal.com/gui/file/e74f64df6ebaf3a1b6e3f42591eb6e87d2ac2828eb5a99fd8d3d82c140137fc9/detection

you are viewing a single comment's thread
view the rest of the comments
[-] Aatube@kbin.melroy.org 97 points 2 months ago
[-] CmdrShepard42@lemm.ee 83 points 2 months ago

What if it executes and install Windows 11 on your machine!?

[-] black0ut@pawb.social 40 points 2 months ago

Oh lord please have mercy! Blacklisting the file extension right now!

[-] Trent@lemmy.ml 22 points 2 months ago

That would be the very worst malware. I mean both the malware that installed it and win11...

[-] Aatube@kbin.melroy.org 11 points 2 months ago

ackshually the proprietary .lnk shortcut format can only be run on windows 🤓

[-] avidamoeba@lemmy.ca 5 points 2 months ago

A Linux executable can't be named ending on .lnk? 🤔🤔

[-] Aatube@kbin.melroy.org 5 points 2 months ago

Making such a polyglot that can run on both systems requires much more effort for little gain.

[-] mexicancartel@lemmy.dbzer0.com 3 points 2 months ago

But its not lnk but an executable that needs to be excecuted manually?

[-] American_Jesus@lemm.ee 23 points 2 months ago

Me too, but don't want to download GBs of malware and bandwidth

[-] LiveLM@lemmy.zip 18 points 2 months ago* (last edited 2 months ago)

Weak.
Harbor disaster. Seed the malware. Spread the fruits of chaos amongst the unworthy. Be complicit in their downfall. Feed on their agony ^^/s

[-] catloaf@lemm.ee 2 points 2 months ago
[-] Aatube@kbin.melroy.org 5 points 2 months ago

That would seem suspicious. I'm sure they have some way to pad out the size.

[-] catloaf@lemm.ee 5 points 2 months ago

Anyone paying attention to size would probably also notice they're just .lnk files.

[-] Aatube@kbin.melroy.org 3 points 2 months ago

Not necessarily. Even with "hide extensions" unchecked, Windows hides the .lnk extension by default; it just shows an arrow in the bottom-right corner of the icon, which is plausibly missed when in the list view. I'm surprised antivirus doesn't know about it already tbh.

[-] American_Jesus@lemm.ee 3 points 2 months ago* (last edited 2 months ago)

Not these ones, some could have more than 1GB, look at the virustotal link, the file had 422MB.

Also Sonarr/Radarr filter torrents by size

Here some examples
https://bt4gprx.com/search?q=The.Lord.of.The.Rings.The.Rings.of.Power.S02E08

Those where posted on 1337x (and removed) and probably other sites, Sonarr can pick those based on release name and torrent size

PS: had to rename the fine from .lnk to .com so virustotal could accept

this post was submitted on 28 Sep 2024
211 points (100.0% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

55049 readers
382 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 2 years ago
MODERATORS