BrianKrebsThis story is an important development in piracy, but it also portends an increase in malware infections from more people seeking pirated content from any available source. There has always been and will always be a strong connection between pirated software, music, movies, etc. and malware droppers that turn systems into proxies or worse. And pirated products remain a major source of malware infections.
I have a good friend who downloads pirated content all the time and we've had endless arguments about whether this is okay (esp. since he is very well off and does buy a lot of digital media). His response when I bring up the idea that a lot of the stuff from the file sharing networks is backdoored is that well he does all that on a machine that he doesn't use for anything else. But I'm like yeah, YOU might not be using it for anything else...
Adam MacLeod@briankrebs Totally in a similar situation with a friend. He pirates a lot. Its not my place to be judge, jury, nor prosecutioner. But I do try to advise him of the same kinds of threats from pirated material. He's a nerd, but one of those who seems incapable of understanding that just because he can't see something going weird on his screen, doesn't mean its not happening.
Pusher Of Pixels (old account)Executable stuff? That's a big no bueno. Urgent need at least a disposable VM
erik.fred.erik.sen@briankrebs downloading a video in a well-accepted code seems fine. what scares me is the amount of jank in the streaming services (and plugins and worse) that people use to watch soccer. Oh that is a greasy corner of the web
sigi714@rikthevik @briankrebs Well, we saw movie sites with a business model for infecting windows machines instead of showing ads, although it may be harder nowadays, its not impossible.
Swapneel Patnekar@briankrebs Another perspective, the pricing of software also plays a big role in folks resorting to downloading pirated software. A college network is an excellent vantage point to collect malware samples and build a repository :-)
Jim Lillicotch@briankrebs
Pirates tend to buy more media than most any other group.
Musicians may complain about low pay, but having everything in one place at a reasonable price is the only way to slow it.
Pirates tend to buy more media than most any other group.
Musicians may complain about low pay, but having everything in one place at a reasonable price is the only way to slow it.
miki@briankrebs How tech savvy are they? I was always under the impression that, if you're knowledgeable about tech, keep your browsers up to date, know not to click the "you need to update Adobe Flash" popup and can distinguish oppenheimer.mkv from oppenheimer.mkv.exe, you're extremely unlikely to get infected. That's if you only pirate music / movies / books / scientific articles of course, not games or other software. Am I wrong?
@miki @briankrebs Checkout qubes OS, and nation state actors fiddling with everything is more of my own concern. Most of the information that I want to be private gets out because of issues at a kernel or even hardware level. Did you know that tv remotes have analog chips with voice recognition ML models hardwired so that they can run on 1 watt and only activate the power hungry digital chip as needed? That for instance gives me a lot of anxiety and mistrust
@briankrebs I'm curious what kinds of backdoors can be included in video or audio files. Files disguised as executables, or pirated software is very easily comprehensible to me. On the other hand, media files--are people exploiting vulnerabilities in video players with trojanned MP4 files that cause a buffer overflow? How do these things even materialize in the wild?
Drew Mochak@tristan @briankrebs Short answer is yes, they exploit an error in the codec or the player to cause a buffer overrun to download malicious coade. Super long version is here: https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ however it was too technical for me!
I would still like to know more about this, did not find as much info as I was hoping for.
I would still like to know more about this, did not find as much info as I was hoping for.
Exploit writing tutorial part 1 : Stack Based Overflows | Corelan Cybersecurity Research
Last friday (july 17th 2009), somebody (nick)named ‘Crazy_Hacker’ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via packetstormsecurity.org. (see http://packetstormsecurity.org/0907-exploits/). The vulnerability report included a proof of concept exploit (which, by the way, failed to work on my MS Virtual PC based XP SP3 En). Another exploit was
Peter Bindels@briankrebs When there is no official client that works, I will make a client that works. And it doesn't necessarily care about forcing me to watch ads or restricting what I can do with the video stream.
Kevin Herrera@briankrebs Factor in seeding that pirated content and now they are actively contributing to its distribution.
Andreas K@briankrebs
Well, let's be honest.
Media files have a limited range of exploits that they can cause: memory corruption via the decoders being the common pattern.
So sticking some random videos and images of a birthday party on my DLNA server is comparatively low risk. You should never forget that using commercial DRM-ed media has risks too. (Sony rootkit anyone? Kindle book removals? Any managers get prosecuted for these as criminals under the harsh copyright/computer crime laws?)
@briankrebs Sony BTW also loves to remove media that users have “bought” (that word usage should be at least prosecuted as misleading), they did in the US just now, some time ago in Europe, then we had the OtherOS fiasco on the PS3, ...
So please don't tell me that I should only use the approved bread with the BigCorp Toaster because only approved DRM-ed toast is safe.
Ron Bowes@briankrebs I remember when streaming was good, most content was on Netflix, and I happily subscribed.
Now people are constantly asking "what platform is that on?", shows are split between platforms, most platforms do ads in addition to subscription fees, and the whole experience is just worse (I love being able to shuffle my whole library).
I wish streaming services would get their shit together and make things better for users, but I don't see that happening.
Viss
Dunkey's Guide to Streaming Services
K. Reid Wightman 
🌻 
@reverseics @iagox86 @briankrebs youd think they'd have learned by now. if they make it easier to watch shows than pirate them, people will pay for that.
netflix got it right for a very long while, but now its just a shitshow again.
David B. Templeton@briankrebs This is a plausible issue for people who manually handle their media. However, has there ever been a documented case of malware exploiting vulns and executing, from a video file downloaded by Sonarr/Radarr and streamed by Plex/Jellyfin/Kodi?
Oggie@briankrebs Genuine source of frustration-
there are a few movies that -do not exist- in any format that is reasonable at this point, that I would like to watch again. One of them I managed to 'buy' on amazon before it went unlisted again, they're too niche for most piracy options, and even the amazon one is wonky (and will soon have ads! For something I purchased!). Dvd and rip is not an option because they aren't reprinted, and VHS copies are comically expensive.
I would happily buy them.
Xaikhal@briankrebs Crazy that we've come full circle with this, but there has to be some sort of middle ground without customers constantly being taken advantage of. If they're not careful, the new generation is about to learn the pains of xxxx.mp4.exe.
Dan GoodinI miss the days when @mmasnick regularly posted to the fedi. Mike, please come back. We need you here.
Mike Masnick ✅@dangoodin @briankrebs I'm still here, but not as often. I just find I get a lot more scolding here (especially from people who are very sure, but very wrong, about stuff), and the conversations on bsky are just simply better.
I respect your reasons, Mike and am glad your experience on Bsky is good. Unfortunately, my experience isn't nearly as good, and I'm not sure why.
@mmasnick @dangoodin @briankrebs i tried there. i really did. but there are people who i have gone to some lengths to avoid and bsky does that shitty thing twitter does where it will show you replies from someone you follow, responding to someone you have blocked, and showing you that the previous post in the thread isnt visible to you.
its an incredibly stupid design decision and it makes me crazy, so closed the tab for a couple weeks
resipiscent@briankrebs Media should work like gas/electric/water utilities, use first-pay later. Last.fm scrobbles what I listen to, it should invite me to pay those artists directly at the end of each month/year. If I fall into arrears, cut me off. As it stands now, I'm forced to subscribe to Fox News if I want to watch any tv at all. Meanwhile, pirated video and audio are safe, non-executable, no?
Alida Antonia@briankrebs Yeah, I know someone who does that.
Joachim@briankrebs @hypebot seems like watching the malware infection rate is like measuring COVID traces in the wastewater, but for piracy
@briankrebs
While I'd agree that malware is a growing problem, I can't believe it's growing nearly as fast as piracy. I'd also bet it's mostly newbees to streaming/downloading that haven't learned their way around yet.
I am an original cord cutter and used to stream torrents to an analog tv, so this is nothing new and isn't going to stop.
While I'd agree that malware is a growing problem, I can't believe it's growing nearly as fast as piracy. I'd also bet it's mostly newbees to streaming/downloading that haven't learned their way around yet.
I am an original cord cutter and used to stream torrents to an analog tv, so this is nothing new and isn't going to stop.
Fellows@briankrebs I just read the article and I agree with the writer’s points. Personally I think the golden age of streaming is now over. We’ve ended up back with a system that we all tried to run from in the first place, just a different delivery mechanism. Thanks for sharing!
@briankrebs Never heard of MP3, FLAC, MP4, or MKV giving anyone the plague. If super paranoid, run it through MKVtoolnix to repack it. Or watch it on a TV.
A little bird told me LG sets do a great job of playing such formats.
Likewise arcade and console ROMs that run in an emulator, as long as you get the emulator itself from a safe source you're probably OK.
If you play single player PC games from torrents, just assume you're infected and use a disposable OS install off the Internet.
Bytebro 🇬🇧 🇺🇦 🇬🇱They are even more stupid than that... I pay for Amazon Prime, because I like prompt delivery.
With that I get the Prime TV stuff. But if I go there and want a box-set, Prime will sell it to me for, say £20.00 or maybe $20.00. But I can often get the entire set for the Prime price of one episode if I go directly to the provider.
PirateBay is our friend these days - feck 'em all.
@briankrebs Brian I wonder how much damage "Hide extensions for known types" has done over the years.
Georgiann Baldino@briankrebs My ebooks were repeatedly stolen by sites promising "free downloads" in exchange for registration and a credit card number. It got to the point that I spent more time filing copyright infringements than writing or marketing my creations.