BrianKrebsJan 10, 2024

This story is an important development in piracy, but it also portends an increase in malware infections from more people seeking pirated content from any available source. There has always been and will always be a strong connection between pirated software, music, movies, etc. and malware droppers that turn systems into proxies or worse. And pirated products remain a major source of malware infections.

https://www.techdirt.com/2024/01/10/piracy-is-surging-again-because-streaming-execs-ignored-the-lessons-of-the-past/

Piracy Is Surging Again Because Streaming Execs Ignored The Lessons Of The Past

Back in 2019 we noted how the streaming sector risked driving consumers back to piracy if they didn’t heed the lessons of the past. We explored how the rush to raise rates, nickel-and-dime us…

Techdirt
Show threadBrianKrebsJan 10, 2024
I have a good friend who downloads pirated content all the time and we've had endless arguments about whether this is okay (esp. since he is very well off and does buy a lot of digital media). His response when I bring up the idea that a lot of the stuff from the file sharing networks is backdoored is that well he does all that on a machine that he doesn't use for anything else. But I'm like yeah, YOU might not be using it for anything else...
Show threadTristan
@briankrebs I'm curious what kinds of backdoors can be included in video or audio files. Files disguised as executables, or pirated software is very easily comprehensible to me. On the other hand, media files--are people exploiting vulnerabilities in video players with trojanned MP4 files that cause a buffer overflow? How do these things even materialize in the wild?
Jan 10, 2024 at 5:52pmWeb
Show threadDrew MochakJan 10, 2024
@tristan @briankrebs Short answer is yes, they exploit an error in the codec or the player to cause a buffer overrun to download malicious coade. Super long version is here: https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ however it was too technical for me!
I would still like to know more about this, did not find as much info as I was hoping for.
Exploit writing tutorial part 1 : Stack Based Overflows | Corelan Cybersecurity Research

Last friday (july 17th 2009), somebody (nick)named ‘Crazy_Hacker’ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via packetstormsecurity.org. (see http://packetstormsecurity.org/0907-exploits/). The vulnerability report included a proof of concept exploit (which, by the way, failed to work on my MS Virtual PC based XP SP3 En). Another exploit was

Corelan Team