Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
Thread Tools Search this Thread
07-04-2011, 10:13   #1
BluePlanet
Registered User
 
Join Date: Jan 2010
Posts: 923
encrypted rar file?

Anybody ever heard of a torrent that when finished, is an encrypted RAR file, and there's a readme that says to go to this dodgy sounding website -a-string-of-numbers-and-letters.whackyvidz.com ??

In fairness i actually opened up the link on a computer i didn't care about, and it opened to a site that had a small SN on the bottom. Haven't tried putting that SN into the encrypted RAR file yet.

But, has anybody ever heard of such a thing?
The torrent is supposed to be a movie but this has warning signs all over it.

But why bother with all this carry-on if it's just a virus?
BluePlanet is offline  
Advertisement
07-04-2011, 10:26   #2
clacks
Registered User
 
Join Date: Oct 2009
Posts: 151
Avoid like the plague.
clacks is offline  
07-04-2011, 11:11   #3
Voodu Child
(Slight Return)
 
Voodu Child's Avatar
 
Join Date: May 2005
Posts: 6,627
Password protected RARs are very common. And having a text file with a torrent or download that asks you to visit a particular URL is also very common.

That doesnt mean this particular example is safe or unsafe.
Voodu Child is offline  
07-04-2011, 11:12   #4
PogMoThoin
Closed Account
 
Join Date: Jun 2006
Posts: 13,650
You visited the site didn't you?

Better get some scans running. download this, install it, update it and run the full scan just to be safe
http://www.malwarebytes.org/
PogMoThoin is offline  
07-04-2011, 11:28   #5
BluePlanet
Registered User
 
Join Date: Jan 2010
Posts: 923
I suppose i'm wondering because, if the goal was to circulate a virus, why bother having people go to the site?
If the virus is in the RAR, wouldn't it be easier (and probably more successful) to just give them the pw in the readme?

I'm presuming the RAR is encrypted simply for detection avoidance.
BluePlanet is offline  
Advertisement
07-04-2011, 12:06   #6
Voodu Child
(Slight Return)
 
Voodu Child's Avatar
 
Join Date: May 2005
Posts: 6,627
I'll say it again: RARing a download and PW protecting it is common practice to break it into smaller pieces, give a level of redundancy and keep the contents from prying eyes.

Sending people to a site to get a PW is common practice to generate page views, link revenue, ad revenue etc.

This kind of thing doesnt tell you whether you are dealing with malware or not.
Voodu Child is offline  
07-04-2011, 23:11   #7
Karsini
Abort, Retry, Fail?
 
Karsini's Avatar
 
Join Date: Jul 2003
Location: Dublin
Posts: 12,596
Send a message via Skype™ to Karsini
Oldest trick in the book. I remember this back in 1999/2000, sending you on a hunt to get a password. "go to site x, sign up, the password is the fifth word on the confirmation page." That method was often used for private FTP server passwords too.
Karsini is online now  
08-04-2011, 00:14   #8
knird evol
Registered User
 
knird evol's Avatar
 
Join Date: May 2006
Posts: 884
if you google the name of the file > "titanic.rar" & "password" ....bit of a chance
knird evol is offline  
08-04-2011, 00:24   #9
uch
Registered User
 
uch's Avatar
 
Join Date: Oct 2002
Location: 17 - 24
Posts: 4,056
Use the name of whoever seeded it for password
uch is offline  
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet