BluePlanet Registered User
#1

Anybody ever heard of a torrent that when finished, is an encrypted RAR file, and there's a readme that says to go to this dodgy sounding website -a-string-of-numbers-and-letters.whackyvidz.com ??

In fairness i actually opened up the link on a computer i didn't care about, and it opened to a site that had a small SN on the bottom. Haven't tried putting that SN into the encrypted RAR file yet.

But, has anybody ever heard of such a thing?
The torrent is supposed to be a movie but this has warning signs all over it.

But why bother with all this carry-on if it's just a virus?

clacks Registered User
#2

Avoid like the plague.

Voodu Child (Slight Return)
#3

Password protected RARs are very common. And having a text file with a torrent or download that asks you to visit a particular URL is also very common.

That doesnt mean this particular example is safe or unsafe.

#4

You visited the site didn't you?

Better get some scans running. download this, install it, update it and run the full scan just to be safe
http://www.malwarebytes.org/

BluePlanet Registered User
#5

I suppose i'm wondering because, if the goal was to circulate a virus, why bother having people go to the site?
If the virus is in the RAR, wouldn't it be easier (and probably more successful) to just give them the pw in the readme?

I'm presuming the RAR is encrypted simply for detection avoidance.

Voodu Child (Slight Return)
#6

I'll say it again: RARing a download and PW protecting it is common practice to break it into smaller pieces, give a level of redundancy and keep the contents from prying eyes.

Sending people to a site to get a PW is common practice to generate page views, link revenue, ad revenue etc.

This kind of thing doesnt tell you whether you are dealing with malware or not.

Karsini Registered User
#7

Oldest trick in the book. I remember this back in 1999/2000, sending you on a hunt to get a password. "go to site x, sign up, the password is the fifth word on the confirmation page." That method was often used for private FTP server passwords too.

knird evol Banned
#8

if you google the name of the file > "titanic.rar" & "password" ....bit of a chance

uch Registered User
#9

Use the name of whoever seeded it for password

Want to share your thoughts?

Login here to discuss!