I understand that sharing video, photos, documents etc. is relatively safe because the data is not executed in the processor as instructions. How come people are willing to download and install pirated software though? How can one be confident that it does not contain malicious addons? Are people just don’t know the risks? Or are there protection mechanisms that I am missing? I mean since the software is usually cracked there is not much use in comparing checksums with the originals, is it?
One of the techniques is called buffer overflow. Where you target a flaw in some software.
Computers are logic, they will do EXACTLY what you tell them. Imagine if an image viewer uses an dll to process jpg. That dll expects a very specific header. If this is not handled correctly and a malicious attacker crafts the header to be slightly larger and the larger part contains executable code. This code spills over in the adjacent memory area. The OS then reads this as code to run… and boom you are in.
This is oversimplified and proberly not explained correctly, but its something like that; and that kids, is why its important to update your OS and software.
Sometimes they find bugs like this, that have existed for many years before being discovered.
You are thinking it wrong about malware in pictures. They don’t act like an executable rather then injecting instructions to an executable program you are opening your picture in. In that case you don’t need the +x flag on your file. Think of it as a Trojan horse
I think it is very rare to find or even craft a video file that is able to allow for arbitrary code execution on an updated video player software like VLC. The same is true for photos or documents with the exception of office documents using macros.
Not at all. I work with development of various kinds and have my desk close to our senior it security specialist he says that we get daily that kind of stuff in our emails so I don’t see why they should exist less on pirated torrents
maybe you mean like exe files disguised as pngs?
actual malicious image files are extremely uncommon (and target specific image viewers of outdated versions, like imagine an archaic os like windows 7 or xp); libpng/libjpg that are used in most popular image viewers are open source and do not currently have any significant (discovered/publicly known) vulnerabilities
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !piracy@lemmy.dbzer0.com
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Can you explain how can a picture holds a executable in it? Also you have to make the file executable to run it. Something like
chmod +x random.mp4One of the techniques is called buffer overflow. Where you target a flaw in some software. Computers are logic, they will do EXACTLY what you tell them. Imagine if an image viewer uses an dll to process jpg. That dll expects a very specific header. If this is not handled correctly and a malicious attacker crafts the header to be slightly larger and the larger part contains executable code. This code spills over in the adjacent memory area. The OS then reads this as code to run… and boom you are in.
This is oversimplified and proberly not explained correctly, but its something like that; and that kids, is why its important to update your OS and software.
Sometimes they find bugs like this, that have existed for many years before being discovered.
You are thinking it wrong about malware in pictures. They don’t act like an executable rather then injecting instructions to an executable program you are opening your picture in. In that case you don’t need the +x flag on your file. Think of it as a Trojan horse
https://gizmodo.com/malware-images-virus-photos-pictures-how-block-antiviru-1849572516 If you are more interested
I think it is very rare to find or even craft a video file that is able to allow for arbitrary code execution on an updated video player software like VLC. The same is true for photos or documents with the exception of office documents using macros.
Not at all. I work with development of various kinds and have my desk close to our senior it security specialist he says that we get daily that kind of stuff in our emails so I don’t see why they should exist less on pirated torrents
maybe you mean like exe files disguised as pngs?
actual malicious image files are extremely uncommon (and target specific image viewers of outdated versions, like imagine an archaic os like windows 7 or xp); libpng/libjpg that are used in most popular image viewers are open source and do not currently have any significant (discovered/publicly known) vulnerabilities
“Updated” is doing a lot of heavy lifting here. Lots of people don’t keep their software up to date.
But yeah, the likelihood of any of us randomly happening upon 0days in the wild is pretty low.