November 21, 2007 by sharky
The Risks/What to Avoid
One thing that anti-piracy groups and software companies strongly advocate is the fact that software obtained illegally is hazardous and chancy. They want you to believe that illicit software is chock-full of little nasties waiting for the opportunity to unleash disastrous consequences to the unsuspecting user. And for this we do not disagree - there is plenty of bad. This is the Internet; we’re all part of one vast network sharing our computers with each other, a little bad is even expected.
Without unequivocal question - malware (viruses, worms, Trojans) are the single-most aggravation to any computer user. If you’ve ever been infected with a nasty Trojan or email worm, you know what we’re talking about. Every user has probably had one whether they knew it or not. They can come from websites, email, other persons’ CDs or floppy disks, and even portable memory flashcards. Basically anything that connects from one PC to another has the potential to ’share’ the host maladies.
The most damaging, financially costly, and prolific viruses/malware in our history do not come from file sharing protocols at all. They come via email attachments. At their peak, ‘MyDoom’ infected 1 in 12 of all incoming/outgoing email messages and ‘SoBig-F’ infected 1 in 17. Out of the top ten most malignant viruses and worms, only two are associated with being transferred via P2P programs, and all ten are consistently spread and perpetuated by email attachments. Your biggest threat comes from signing into your Hotmail account or opening Outlook Express. It is this misguided fear that gives pirated software a bad rap.
Downloading Software - Caution and Common Sense
We have seen hundreds of viruses in even more programs, but it’s really not difficult to exude “P2P safety” by scanning software first; and simply cleaning, quarantining or deleting the infected files and just moving on. Software/games that are in the form of a CD or DVD ‘image’ should be mounted or burned, and then checked. Unzip or UnRAR your files first before scanning for added surety. Always scan before you run, and always scan cracks and keygens. A downloaded program containing a virus is completely benign until it has been executed, or ‘ran’. You will find viruses/malware in some of the software out there, but there’s nothing that can’t be promptly taken care of.
Searching for Software
Searching with P2P Programs (Limewire/Shareaza)
Caution must be taken when downloading programs and games from ANY source. This philosophy can be applied to P2P programs such as Limewire or Shareaza, when search results show the number of people who are sharing the same file. We would normally opt for the one that has the most people sharing it, naturally. However, even this method offers no surefire way of ever really knowing. We 100% don’t endorse using ‘Limewire’ type P2P programs to search for software - this is like viewing BitTorrent search results without the ‘leecher’ column to show the number of people avoiding it.
P2P (i.e. Limewire) searches are conducted by searching the “shared folders” of other persons computers on the network - in essence you are just browsing through someone else’s hard drive. And there’s really no way of knowing what’s safe and what’s not. Thus if they have a virus in a shared file (knowingly or not) and you decide to download that file, you now have a file with a virus in it, and you might also be sharing it with other Limewire users. It is this accidental sharing that makes P2P such as Limewire so highly proliferate in virus spreading.
Searching on IRC
With IRC, it is impossible to tell in advance of any potential issues. And IRC does have its share of infected files. Try to avoid using “FServes” because these are run by individuals in a one-on-one scenario. And avoid accepting/swapping software files with individual users in a channel. Get your software files from “XDCC Bots” in popular channels - they are less likely to contain any malware. Use antivirus and antispyware software and enable the option of searching inside RAR and ZIP file archives. And be sure to ’scan’ each package before installation. This advice goes for Usenet newsgroups and Direct Connect, too.
Searching on BitTorrent sites
With BitTorrent, there are ways to recognize in advance of what may or may not contain a virus. For this demo, We’ll use Mininova (see below) with the search result columns arranged by ’seed’ (by clicking the “Seeds” column). We searched for “Antivirus” because WE KNOW with absolute certainty that some of the results will contain viruses/malware. But we also know some will not.
The RED arrows indicate where we think there may be some suspicious activity. How can we tell? Look at the seed to leecher ratio, indicated on BitTorrent search sites under the “SEED” and “LEECH” columns. When you see a high number of seeds in contrast to a low number of leechers (244 : 7 ratio), this tells us the following: That many people have the complete file (and are thus offering it) but very few new people are actually trying to obtain it. Why is everyone avoiding it? What is wrong with it?
The GREEN arrows tell us exactly the opposite. Many people have the complete file, and many people are also in the process of downloading it (229 : 197 ratio). Why is everyone trying to download it? What is right with it?
The ORANGE question marks (?) indicate a warning where it is difficult to ascertain from the seed/leech ratios. Take caution with these releases, and select a more equal ratio, if available. Sometimes these numbers indicate the release is just fine, and other times this is not so.
It doesn’t take long before the number of leechers begins to drop because of a bad torrent. The seeders next to the RED arrow belong to one of two groups of people: The first group; they are people trying to maliciously spread a virus, or distibute a fake/decoy into the P2P scene. The second group; they are people that have the infected file and are seeding it, but they are completely unaware of the payload inside it (this is normally people without an antivirus program).
The above “Antivirus” search scenario worked great for this demonstration, because there were so many search results that we could choose from. Alas, this is not always the situation. Sometimes only five (or less) results come back in a search, and they ALL appear dodgy. Now it just comes down to proper judgment and common sense based on these principles. If a search contains zero leechers, always avoid it.
Still, there are no guarantees about anything in this illicit world. So use an antivirus to scan the file as soon as it’s done.
Searching for Illegal Software on Websites
Once upon a time way back in the dawn of the WWW and Internet, websites were a very popular medium for obtaining and trading illicit software and games. And it still is, but now it’s primarily done through “Direct Download Link” Warez websites, where the illegal files aren’t hosted on these website anymore, but on file hosting companies such as megaupload.com and rapidshare.com. See our article here for more info about DDL file sharing. Most DDL files are clean of viruses, but not all.
Other search tips
If you’re a serious purveyor of the new software releases, then mIRC is the protocol of choice for new content and overall variety. Much of it ends up leaking onto BitTorrent sites anyways, but usually it’s the popular mainstream programs that make it there. One such tip for looking for the new stuff on BitTorrent is to search for “0-day” or “0day” (that’s zero-day, not oh-day). There are many ‘0day packs’ available, usually named aptly in reference to the date of the ‘pack’ - many are released by the group [h33t]. Inside each pack consists of various (usually small) programs that were released in that particular time frame, complete with cracks, serial numbers, .NFO files and keygens for each. But jump on these torrents hastily: the seeds disappear quite fast!
Other things to avoid
Try to avoid any software release that says “100% Working”. Release Groups do not include this so-called ‘tag’ because IF it came from a release group, it would already be assumed to be working. This goes for the keyword “working” as well. It is not a word used by proper release groups in their description of a release.