I heard that it is possible to inject video containers with malware. I also heard malware is rampant on 1337x. And I don’t have an antivirus to scan files for the moment cuz I’m on Linux, also it would be too much for me to upload the movie to virustotal.

I found a release that suits my need for the movie I’m looking for, but I don’t know if I can trust this uploader (TGxGoodies). the number of seeders is over 120 for the movie.
the reason I’m reluctant is that a very active uploader on 1337x: IGGGAMESCOM is labeled “Vip Uploader” despite a simple search on reddit shows that there are victims for their malware-injected uploads.

  • catloaf@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    4 months ago

    A malicious video file exploiting your video player is possible, but extremely unlikely. Keep your system up to date and you’ll be fine.

    • state_electrician@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      This. And TGxGoodies is one of the biggest uploaders on 1337x, I’d say they can be trusted. I prefer them to most others, because they keep good quality on low file sizes.

        • zaknenou@lemmy.dbzer0.comOP
          link
          fedilink
          English
          arrow-up
          0
          ·
          4 months ago

          I have Ubuntu 22.04, it has been almost a year. I don’t search for updates, I don’t know if it is auto-updating

          • Fonzie!@ttrpg.network
            link
            fedilink
            English
            arrow-up
            2
            ·
            4 months ago

            Ubuntu 22.04 does support automatic updates by default.

            To check if Ubuntu 22.04 is set to auto-update, you can follow these steps:

            1. Open the “Software & Updates” application. You can do this by searching for it in the Ubuntu Dash or by pressing Super key (Windows key) and typing “Software & Updates”.
            2. In the “Software & Updates” window, go to the “Updates” tab.
            3. Look for the option that says “Automatically check for updates”. If this option is checked, it means Ubuntu is set to automatically check for updates.
            4. You can also check the frequency of updates by looking at the drop-down menu next to “Automatically check for updates”. Here you can set how often Ubuntu should check for updates.
            5. Additionally, you can check the “Install updates from” section to see where updates are being fetched from. By default, it should be set to the main Ubuntu repositories.

            By following these steps, you can verify if Ubuntu 22.04 is configured to auto-update.

            (source: I asked DuckDuckGo AI Chat, I don’t have links for you but this seems correct from when I used Ubuntu Gnome)

      • priapus@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        4 months ago

        I don’t really have a YouTube video or blog post on hand to explain it, but I do have a degree in cybersecurity. Putting a malicious executable in a video is not a simple task. The most likely way for this to occur would require a vulnerability in the video player you are using that allows for code execution. If your system is up to date, it’s unlikely the video player you’re using is going to have a known vulnerability that allows this. If someone does have knowledge of a vulnerability like this that is not publicly known, it’s very unlikely random 1337x users will be their target.

        Something I will recommend is if you are using Windows, make sure you do not have file extensions hidden in File Explorer, because then someone could trick you by simply naming an executable with .exe at the end. These types of tricks are more important for the average user to be cautious about than attacks utilizing steganography.

  • cerement@slrpnk.net
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    if you download Boy and the Heron but end up watching Fight Club, you know they can’t be trusted

  • anon@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    4 months ago

    Thanks for reminding me of this possibility.

    Here’s how I plan to solve it on my seedbox:

    In the bash script I use to download and rename files using filebot, I added an mkvalidator step at the beginning. If the file doesn’t pass the check, it doesn’t go onto the next step.

    mkvalidator

    mkvalidator is a simple command line tool to verify Matroska and WebM files for spec conformance. It checks the various bogus or missing key elements against the EBML DocType version of the file and reports the errors/warnings in the command line.

      • anon@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        edit-2
        4 months ago

        Good question! Perhaps not. Someone should test my idea with a known infected mkv file.

        Get back to me if you do.