Caution downloading NZBs?

**chadw01** · 04-13-2008, 10:01 PM

Does everyone look at the contents of the NZB file before they launch it? Is it possible for the NZB creator to embed any malicious code to download content to your computer apart from what you're expecting? Is this why people are willing to pay places like Newzbin because they are more reputable with their NZB creations?

Maybe I'm just being overly paranoid, but I never figured to look inside the NZBs.. I may start if there's a legitimate reason for concern.

Can anyone chime in here with their comments?

Thanks!

**towerblocks** · 04-13-2008, 10:06 PM

Originally Posted by chadw01

Does everyone look at the contents of the NZB file before they launch it? Is it possible for the NZB creator to embed any malicious code to download content to your computer apart from what you're expecting? Is this why people are willing to pay places like Newzbin because they are more reputable with their NZB creations?

Maybe I'm just being overly paranoid, but I never figured to look inside the NZBs.. I may start if there's a legitimate reason for concern.

Can anyone chime in here with their comments?

Thanks!

You must be kidding right

**omgwtfbbq** · 04-14-2008, 12:53 AM

Originally Posted by towerblocks

You must be kidding right

You mean you don't view of every page you visit and open images in notepad before you allow them to be displayed? Living on the edge a bit aren't we,

**Beck38** · 04-14-2008, 01:52 AM

Originally Posted by chadw01

Can anyone chime in here with their comments?

Thanks!

Well, maybe I started this with a comment a day or so ago, but...

LOTS of websites that gather and distribute NZB's 'insert' spam along with the nzb. Now I have to admit, that the ORIGINATOR of the nzb format (Newzbin.com) which I've had an account since the day they went 'subscription', I've never seen it from them. But a fair number of others, yes. This site? I don't think so, but then again, I've never used an NZB from here so I don't know, but I doubt it VERY highly as it has always looked like an above board operation (towerblocks in particular, kudos to him).

Anyway, consider that blindly using nzb's to d/l things is rather like, as I think 'omgwtfbbq' pointed out, is rather like sitting in 1991 (the year I got on the internet and usenet), and blindly opening every email attachment without regard.

One can either be pro-active, or post-active. Pro-active means using a decent 'up front' email scanner like 'Mailwasher' to manually/semi-automatically scan all your incoming mail BEFORE actually letting it into your mail program. Post-Active means buying tons of programs from Symatantic and letting them deal with all the junk AFTER it's infected your machine.

Obviously, Pro-Active is MUCH better. Now, when you let that nzb file 'take over' your newsreader, it of course goes to work, downloading away. The bit that may be inserted somewhere in the file will probably not be obvious, but then you're going to un-rar the thing, and in that operation, it may cause problems. It's the same as in d/l'ing that email attachment. I don't do any unraring EXCEPT on a machine that's really 'locked down', and YES, I have gotten viruses from RAR archives. In the past; but now, I scan all nzb's in advance ('Pro-Active') and haven't for a long long time.

But in scanning the nzb, it does show a bit of 'extra info' in advance. Was the par set generated at the time the rar was, or some days later? Is there any other things that don't 'look right'? Was the nzb 'made up' by a third party, or by the original poster? All valid questions.

Now I'm not saying I'm paranoid, but then again, I'm not going to forgo 'reasonable' precautions. Simply taking a quick look and seeing if anything looks strange, is reasonable.

**mbucari1** · 04-14-2008, 01:54 AM

I always open EVERYTHING I download in a virtual machine and then scan with kaspersky and NOD32. If they find ANYTHING, I delete the files. Just can't risk that it might be a false positive.

harv33 · 04-14-2008, 02:54 AM

Originally Posted by mbucari1

I always open EVERYTHING I download in a virtual machine and then scan with kaspersky and NOD32. If they find ANYTHING, I delete the files. Just can't risk that it might be a false positive.

what the.. haha

**EyeBaller** · 04-14-2008, 03:09 AM

Just search for the files yourself on newzleech/binsearch, problem solved.

**lowfi** · 04-14-2008, 02:56 PM

NZB's are just XML. No executable code in there.

**Skiz** · 04-14-2008, 08:20 PM

Originally Posted by mbucari1

I always open EVERYTHING I download in a virtual machine and then scan with kaspersky and NOD32. If they find ANYTHING, I delete the files. Just can't risk that it might be a false positive.

What for?

**tesco** · 04-14-2008, 08:48 PM

There's no executable code in it.
If there was, it couldn't be executed anyway unless renamed to .exe.

The only way something malicious could be put in is if some newsreader had a bug/security flaw with reading the xml. Example: some specific piece of text was to make newsleecher, or some other reader, freeze.
Not too likely.

It's possible for a nzb file to be mislabeled though. You could download something that says Shrek 3 and it end up being porn for example.
That's not really a big deal though...

Thread: Caution downloading NZBs?

Thread Tools

Bookmarks

Bookmarks

Posting Permissions