Does everyone look at the contents of the NZB file before they launch it? Is it possible for the NZB creator to embed any malicious code to download content to your computer apart from what you're expecting? Is this why people are willing to pay places like Newzbin because they are more reputable with their NZB creations?

Maybe I'm just being overly paranoid, but I never figured to look inside the NZBs.. I may start if there's a legitimate reason for concern.

Can anyone chime in here with their comments?

Thanks!

Does everyone look at the contents of the NZB file before they launch it? Is it possible for the NZB creator to embed any malicious code to download content to your computer apart from what you're expecting? Is this why people are willing to pay places like Newzbin because they are more reputable with their NZB creations?

Maybe I'm just being overly paranoid, but I never figured to look inside the NZBs.. I may start if there's a legitimate reason for concern.

Can anyone chime in here with their comments?

Thanks!

You must be kidding right :lol:

You must be kidding right :lol:

You mean you don't view of every page you visit and open images in notepad before you allow them to be displayed? Living on the edge a bit aren't we,

Can anyone chime in here with their comments?

Thanks!

Well, maybe I started this with a comment a day or so ago, but...

LOTS of websites that gather and distribute NZB's 'insert' spam along with the nzb. Now I have to admit, that the ORIGINATOR of the nzb format (Newzbin.com) which I've had an account since the day they went 'subscription', I've never seen it from them. But a fair number of others, yes. This site? I don't think so, but then again, I've never used an NZB from here so I don't know, but I doubt it VERY highly as it has always looked like an above board operation (towerblocks in particular, kudos to him).

Anyway, consider that blindly using nzb's to d/l things is rather like, as I think 'omgwtfbbq' pointed out, is rather like sitting in 1991 (the year I got on the internet and usenet), and blindly opening every email attachment without regard.

One can either be pro-active, or post-active. Pro-active means using a decent 'up front' email scanner like 'Mailwasher' to manually/semi-automatically scan all your incoming mail BEFORE actually letting it into your mail program. Post-Active means buying tons of programs from Symatantic and letting them deal with all the junk AFTER it's infected your machine.

Obviously, Pro-Active is MUCH better. Now, when you let that nzb file 'take over' your newsreader, it of course goes to work, downloading away. The bit that may be inserted somewhere in the file will probably not be obvious, but then you're going to un-rar the thing, and in that operation, it may cause problems. It's the same as in d/l'ing that email attachment. I don't do any unraring EXCEPT on a machine that's really 'locked down', and YES, I have gotten viruses from RAR archives. In the past; but now, I scan all nzb's in advance ('Pro-Active') and haven't for a long long time.

But in scanning the nzb, it does show a bit of 'extra info' in advance. Was the par set generated at the time the rar was, or some days later? Is there any other things that don't 'look right'? Was the nzb 'made up' by a third party, or by the original poster? All valid questions.

Now I'm not saying I'm paranoid, but then again, I'm not going to forgo 'reasonable' precautions. Simply taking a quick look and seeing if anything looks strange, is reasonable.

I always open EVERYTHING I download in a virtual machine and then scan with kaspersky and NOD32. If they find ANYTHING, I delete the files. Just can't risk that it might be a false positive.

I always open EVERYTHING I download in a virtual machine and then scan with kaspersky and NOD32. If they find ANYTHING, I delete the files. Just can't risk that it might be a false positive.

what the.. haha

Just search for the files yourself on newzleech/binsearch, problem solved.

NZB's are just XML. No executable code in there.

I always open EVERYTHING I download in a virtual machine and then scan with kaspersky and NOD32. If they find ANYTHING, I delete the files. Just can't risk that it might be a false positive.

What for? :blink:

There's no executable code in it.
If there was, it couldn't be executed anyway unless renamed to .exe.

The only way something malicious could be put in is if some newsreader had a bug/security flaw with reading the xml. Example: some specific piece of text was to make newsleecher, or some other reader, freeze.
Not too likely.

It's possible for a nzb file to be mislabeled though. You could download something that says Shrek 3 and it end up being porn for example.
That's not really a big deal though...

It's possible for a nzb file to be mislabeled though. You could download something that says Shrek 3 and it end up being porn for example.
That's not really a big deal though...

That would be more of a bonus though, really. :unsure:

It's possible for a nzb file to be mislabeled though. You could download something that says Shrek 3 and it end up being porn for example.
That's not really a big deal though...

That would be more of a bonus though, really. :unsure:

Like my newly downloaded porn video that shows a woman getting a bunch of Eels up her ass :unsure:

That would be more of a bonus though, really. :unsure:

Like my newly downloaded porn video that shows a woman getting a bunch of Eels up her ass :unsure:

nzb please:01:

I always open EVERYTHING I download in a virtual machine and then scan with kaspersky and NOD32. If they find ANYTHING, I delete the files. Just can't risk that it might be a false positive.

What for? :blink:Was a joke :rolleyes:

I think what the OP was asking about and what Beck38 addressed was extra content added to the NZB that is actually hosted on a news server. And, as Beck38 poited out,

LOTS of websites that gather and distribute NZB's 'insert' spam along with the nzb.

It is entirely possible that the creator of a NZB could point your newsreader to some malicious file which one could inadvertently open or some other offensive material or spam. It's always good to get your NZBs from a trusted source, like Newzbin (I can't speak for FST as I've never used their NZBs), or use one of the indexing sites available. I like binsearch (http://www.binsearch.info/) and alt.binaries.nl (http://alt.binaries.nl/) for these purposes as not all content is available as a NZB.

Like my newly downloaded porn video that shows a woman getting a bunch of Eels up her ass :unsure:

nzb please:01:

It was in a NZB file I got from a friend... I think he was drunk or something :P

If you want to take a look:

http://www.binsearch.info/?q=anal+eels&max=25&adv_age=7&server=

I think what the OP was asking about and what Beck38 addressed was extra content added to the NZB that is actually hosted on a news server. And, as Beck38 poited out,

LOTS of websites that gather and distribute NZB's 'insert' spam along with the nzb.

It is entirely possible that the creator of a NZB could point your newsreader to some malicious file which one could inadvertently open or some other offensive material or spam. It's always good to get your NZBs from a trusted source, like Newzbin (I can't speak for FST as I've never used their NZBs), or use one of the indexing sites available. I like binsearch (http://www.binsearch.info/) and alt.binaries.nl (http://alt.binaries.nl/) for these purposes as not all content is available as a NZB.

Thank you - finally, someone who understands!

I think what the OP was asking about and what Beck38 addressed was extra content added to the NZB that is actually hosted on a news server. And, as Beck38 poited out,

It is entirely possible that the creator of a NZB could point your newsreader to some malicious file which one could inadvertently open or some other offensive material or spam. It's always good to get your NZBs from a trusted source, like Newzbin (I can't speak for FST as I've never used their NZBs), or use one of the indexing sites available. I like binsearch (http://www.binsearch.info/) and alt.binaries.nl (http://alt.binaries.nl/) for these purposes as not all content is available as a NZB.

Thank you - finally, someone who understands!

we do understand its just its not really that big a deal. if your going to download warez of any kind no matter what source there is a risk of virus infection involved. hell there is a risk of infection from a legitimate source (http://www.theregister.co.uk/2001/01/24/hp_distributes_virus_infected_drivers/).

Spam is easy to deal with, you just delete it and keep the bits you want. nzbs only contain the metadata regarding the files you want to download. if someone includes malware into the nzb file it will only download it. you still have to execute it.

chances are on any good source like FST someone will pipe up and say this download sets off my virus scanner. someone will report it and the nzb is removed.

We should not consider it impossible that someday someone might discover a way to insert some sort of hostile code into an NZB file that would act as malware when the ZNB is opened by the newsreader.

After all, who would have ever thought that JPEGs could contain a trojan that activates when you view the image?

http://www.wired.com/science/discoveries/news/2004/09/65116