Your Ad Here Your Ad Here
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Caution downloading NZBs?

  1. #1
    Does everyone look at the contents of the NZB file before they launch it? Is it possible for the NZB creator to embed any malicious code to download content to your computer apart from what you're expecting? Is this why people are willing to pay places like Newzbin because they are more reputable with their NZB creations?

    Maybe I'm just being overly paranoid, but I never figured to look inside the NZBs.. I may start if there's a legitimate reason for concern.

    Can anyone chime in here with their comments?

    Thanks!

  2. Newsgroups   -   #2
    towerblocks's Avatar MW2 ADDiCT
    Join Date
    Jan 2006
    Posts
    41,612
    Quote Originally Posted by chadw01 View Post
    Does everyone look at the contents of the NZB file before they launch it? Is it possible for the NZB creator to embed any malicious code to download content to your computer apart from what you're expecting? Is this why people are willing to pay places like Newzbin because they are more reputable with their NZB creations?

    Maybe I'm just being overly paranoid, but I never figured to look inside the NZBs.. I may start if there's a legitimate reason for concern.

    Can anyone chime in here with their comments?

    Thanks!
    You must be kidding right

  3. Newsgroups   -   #3
    Quote Originally Posted by towerblocks View Post
    You must be kidding right
    You mean you don't view of every page you visit and open images in notepad before you allow them to be displayed? Living on the edge a bit aren't we,

  4. Newsgroups   -   #4
    Member
    Join Date
    Mar 2006
    Posts
    1,377
    Quote Originally Posted by chadw01 View Post

    Can anyone chime in here with their comments?

    Thanks!
    Well, maybe I started this with a comment a day or so ago, but...

    LOTS of websites that gather and distribute NZB's 'insert' spam along with the nzb. Now I have to admit, that the ORIGINATOR of the nzb format (Newzbin.com) which I've had an account since the day they went 'subscription', I've never seen it from them. But a fair number of others, yes. This site? I don't think so, but then again, I've never used an NZB from here so I don't know, but I doubt it VERY highly as it has always looked like an above board operation (towerblocks in particular, kudos to him).

    Anyway, consider that blindly using nzb's to d/l things is rather like, as I think 'omgwtfbbq' pointed out, is rather like sitting in 1991 (the year I got on the internet and usenet), and blindly opening every email attachment without regard.

    One can either be pro-active, or post-active. Pro-active means using a decent 'up front' email scanner like 'Mailwasher' to manually/semi-automatically scan all your incoming mail BEFORE actually letting it into your mail program. Post-Active means buying tons of programs from Symatantic and letting them deal with all the junk AFTER it's infected your machine.

    Obviously, Pro-Active is MUCH better. Now, when you let that nzb file 'take over' your newsreader, it of course goes to work, downloading away. The bit that may be inserted somewhere in the file will probably not be obvious, but then you're going to un-rar the thing, and in that operation, it may cause problems. It's the same as in d/l'ing that email attachment. I don't do any unraring EXCEPT on a machine that's really 'locked down', and YES, I have gotten viruses from RAR archives. In the past; but now, I scan all nzb's in advance ('Pro-Active') and haven't for a long long time.

    But in scanning the nzb, it does show a bit of 'extra info' in advance. Was the par set generated at the time the rar was, or some days later? Is there any other things that don't 'look right'? Was the nzb 'made up' by a third party, or by the original poster? All valid questions.

    Now I'm not saying I'm paranoid, but then again, I'm not going to forgo 'reasonable' precautions. Simply taking a quick look and seeing if anything looks strange, is reasonable.

  5. Newsgroups   -   #5
    mbucari1's Avatar Poster BT Rep: +35BT Rep +35BT Rep +35BT Rep +35BT Rep +35BT Rep +35BT Rep +35
    Join Date
    Jan 2007
    Age
    30
    Posts
    2,871
    I always open EVERYTHING I download in a virtual machine and then scan with kaspersky and NOD32. If they find ANYTHING, I delete the files. Just can't risk that it might be a false positive.

  6. Newsgroups   -   #6
    Quote Originally Posted by mbucari1 View Post
    I always open EVERYTHING I download in a virtual machine and then scan with kaspersky and NOD32. If they find ANYTHING, I delete the files. Just can't risk that it might be a false positive.
    what the.. haha

  7. Newsgroups   -   #7
    Just search for the files yourself on newzleech/binsearch, problem solved.

  8. Newsgroups   -   #8
    NZB's are just XML. No executable code in there.
    Usenet software/services news and updates:
    http://www.usenetwatch.com

  9. Newsgroups   -   #9
    Skiz's Avatar (_8(I)
    Join Date
    May 2003
    Location
    CO
    Age
    40
    Posts
    29,632
    Quote Originally Posted by mbucari1 View Post
    I always open EVERYTHING I download in a virtual machine and then scan with kaspersky and NOD32. If they find ANYTHING, I delete the files. Just can't risk that it might be a false positive.
    What for?



    ΜΟΛΩΝ ΛΑΒΕ
    The FST Last.fm group

  10. Newsgroups   -   #10
    tesco's Avatar woowoo
    Join Date
    Aug 2003
    Location
    Canadia
    Posts
    24,069
    There's no executable code in it.
    If there was, it couldn't be executed anyway unless renamed to .exe.

    The only way something malicious could be put in is if some newsreader had a bug/security flaw with reading the xml. Example: some specific piece of text was to make newsleecher, or some other reader, freeze.
    Not too likely.

    It's possible for a nzb file to be mislabeled though. You could download something that says Shrek 3 and it end up being porn for example.
    That's not really a big deal though...

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •