Malware and pirated ebooks

DNSB · Today, 12:43 PM

Interesting item in The Hacker News on pirated ebooks now being used by ViperSoftX malware for attacks. There have been proof of concept ebooks with malware for years but looks like they have finally been weaponized though this is more due to using .rar archives to store them.

See ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks for more information.

Sirtel · Today, 01:14 PM

Seems to me that the ebooks themselves don't contain malware, the archives do. Why should anyone want to run an unknown executable from a random rar archive when they actually wanted an ebook is beyond me, but people are capable of doing some very stupid things.

theducks · Today, 01:25 PM

Many (Many) years ago, I had a case where Norton AV, checking my email, actually caused the deployment of a virus in an archive attachment.
(They fixed that flaw within hours)
The actual e-mail was SPAM, that I did not even open and sent to the bit bucket.. But the damage was already done.

Quoth · Today, 01:49 PM

Quote:

Originally Posted by Sirtel

Seems to me that the ebooks themselves don't contain malware, the archives do. Why should anyone want to run an unknown executable from a random rar archive when they actually wanted an ebook is beyond me, but people are capable of doing some very stupid things.

Agree with all of that.

I think it must be a slow aday for Hacker News.

j.p.s · Today, 01:51 PM

Quote:

Originally Posted by Sirtel

Seems to me that the ebooks themselves don't contain malware, the archives do.

That might change, since EPUBs support javascript.

JSWolf · Today, 01:54 PM

Quote:

Originally Posted by Sirtel

Seems to me that the ebooks themselves don't contain malware, the archives do. Why should anyone want to run an unknown executable from a random rar archive when they actually wanted an ebook is beyond me, but people are capable of doing some very stupid things.

Click here to infect your computer

OK. CLICK

Cactus Chef · Today, 03:49 PM

Do RAR's even offer much compression on an EPUB? The other day I was trying to send my wife some EPUBs over email and tried zipping them to get them under the 25mb attachment limit, but the ZIP file barely shaved more than a meg or two off the filesize versus just sending the EPUBs individually. 7-zip wasn't much better, and I couldn't guarantee that she had 7-zip installed on her PC. I ended up just sending her two emails.

DiapDealer · Today, 04:01 PM

Hardly matters on Windows these days. Defender is flagging/deleting just about every downloaded archive that contains executables as a severe threat (including executables that Defender doesn't flag when downloaded uncompressed). Quite annoying actually. You don't want to tell Defender to stop scanning ALL downloaded archives, but ... sheesh! Not everything out there is Wacatac.B!ml. Dial it down a notch Microsoft!

j.p.s · Today, 04:19 PM

Quote:

Originally Posted by Cactus Chef

Do RAR's even offer much compression on an EPUB?

An EPUB is a zip file. Zipping a zip is never going to give significant further compression. In some cases the file will get larger. Using a different general purpose compression algorithm on an already well compressed file will be unlikely to result in significant further compression.

ownedbycats · Today, 05:27 PM

Quote:

Originally Posted by Sirtel

Seems to me that the ebooks themselves don't contain malware, the archives do. Why should anyone want to run an unknown executable from a random rar archive when they actually wanted an ebook is beyond me, but people are capable of doing some very stupid things.

From the article:

Quote:

Attack chains propagating the malware are known to employ cracked software and torrent sites, but the use of eBook lures is a newly observed approach. Present within the supposed eBook RAR archive file is a hidden folder as well as a deceptive Windows shortcut file that purports to be a benign document.

Quote:

Attack chains propagating the malware are known to employ cracked software and torrent sites, but the use of eBook lures is a newly observed approach.

Yeah, it's an issue with RAR files, not ePubs or AZW3s or MOBis. That RAR could be holding a cracked game or a bunch of porn pics and still have the malware.

A few years ago there was a "WinRAR" vulnerability - except it wasn't actually WinRAR, it was a vulnerability in unacev2.dll and would affect any archive program using that specific library.

Today, 12:43 PM	#1
DNSB Bibliophagist Posts: 38,016 Karma: 150500002 Join Date: Jul 2010 Location: Vancouver Device: Kobo Sage, Libra Colour, Lenovo M8 FHD, Paperwhite 4, Tolino epos	Malware and pirated ebooks Interesting item in The Hacker News on pirated ebooks now being used by ViperSoftX malware for attacks. There have been proof of concept ebooks with malware for years but looks like they have finally been weaponized though this is more due to using .rar archives to store them. See ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks for more information.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Copyright & Pirated eBooks	KyBunnies	General Discussions	16	03-14-2017 05:11 PM
Pirated ebooks on Google Play?	GeoffR	General Discussions	12	02-04-2015 12:27 AM
Top 10 Most Pirated Ebooks of 2009	Sonist	News	42	05-22-2010 10:00 PM
The 10 Most Pirated eBooks of 2009	yagiz	News	50	09-09-2009 08:02 AM
Pirated ebooks on Amazon?	Daithi	Amazon Kindle	27	07-16-2009 02:07 PM

Today, 01:14 PM	#2
Sirtel Grand Sorcerer Posts: 10,730 Karma: 226728044 Join Date: Jan 2014 Location: Estonia Device: Kobo Sage & Libra 2	Seems to me that the ebooks themselves don't contain malware, the archives do. Why should anyone want to run an unknown executable from a random rar archive when they actually wanted an ebook is beyond me, but people are capable of doing some very stupid things.

Today, 01:25 PM	#3
theducks Well trained by Cats Posts: 30,130 Karma: 57500000 Join Date: Aug 2009 Location: The Central Coast of California Device: Kobo Libra2,Kobo Aura2v1, K4NT(Fixed: New Bat.), Galaxy Tab A	Many (Many) years ago, I had a case where Norton AV, checking my email, actually caused the deployment of a virus in an archive attachment. (They fixed that flaw within hours) The actual e-mail was SPAM, that I did not even open and sent to the bit bucket.. But the damage was already done.

Today, 03:49 PM	#7
Cactus Chef Addict Posts: 331 Karma: 5736038 Join Date: Apr 2019 Device: Kobo Sage, Kobo Clara HD, Galaxy Tab S5e, Kindle 4th Gen	Do RAR's even offer much compression on an EPUB? The other day I was trying to send my wife some EPUBs over email and tried zipping them to get them under the 25mb attachment limit, but the ZIP file barely shaved more than a meg or two off the filesize versus just sending the EPUBs individually. 7-zip wasn't much better, and I couldn't guarantee that she had 7-zip installed on her PC. I ended up just sending her two emails.

Today, 04:01 PM	#8
DiapDealer Grand Sorcerer Posts: 27,705 Karma: 196949708 Join Date: Jan 2010 Device: Nexus 7, Kindle Fire HD	Hardly matters on Windows these days. Defender is flagging/deleting just about every downloaded archive that contains executables as a severe threat (including executables that Defender doesn't flag when downloaded uncompressed). Quite annoying actually. You don't want to tell Defender to stop scanning ALL downloaded archives, but ... sheesh! Not everything out there is Wacatac.B!ml. Dial it down a notch Microsoft!