Caution downloading NZBs?

J

Jenny :)

New member
Does everyone look at the contents of the NZB file before they launch it? Is it possible for the NZB creator to embed any malicious code to download content to your computer apart from what you're expecting? Is this why people are willing to pay places like Newzbin because they are more reputable with their NZB creations?

Maybe I'm just being overly paranoid, but I never figured to look inside the NZBs.. I may start if there's a legitimate reason for concern.

Can anyone chime in here with their comments?

Thanks!
 
chadw01 said:
Does everyone look at the contents of the NZB file before they launch it? Is it possible for the NZB creator to embed any malicious code to download content to your computer apart from what you're expecting? Is this why people are willing to pay places like Newzbin because they are more reputable with their NZB creations?

Maybe I'm just being overly paranoid, but I never figured to look inside the NZBs.. I may start if there's a legitimate reason for concern.

Can anyone chime in here with their comments?

Thanks!
Click to expand...

You must be kidding right :lol:
 
chadw01 said:
Can anyone chime in here with their comments?

Thanks!
Click to expand...

Well, maybe I started this with a comment a day or so ago, but...

LOTS of websites that gather and distribute NZB's 'insert' spam along with the nzb. Now I have to admit, that the ORIGINATOR of the nzb format (Newzbin.com) which I've had an account since the day they went 'subscription', I've never seen it from them. But a fair number of others, yes. This site? I don't think so, but then again, I've never used an NZB from here so I don't know, but I doubt it VERY highly as it has always looked like an above board operation (towerblocks in particular, kudos to him).

Anyway, consider that blindly using nzb's to d/l things is rather like, as I think 'omgwtfbbq' pointed out, is rather like sitting in 1991 (the year I got on the internet and usenet), and blindly opening every email attachment without regard.

One can either be pro-active, or post-active. Pro-active means using a decent 'up front' email scanner like 'Mailwasher' to manually/semi-automatically scan all your incoming mail BEFORE actually letting it into your mail program. Post-Active means buying tons of programs from Symatantic and letting them deal with all the junk AFTER it's infected your machine.

Obviously, Pro-Active is MUCH better. Now, when you let that nzb file 'take over' your newsreader, it of course goes to work, downloading away. The bit that may be inserted somewhere in the file will probably not be obvious, but then you're going to un-rar the thing, and in that operation, it may cause problems. It's the same as in d/l'ing that email attachment. I don't do any unraring EXCEPT on a machine that's really 'locked down', and YES, I have gotten viruses from RAR archives. In the past; but now, I scan all nzb's in advance ('Pro-Active') and haven't for a long long time.

But in scanning the nzb, it does show a bit of 'extra info' in advance. Was the par set generated at the time the rar was, or some days later? Is there any other things that don't 'look right'? Was the nzb 'made up' by a third party, or by the original poster? All valid questions.

Now I'm not saying I'm paranoid, but then again, I'm not going to forgo 'reasonable' precautions. Simply taking a quick look and seeing if anything looks strange, is reasonable.
 
I always open EVERYTHING I download in a virtual machine and then scan with kaspersky and NOD32. If they find ANYTHING, I delete the files. Just can't risk that it might be a false positive.
 
I think what the OP was asking about and what Beck38 addressed was extra content added to the NZB that is actually hosted on a news server. And, as Beck38 poited out,
Beck38 said:
LOTS of websites that gather and distribute NZB's 'insert' spam along with the nzb.
Click to expand...

It is entirely possible that the creator of a NZB could point your newsreader to some malicious file which one could inadvertently open or some other offensive material or spam. It's always good to get your NZBs from a trusted source, like Newzbin (I can't speak for FST as I've never used their NZBs), or use one of the indexing sites available. I like binsearch and alt.binaries.nl for these purposes as not all content is available as a NZB.
 
emperorIX said:
I think what the OP was asking about and what Beck38 addressed was extra content added to the NZB that is actually hosted on a news server. And, as Beck38 poited out,

It is entirely possible that the creator of a NZB could point your newsreader to some malicious file which one could inadvertently open or some other offensive material or spam. It's always good to get your NZBs from a trusted source, like Newzbin (I can't speak for FST as I've never used their NZBs), or use one of the indexing sites available. I like binsearch and alt.binaries.nl for these purposes as not all content is available as a NZB.
Click to expand...

Thank you - finally, someone who understands!
 
There's no executable code in it.
If there was, it couldn't be executed anyway unless renamed to .exe.

The only way something malicious could be put in is if some newsreader had a bug/security flaw with reading the xml. Example: some specific piece of text was to make newsleecher, or some other reader, freeze.
Not too likely.

It's possible for a nzb file to be mislabeled though. You could download something that says Shrek 3 and it end up being porn for example.
That's not really a big deal though...
 
chadw01 said:
Thank you - finally, someone who understands!
Click to expand...

we do understand its just its not really that big a deal. if your going to download warez of any kind no matter what source there is a risk of virus infection involved. hell there is a risk of infection from a legitimate source.

Spam is easy to deal with, you just delete it and keep the bits you want. nzbs only contain the metadata regarding the files you want to download. if someone includes malware into the nzb file it will only download it. you still have to execute it.

chances are on any good source like FST someone will pipe up and say this download sets off my virus scanner. someone will report it and the nzb is removed.
 
Back
Top