There are some torrrents showing up with .lnk
extension (ex: movie.mp3.lnk, tvshow.mkv.lnk…) and automated software (Sonarr, Radarr, Lidarr, qBittorrent RSS Downloader) could pick those torrents (but not import).
These (fake) torrents include a .lnk
file that executes a script on your Windows
HOW TO exclude from download on qBittorrent.
-
Go to Options -> Downloads
-
Enable “Exclude file names”
-
Add patterns:
(one by line)
*.mp4.lnk
*.mp3.lnk
*.mkv.lnk
*.torrent.lnk
Or exclude all together: *.lnk
Example on VirusTotal https://www.virustotal.com/gui/file/e74f64df6ebaf3a1b6e3f42591eb6e87d2ac2828eb5a99fd8d3d82c140137fc9/detection
I use Arch btw
What if it executes and install Windows 11 on your machine!?
Oh lord please have mercy! Blacklisting the file extension right now!
That would be the very worst malware. I mean both the malware that installed it and win11…
ackshually the proprietary .lnk shortcut format can only be run on windows 🤓
A Linux executable can’t be named ending on .lnk? 🤔🤔
Making such a polyglot that can run on both systems requires much more effort for little gain.
Me too, but don’t want to download GBs of malware and bandwidth
Weak.
Harbor disaster. Seed the malware. Spread the fruits of chaos amongst the unworthy. Be complicit in their downfall. Feed on their agony ^^/s
.lnk files are less than 4kb
That would seem suspicious. I’m sure they have some way to pad out the size.
Anyone paying attention to size would probably also notice they’re just .lnk files.
Not necessarily. Even with “hide extensions” unchecked, Windows hides the .lnk extension by default; it just shows an arrow in the bottom-right corner of the icon, which is plausibly missed when in the list view. I’m surprised antivirus doesn’t know about it already tbh.
Not these ones, some could have more than 1GB, look at the virustotal link, the file had 422MB.
Also Sonarr/Radarr filter torrents by size
Here some examples
https://bt4gprx.com/search?q=The.Lord.of.The.Rings.The.Rings.of.Power.S02E08
Those where posted on 1337x (and removed) and probably other sites, Sonarr can pick those based on release name and torrent size
PS: had to rename the fine from
.lnk
to.com
so virustotal could accept