There are some torrrents showing up with .lnk
extension (ex: movie.mp3.lnk, tvshow.mkv.lnk…) and automated software (Sonarr, Radarr, Lidarr, qBittorrent RSS Downloader) could pick those torrents (but not import).
These (fake) torrents include a .lnk
file that executes a script on your Windows
HOW TO exclude from download on qBittorrent.
-
Go to Options -> Downloads
-
Enable “Exclude file names”
-
Add patterns:
(one by line)
*.mp4.lnk
*.mp3.lnk
*.mkv.lnk
*.torrent.lnk
Or exclude all together: *.lnk
Example on VirusTotal https://www.virustotal.com/gui/file/e74f64df6ebaf3a1b6e3f42591eb6e87d2ac2828eb5a99fd8d3d82c140137fc9/detection
You gotta love how aggressively they prevent users from seamlessly running executables from the internet, a VERY legitimate common use case, but a desktop shortcut from the internet? Run away!
thanks Microsoft for hiding extensions by default!
I use Arch btw
What if it executes and install Windows 11 on your machine!?
Oh lord please have mercy! Blacklisting the file extension right now!
ackshually the proprietary .lnk shortcut format can only be run on windows 🤓
Me too, but don’t want to download GBs of malware and bandwidth
Weak.
Harbor disaster. Seed the malware. Spread the fruits of chaos amongst the unworthy. Be complicit in their downfall. Feed on their agony ^^/s.lnk files are less than 4kb
Yet another reminder that piracy on Linux is the way because new files don’t have execute permissions by default
On many distros will open with WINE by default, not a big deal, you can just delete
~/.wine
. If it does anything
When I read the title, I was thinking of something sophisticated such as hidden executable streams inside the MKV container (IIRC, it’s possible to append binary data other than audio, video or subtitles specifically inside a MKV). The “.lnk” trick only works in Windows and, even there, it’s easy to prevent: Windows Explorer > Options > Advanced > find and check “Always show extensions for files” (i can’t really remember the exact label for this option as I’m not a Windows user, but something like this will be there).
I believe you uncheck “Hide extensions for known file types”
Exactly! Thanks! I couldn’t point the exact label, I’ve been using Linux for years in a daily basis so I forgot most of the Windows shortcuts/options.
Even then, that setting doesn’t unhide the “.lnk” file extension, that requires a registry edit: https://www.askvg.com/tip-how-to-show-file-extensions-of-shortcuts-lnk-url-pif-in-windows-explorer/
Although shortcuts are pretty easy to spot in the first place unless you just double-click things without paying attention lol
Could you just add *.lnk?
That’s mentioned near the bottom of the post.
deleted by creator
Ah yes you’re right
Nice to know! Thank you!
How is the link file executing malware? Can you put any shell script as the target?
I am pretty sure a link file can open cmd/powershell with parameters to execute commands