Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

1455 readers

36 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):

💰 Please help cover server costs.


Ko-fi	Liberapay

founded 2 years ago

MODERATORS

db0@lemmy.dbzer0.com

sunbrothersco@lemmy.dbzer0.com

dataprolet@lemmy.dbzer0.com

Flatworm7591@lemmy.dbzer0.com

RandomLegend@lemmy.dbzer0.com

is z-library safe? Am i infected after running pdf from there? (sopuli.xyz)

submitted 1 day ago* (last edited 20 hours ago) by reksas@sopuli.xyz to c/piracy@lemmy.dbzer0.com

16 comments fedilink hide all child comments

Specificially https://en.z-lib.gs/

I downloaded some pdfs from there and according to virustotal and some pdf online scanner i tried, they have something possibly malicious going on in them. I already deleted them but i opened them in firefox pdf reader. I dont have acrobat installed.

Scanning my system with malwarebytes now, but nothing is finding anything wrong and I havent seen any suspicious activity.

Here is the analysis itself.

https://www.virustotal.com/gui/file/f3140c932ab57256a8438eba31d18e4baee1413e7ec23d93b1c1f5194b6dea95/behavior

I'm starting to panic, please help if you have any advice

Thank you all, you are wonderful people

you are viewing a single comment's thread
view the rest of the comments

[–] reksas@sopuli.xyz 2 points 1 day ago* (last edited 1 day ago) (1 children)

If it is new malware, scanners wouldnt pick up on it.
On behavior tab there is tons of stuff. Shouldnt there be none? I dont know too much about virustotals results mean, but doesnt the mitre thing mean it could potentially do something like that?

[–] empireOfLove2@lemmy.dbzer0.com 9 points 1 day ago (1 children)

If it is new malware, scanners wouldnt pick up on it.

Actually they do often pick up on it, unless it is a very novel attack vector (and probably not something you'd find on a pirate site). Malware often follows very predictable code execution patterns of communicating with outside IP'S and modifying other executables, and these are things that can be detected by most AV.

On behavior tab there is tons of stuff. Shouldnt there be none?

There will never be none. it's all listed as low or no risk/informational only anyway, which goes back to the pattern recognition thing.

VT is listing things that the file has done during viewing. ALL things. This stuff might or might not be a concern, whether or not it's a known attack or pattern of malicious behavior. If you are a legit security analyst you can use the behavior data to see what files its touching and stuff and understand good and bad security design. Like, the only actual yellow warning is... it apparently looked at Google dns. Which is something any browser pdf viewer will do.

Oh. The other thing I forgot to mention, is every submission to Z-Lib goes through an approval process where a certain number of community contributors have to review the document and make sure it's legible, safe, and valid. I know, because I've submitted stuff before, it takes quite a few days to go live. It's not just random bad actors shotgunning stuff onto the site.

[–] reksas@sopuli.xyz 4 points 1 day ago

thank you, that puts my mind at ease somewhat