Friendly reminder to update your favorite torrent client to the latest version.
Contrary to /g/ belief, there'll be no dialogue pop up to inform you when you've become part of someones botnet.
that's why i always recommend utorrent 2.2.1, it's full of exploits. the majority of my botnet are machines that useutorrent. sad to see that the devs finally found one of my favorite exploits
> The vulnerability relates to how BitTorrent and uTorrent handle URLs with the bittorrent or magnet protocol. By navigating the user to a specially formed link starting with bittorrent: or magnet:, an attacker can inject arbitrary command line parameters that will be passed to the BitTorrent or uTorrent executable. An attacker can leverage this vulnerability to execute code under the context of the current user.
All versions, except the latest ones of course, which have the vulnerability patched
Dimitri, go back to antichat.ru
But anon, surely this has been widely exploited, right?
Such a critical vuln.
Why do you care?
You can keep using your client of choice and other people can keep using theirs, even if it's "vulnerable".
Wtf are you even trying to say? utorrent is an executable. It executes executable code that make it do things. This is an exploit that makes the executable execute executable code from an outside source. Stop saying words you don't understand.
>trying this hard to move people away from god-tier client
>an attacker can inject arbitrary command line parameters
>under the context of the current user
>The exploitation is known to be difficult.
>µTorrent command line parameters
>µTorrent not started as administrator
>the worst that can happen is pages forcing µTorrent to take a big dump
Why should I be worried again?
Great selective quoting there batman.
>An attacker can leverage this vulnerability to execute code under the context of the current user.
Whooops can't say that on a christian utorrent shill forum!
>an attacker can inject arbitrary command line parameters that will be passed to the BitTorrent or uTorrent executable. An attacker can leverage this vulnerability to execute code under the context of the current user.
Which command line parameters enable the arbitrary code execution?
If you have a browser exploit that can blow through AV, are you gonna waste it on tech savvy uTorrent users?
"Huh, opening this magnet link opened a browser window and now I have a new process taking 100% CPU. Hmmmm... MAYBE I SHOULD REPORT THIS?"
I'd be passing out the link on Facebook, not torrent sites.
1. Embed your malware.exe in the Torrent, and include it in your malicious URL
2. /DIRECTORY "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "C:\Users\%USERNAME%\AppData\uTorrent\Your.torrent"
=> malware.exe is executed after the next reboot
This should work assuming the command-line can parse %USERNAME%
Otherwise relative paths might work
CAN YOU SCREW UP URL PARSING
H O W
Why is everyone on 2.2.1? 2.0.4 is far superior.
Faggots deserve everything they get.
>every virus is easily detectable
Ya i'm sure you're going to figure out it was that torrent you downloaded months ago that's been stealing all of your passwords and credit card numbers.
>mfw i still use image editing software from 1997 because i hate change and never bothered to learn gimp or photoshop.