I tried posting this on Reddit but the mods have to approve it and haven’t yet. I’ll warn you guys.

I just downloaded the HumbleBundle Programming MEGA Bundle 2024 by Packt via torrent and stored it in my NAS. That system ran a virus check and found the file pragmaticmicroserviceswithcandazure.zip had a virus Win.Packed.Pwsx-10034067-0 in it. Is this common on HumbleBundle? I would expect something like this on a cybersecurity bundle for studying viruses but not on one about microservices. This zip file is for the book Pragmatic Microservices with C# and Azure.

      • @givesomefucks
        link
        English
        -13
        edit-2
        6 days ago

        I downloaded the torrents directly from their website

        You most definitely did not…

        You may have downloaded the tracker from the website, which is something entirely different and open to things being injected.

        • @CrayonRosary
          link
          English
          18
          edit-2
          5 days ago

          You’re being pedantic. The file extension is .torrent. Lay people call those torrents.

          You, yourself just used “tracker” wrong. The tracker is the server hosting the torrent peer list, etc. Not the .torrent file.

          And then your followup comment is just you calling the original commenter ignorant. You’re not helping at all.

          Torrent files contain hashes that verify the contents of the associated files. They are not easy to fake by injecting malware. That would require finding a hash collision so your malware files (plus some padding) hash to the same value found in the legitimate torrent file. That not some easy task to do.

          Downloading a torrent file from a legitimate site—and its associated data—is as secure as downloading any file from that same site.

          • @givesomefucks
            link
            English
            -75 days ago

            The tracker is the server hosting the torrent peer list, etc. Not the .torrent file.

            Yes.

            Which is what OP actually downloaded from Humble…

            This ain’t difficult, but I’m not explaining it anymore when you’re running around calling me an ass.

            • @CrayonRosary
              link
              English
              5
              edit-2
              5 days ago

              It’s true, though. This was you being an ass:

              No, I’m reading what you write and gathering that you have zero idea how torrents work or even what they are…

              What an asshole thing to say. And “running around”… Funny. It was one comment.

              Which is what OP actually downloaded from Humble…

              You said they downloaded the “tracker”. Wrong!

              I’m starting to gather that you have zero idea how torrents work or even what they are…

        • AwesomeLowlander
          link
          fedilink
          English
          75 days ago

          Not OP, but how do you inject anything into a torrent, assuming the torrent is official? I’m not aware of that possibility.

        • @[email protected]OP
          link
          fedilink
          English
          16 days ago

          I re-downloaded the zip file in question but this time directly. Scanned it again and it came back OK. So you’re telling me that HumbleBundle will let these torrents potentially have viruses? I thought the files came from some resources HumbleBundle controlled.

          • @givesomefucks
            link
            English
            -105 days ago

            No, I’m reading what you write and gathering that you have zero idea how torrents work or even what they are…