0

I see a lot of file hosting services like rapidshare, mediafire etc. But, I wonder if some of them are malicious or not. Rapidshare seems okay, but there are many (obscure) sites like the ones below which seem dangerous to me. They probably tempt people to download files and run some exploits in the background.

How do I find out if they are okay or not ?

EDIT - I meant that I want to find out if these sites are genuinely interested in file hosting or if they are trying to tempt people to visit their website for downloads and then running some browser exploits when they come ?

Source - search "game videos filestube" on google.

enter image description here

FirstName LastName
  • 1,489
  • 4
  • 19
  • 28
  • Download something from them and find out? Use a VM sandbox and see what happens – David Houde Apr 26 '13 at 02:13
  • 3
    It's very difficult to precisely answer your question, it depends on many factors. But as far as I can so, a very similar question was answered here http://security.stackexchange.com/questions/32928/how-do-i-safely-inspect-a-suspicious-email-attachment – Adi Apr 26 '13 at 07:56

2 Answers2

4

It is not in the file hosting sites' best interests to be directly malicious towards end users. You'll find however, that some more unscrupulous advertising companies will load advertisements that entice you to click through which will then install things like adware. This type of advertising usually pays a little bit higher than standard banners and thus result in being more widespread among less scrupulous businesses (like some of the filehosting sites).

Off the top of my head, most of the above hosts are more or less 'safe'. You face more of a risk downloading unknown or 'cracked' applications from these sites that users have uploaded and shared links to.

You'd be relatively safe visiting these sites with an upto-date browser (and associated plugins like flash and java), AV and patched machine. If you use things like Ghostery , ad-block plus and a patched HOSTS file you'll be improving your security even more.

To say that any site is more or less safe than any other is difficult because if any of these sites get compromised then its entirely possible that they'll be unintentionally spreading malware. This also extends to the linked advertisements.

Simply put:

  • Block as many ads as you can

  • Dont click on anything that isn't the (sometimes disguised) download buttons

  • Don't download unknown exe's/cracks/etc from such sites

  • Make sure you system is patched and up-to date

Hope that helps.

NULLZ
  • 11,446
  • 18
  • 80
  • 111
  • well actually i also wanted to know if they use the filehosting service as a front to run browser exploits or something similar to infect people. – FirstName LastName Apr 29 '13 at 22:14
  • Well. The answer would be not deliberately no. It wouldn't lend well to their business model. The services they provide aren't meant to be 'free' and they look to convert 'free' users into paid subscribers. Delivering malware is a sure fire way to avoid people visiting your site... – NULLZ Apr 29 '13 at 23:26
4

If you want to get a general idea on how many malicious files these websites in question hosted in the not too distant past and what their status now is, then one service you could use to determine that is Google's Safe Browsing diagnostic. While it doesn't seem to have a front page, all you really have to do is provide the root address of the website in question as the single input parameter site. For example:

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=4shared.com

will return Google's diagnostic for 4shared.com:

Safe Browsing Diagnostic page for 4shared.com

What is the current listing status for 4shared.com? This site is not currently listed as suspicious.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site? Of the 571106 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-04-25, and the last time suspicious content was found on this site was on 2013-04-23. Malicious software includes 27 trojan(s), 18 exploit(s), 2 virus.

This site was hosted on 5 network(s) including AS40824 (WZCOM), AS35415 (WEBAZILLA), AS36351 (SOFTLAYER).

Has this site acted as an intermediary resulting in further distribution of malware? Over the past 90 days, 4shared.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware? Yes, this site has hosted malicious software over the past 90 days. It infected 0 domain(s), including.

There are of course other providers that rank websites based on their trustworthiness. One that comes off the top of the mind and has been around for a while now is Web of Trust. They also offer probably more convenient browser plugins linked with their ranking engine, than having to check websites' reputation manually.

Personally, I'm relatively happy and problem free (no malware unless I intentionally look for it) for years browsing pretty much any websites (basic caution should be practiced, but I'm of the curious sort, to be honest) with a good and always updated anti-virus software, paranoidly setup firewall, operating system updated with all the latest patches, and a few browser plugins that I wouldn't want to live without any more, such as Adblock plus and HTTPS Everywhere.

For other suggestions and good practices, please also read the @D3C4FF's answer. Maybe just one thing to add to it - at all costs avoid pirated software and fishy looking software that sound almost too convenient to be true! If you're not sure, you can always check user forums that you trust for opinion on some particular piece of software. Most users are perfectly happy with a few dozen of installed applications, so that shouldn't be too much of a bother to open a page or two to read about before installing them, no? ;)

TildalWave
  • 10,801
  • 11
  • 46
  • 85
  • well actually i also wanted to know if they use the filehosting service as a front to run browser exploits or something similar to infect people. – FirstName LastName Apr 29 '13 at 22:14
  • @FirstNameLastName - Your AV should alert you to that just as well as it should when you try downloading a malicious file, but if you're researching how often it happens that they host infected files and/or malicious browser scripts in some period of time, then the suggested websites can help you out with that. If you would like to hear my opinion, then I would have to say that most wouldn't want to resort to such schemes not to ruin their reputation, but it happens they temporarily host malicious files when their own AV scanners fail. I wouldn't hold it against them, unless it's frequent tho. – TildalWave Apr 29 '13 at 22:32