Download Hub Video Downloader
Joel Scancarello
If the downloader freezes, you don't want to re-login, and you're willing to experiment, go download the Procmon tool from Microsoft, use Procmon to find the file that the downloader is stuck on/waiting for, and create the file yourself to the directory (New File > Text Document, make sure you use the name the downloader is looking for, we just want the empty file). I had a lot of freezes running 2 downloaders at once, and used this method to unfreeze the frozen downloader every time it happened.
It's essentially a bet that between the download completing and the actual block being processed nothing will go wrong, which, given the internet and hours long processes, is unlikely to happen. And using more download threads likely increases the probability this will happen because the downloader processes blocks sequentially, and you can have up to 30 blocks on disk waiting.
The instructions XML file has timeout_millisec="3600000" in it, so I'm assuming that's for each download thread. I'd argue that waiting an hour is absurdly long, but the 1 hour timeout doesn't seem to apply to the downloader itself.
As far as I can tell (by tracing with Procmon), the downloader will spawn a new download process for every block. If it was a new thread within a process, you could persist the curl session and pass it to the thread, which could reuse the existing TCP session. This is an issue because TCP sockets are (usually) tied to a process, so every new process start means the downloader will need to reestablish the connection and hit TCP Slow Start in the process.
Admittedly, this doesn't impact the download other than make it slower. I've got gigabit fiber and the downloader would come close to maxing it out (downloading 900Mbps), fall off to 2Mbps, and then ramp back up. Repeat for every group of blocks that are downloaded.
Improvement: Download processes should persist for use by multiple blocks (check for instructions, self terminate if no new ones after a time limit like 30 seconds?), so that the TCP connection is reused. This does require more invasive changes (each downloader process will need to watch for instruction files with its thread id & the parent pid instead of passing it to the process as part of process creation, ), and you
This made Windows flash the title bar periodically because it stopped responding to input events. I'd bet the downloader is doing work on the UI thread, or doing UI on the work thread. Or just single threaded to begin with.
The downloader does some funky network stuff, Fiddler couldn't catch it doing any network requests, so it might not be respecting proxy settings. And of course there's no way to set a proxy server to use.
In addition to the URL downloader, Downloader by AFTVnews also has a small integrated web browser. Thanks to this, you can comfortably search for the addresses of the files you want to download. Simply copy the URLs, then paste them in the download section to download the corresponding files.
The Gameover ZeuS botnet operators distribute both Pony Loader and the Upatre downloader through spam emails sent by the Cutwail botnet. Many lures have used social engineering techniques by impersonating financial institutions and government agencies to trick a victim into executing the malware. The spam emails have an embedded malware executable in a ZIP attachment, so user interaction is required to infect the system. Figure 2 shows an example spam email containing the Upatre downloader as an attachment.
The operators of Gameover ZeuS regularly update their tactics, techniques, and procedures (TTP). Their latest move appears to complicate signature-based network detection for their malware downloaders by using compromised websites and SSL. The prolonged use of the Cutwail spam botnet for attracting new victims indicates that these campaigns continue to be effective. The CTU research team advises organizations to remain vigilant and to deploy a defense-in-depth strategy that includes the following components:
Before you run Configuration Manager setup to install or upgrade a site, you can use the setup downloader standalone tool to download updated setup files. Run the tool from the version of Configuration Manager that you want to install. Use updated setup files to make sure your site installation uses current versions of key installation files.
When you use setup downloader, you specify a folder to contain the files. The account you use to run the tool must have Full Control permissions to the download folder. When you run setup to install or upgrade a site, you can specify this local copy of files you previously downloaded. This behavior prevents setup from connecting to Microsoft when you start the site install or upgrade. You can use the same local copy of setup files for other site installations or upgrades of the same version.
Specify the path for the folder to store the updated installation files, and then select Download. Setup downloader verifies the files that are currently in the download folder. It downloads only files that are missing or that are newer than existing files. It creates subfolders for downloaded languages, and other required components.
Download path: To automatically start the verification or download process, specify the path to the download folder. When you use the /NOUI option, the download path is required. If you don't specify a download path, setup downloader prompts you to specify the path. If the folder doesn't exist, setup downloader creates it.
NewDownloader creates a new Downloader instance to downloads objects fromS3 in concurrent chunks. Pass in additional functional options to customizethe downloader behavior. Requires a client.ConfigProvider in order to createa S3 service client. The session.Session satisfies the client.ConfigProviderinterface.
Additional functional options can be provided to configure the individualdownload. These options are copies of the Downloader instance Download iscalled from. Modifying the options will not impact the original Downloaderinstance. Use the WithDownloaderClientOptions helper function to pass in requestoptions that will be applied to all API operations made with this downloader.
If the GetObjectInput's Range value is provided that will cause the downloaderto perform a single GetObjectInput request for that object's range. This willcaused the part size, and concurrency configurations to be ignored.
A trojan-downloader is a type of trojan that installs itself to the system and waits until an Internet connection becomes available to connect to a remote server or website in order to download additional programs (usually malware) onto the infected computer.
Trojan-downloaders are also commonly distributed as disguised file attached to spam emails. The attached programs are typically labelled using legitimate-sounding program or document names, such as 'invoice' or 'accounts.exe', as a simple form of social engineering. If the file attachment is opened, the trojan-downloader is installed.
Once a trojan-downloader has been installed on a machine, it will try to contact to a remove server or website, where it can either directly fetch additional files for download, or find further instructions from the attackers on where to find the files.
df19127ead