VideoHelp Forum




Closed Thread
Page 1 of 3
1 2 3 LastLast
Results 1 to 30 of 90
  1. Member illgamma's Avatar
    Join Date
    May 2004
    Location
    United States
    Search Comp PM
    i was discussing this with my roommate. i say you cannot get a virus from running a downloaded video file like avi or mpeg, he says you can. so, can you get a virus, trojan, ect from running a downloaded video file?

  2. Banned
    Join Date
    Sep 2004
    Location
    Inner Circle of Thought
    Search Comp PM
    Yep.

    You can even get one from a mp3.

    I got one one time for visiting a Linkin Park website.

  3. How? Won't your player report a bad file and not be able to play it? I would think the only way to get a virus is if you have file extensions hidden and you launch a trojan by double clicking on it.


    Darryl

  4. Banned
    Join Date
    Sep 2004
    Location
    Inner Circle of Thought
    Search Comp PM
    Originally Posted by dphirschler
    How? Won't your player report a bad file and not be able to play it? I would think the only way to get a virus is if you have file extensions hidden and you launch a trojan by double clicking on it.


    Darryl
    Some viruses and trojans lay dormant until double clicked and activated.

    The latest strands of viruses have been written to goto sleep to elude antivirus programs.

  5. Member
    Join Date
    Oct 2001
    Location
    United Kingdom
    Search Comp PM
    Originally Posted by bazooka
    Yep.
    You can even get one from a mp3.
    I don't believe any of this is true, in the general sense. In order to get a virus or a trojan you have to execute code: either something like a Word macro or actual machine code. No execution, no opportunity for the virus or trojan to do any work (the only exceptions are those email "viruses" where the copy mechanisms are the idiots who email each other to warn about those email viruses...).

    While any AVI (for example) could technically carry the code for a virus, either embedded in the pixel values or as extension chunks - this isnt going to do anything unless the media player extracts the code and runs it, which it isn't going to do unless embedded executable code is a recognized feature of that media format: and I would hope that no codec designer is that stupid in this day and age. Certainly this isn't an option in MPEG1, MPEG2 (dont know whats in MPEG4), nor any of the MPEG audio formats, nor does this feature exist in any popular AVI codec.

    Of course, you can have one file type masquerading as a completely different file type (so you double click a file with an AVI extension that turns out to really be an exe file), but I don't think that was the question.

    Also, if you downloaded some weird AVI codec plus an AVI file which demonstrates this codec, then its possible that the codec itself is a trojan, or that it supports embedded executable code: but this would almost certainly be due to deliberate malicious intent, and you would only get caught by it if you are the type that gets caught by any other virus and trojan, ie. if you are in the habit of downloading unverified executable files and running them on your PC.

  6. Banned
    Join Date
    Sep 2004
    Location
    Inner Circle of Thought
    Search Comp PM
    Originally Posted by mpack
    Originally Posted by bazooka
    Yep.
    You can even get one from a mp3.
    I don't believe any of this is true, in the general sense. In order to get a virus or a trojan you have to execute code: either something like a Word macro or actual machine code. No execution, no opportunity for the virus or trojan to do any work (the only exceptions are those email "viruses" where the copy mechanisms are the idiots who email each other to warn about those email viruses...).

    While any AVI (for example) could technically carry the code for a virus, either embedded in the pixel values or as extension chunks - this isnt going to do anything unless the media player extracts the code and runs it, which it isn't going to do unless embedded executable code is a recognized feature of that media format: and I would hope that no codec designer is that stupid in this day and age. Certainly this isn't an option in MPEG1, MPEG2 (dont know whats in MPEG4), nor any of the MPEG audio formats, nor does this feature exist in any popular AVI codec.

    Of course, you can have one file type masquerading as a completely different file type (so you double click a file with an AVI extension that turns out to really be an exe file), but I don't think that was the question.

    Also, if you downloaded some weird AVI codec plus an AVI file which demonstrates this codec, then its possible that the codec itself is a trojan, or that it supports embedded executable code: but this would almost certainly be due to deliberate malicious intent, and you would only get caught by it if you are the type that gets caught by any other virus and trojan, ie. if you are in the habit of downloading unverified executable files and running them on your PC.
    I deal in computer security. Why would I make this up? I am a network engineer by trade.

    And yes,
    You can have a virus within an mp3. I have seen it happen.

  7. No only executable files can carry virii, trojans, spyware etc. such as .exe, .vbs, etc. NOT .avi, mpeg. or even .mp3 which are compressed files that are not executable they require an exe to run.

    What happens is someone will rename a file song.mp3.exe and if windows is configured on defeault "Hide Extentions To Known File Types" it is displayed as song.mp3 and users get infected. I reccomend you configure windows properly to see all extentions.

  8. Banned
    Join Date
    Sep 2004
    Location
    Inner Circle of Thought
    Search Comp PM
    Originally Posted by tvideo
    No only executable files can carry virii or trojans, such as .exe, .vbs, etc. NOT .avi, mpeg. or even .mp3 which are compressed files that are not executable they require an exe to run.

    What happens is someone will rename a file song.mp3.exe and if windows is configured on defeault "Hide Extentions To Known File Types" it is displayed as song.mp3 and users get infected. I reccomend you configure windows properly to see all extentions.
    Are you calling me a liar?

    I said I saw one contain a virus.

  9. It isn't possible Bazooka .mp3 is not a self executing file it requires a program to launch it...just cannot happen

  10. Member mats.hogberg's Avatar
    Join Date
    Jul 2002
    Location
    Sweden (PAL)
    Search Comp PM
    Well since image files can carry "virus", why not a video file? All that's required ís some unsuspecting buffer for you to overflow. But it'd require the victim to use a specific viewer and/or decoder for the exploit to work.

    /Mats

  11. Banned
    Join Date
    Sep 2004
    Location
    Inner Circle of Thought
    Search Comp PM
    Originally Posted by tvideo
    It isn't possible Bazooka .mp3 is not a self executing file it requires a program to launch it...just cannot happen
    It is possible. Read my pm.

  12. Член BJ_M's Avatar
    Join Date
    Jul 2002
    Location
    Canada
    Search Comp PM
    there is metadata in mp3 file and some avi files ..

    im no virus expert - but when there is meta data , im sure it can be used in a bad way (speccially on mp3 files - where it would be VERY easy to call up a url (hidden) and either report home or download a file) ... the report home has been done for sure ..

    im not going to bother - but i bet a search will turn up mp3 virii
    "Each problem that I solved became a rule which served afterwards to solve other problems." - Rene Descartes (1596-1650)

  13. Originally Posted by tvideo
    No only executable files can carry virii, trojans, spyware etc. such as .exe, .vbs, etc. NOT .avi, mpeg. or even .mp3 which are compressed files that are not executable they require an exe to run.

    What happens is someone will rename a file song.mp3.exe and if windows is configured on defeault "Hide Extentions To Known File Types" it is displayed as song.mp3 and users get infected. I reccomend you configure windows properly to see all extentions.
    Wrong, sorry. There has been a recent scare (see here) how a flaw in windows handling of jpeg files can be used to carry a virus. Concept code has been published on security sites showing how it could be done. If simply viewing a jpeg can get you infected with a virus, I don't see why an mp3 can't too.

    Some types of video file (wmv in particular) can contain a URL and cause a web page to open when you play the video. If this web page contains a malicous active X control with a forged signature (for instance), you could get infected with a virus this way. So the video itself may not contain the virus, but playing such a video can cause you to get infected.

  14. Banned
    Join Date
    Sep 2004
    Location
    Inner Circle of Thought
    Search Comp PM
    Thank you mods. Some people seem to think I am making this up.

  15. I do NOT think you're making this up.

    There was a .vbs virus going around in 99/00 that "currupted" mp3 files but the mp3 could not carry a virus and spread it to another file. All that did was re-write the headers so the mp3s didn't work.

    My guess is the system was infected by another virus (since this person probably downloaded a lot more than just mp3s) or as I said windows was configured by the "default" settings and the file was NOT an mp3 file and he ran it thinking it was.

  16. Член BJ_M's Avatar
    Join Date
    Jul 2002
    Location
    Canada
    Search Comp PM
    mp2 and mp3 files can carry the VBS.LoveLetter and variants virus's .. i just checked ..

    and the mp3 and mp2 and mpeg files are not destroyed but the VB code is just tagged to the end of the file ..

    http://securityresponse.symantec.com/avcenter/venc/data/vbs.loveletter.a.html
    "Each problem that I solved became a rule which served afterwards to solve other problems." - Rene Descartes (1596-1650)

  17. Banned
    Join Date
    Sep 2004
    Location
    Inner Circle of Thought
    Search Comp PM
    Like I said,

    You can insert virii within any file.

    That includes within an mp3.

  18. Член BJ_M's Avatar
    Join Date
    Jul 2002
    Location
    Canada
    Search Comp PM
    the W32/Badtrans-B virus is also often in a fake mp3 file (just labeled as a mp3)
    "Each problem that I solved became a rule which served afterwards to solve other problems." - Rene Descartes (1596-1650)

  19. Banned
    Join Date
    Sep 2004
    Location
    Inner Circle of Thought
    Search Comp PM
    Originally Posted by tvideo
    I do NOT think you're making this up.

    There was a .vbs virus going around in 99/00 that "currupted" mp3 files but the mp3 could not carry a virus and spread it to another file. All that did was re-write the headers so the mp3s didn't work.

    My guess is the system was infected by another virus (since this person probably downloaded a lot more than just mp3s) or as I said windows was configured by the "default" settings and the file was NOT an mp3 file and he ran it thinking it was.
    There have now been two other people that have proved you wrong. Are you still going to be a fool and tell me it is not possible?

  20. It changes the files to a .vbs file

    " The worm also appends the .vbs extension to each of these files. For example, image.jpg becomes image.jpg.vbs. However, files with .mp2 and .mp3 extensions are merely hidden and not destroyed."

    However not sure what they mean about the MP2 and MP3 extentions being "hidden"? So name.mp3 becomes name.vbs ?

  21. "Files with extensions of .mp2 and .mp3 will be hidden from the user by setting the hidden directory attribute."

    If windows is configured correctly "Show hidden files" you will not be fooled...again this is a .VBS worm, clever it re-writes the data and actually changes it into a .vbs file.

  22. Banned
    Join Date
    Sep 2004
    Location
    Inner Circle of Thought
    Search Comp PM
    It does not matter what you think.

    Mp2's,mp3's and any other file can carry a virus.

  23. MP3s cannot be infected, however it can change an MP3 into a VBS file.

    So that's what it is doing and misconfigured windows users will be fooled. Again MP3s cannot carry a virus technically speaking.

  24. It isn't concealing a virus it is being overwritten, changed. That is easily bypassed with windows being set up correctly to show all hidden files.

    It isn't an infected MP3, actually just overwrites the data and changes it to VBS

  25. Member holistic's Avatar
    Join Date
    May 2001
    Location
    here & there
    Search Comp PM
    Will all due respect, I call bullshit.

    It is a hoax.

    http://www.sophos.com/virusinfo/hoaxes/mpeg.html
    http://www.f-secure.com/hoaxes/mp3.shtml


    A worm can 'overwrite' a mp3 but then it isn't an mp3 is it !

    ][

  26. That was my point holistic, thank you.

  27. Banned
    Join Date
    Sep 2004
    Location
    Inner Circle of Thought
    Search Comp PM
    Whatever

  28. Member holistic's Avatar
    Join Date
    May 2001
    Location
    here & there
    Search Comp PM
    wrong to a whatever
    I'm open to new ideas . Next one you get please forward it to me (no harm / no foul) so I may analyze it.

    ][

  29. Member tmw's Avatar
    Join Date
    Jan 2004
    Location
    United States
    Search Comp PM
    Originally Posted by BJ_M
    mp2 and mp3 files can carry the VBS.LoveLetter and variants virus's .. i just checked ..

    and the mp3 and mp2 and mpeg files are not destroyed but the VB code is just tagged to the end of the file ..

    http://securityresponse.symantec.com/avcenter/venc/data/vbs.loveletter.a.html
    I think you only scanned the link you sent, but did not really read it:

    The worm also appends the .vbs extension to each of these files. For example, image.jpg becomes image.jpg.vbs.
    A virus in an MP3 doesn't exist, but as above illustrates it's a VBS that looks like an MP3. I'm disappointed in the knowledge level being distributed here.

    The recent virus as a part of a JPG set a new precendent, where non-executable files could have a virus (the macros in a Word document make it an executable). However, the JPG style virus is because of a security flaw in IE, and does not exist in other image viewers (e.g. Netscape, Photoshop, etc). There have not been any similar security flaws reported in Windows Media Player (or the like), and those things tend to get noticed.

    Just my thoughts, I could be wrong...

  30. Member Heywould3's Avatar
    Join Date
    Apr 2002
    Location
    always on the move
    Search Comp PM
    I wasnt going to get into this.. BUT i couldnt resist.. mpg jpg mp3 avi cant and dont have the actual virii BUT the can and have had imbeded urls that when played will take you to a web page.. if you are like most and use IE you will then have active x or what ever dl the virii and wam.. thats just one way.. but this has been talked about for years and it all ends the same way.. some people are 100% sure that they are right.. the people that are so sure that you can get one thru one of these files.. please post a link or fwd one of the files to be checked.. not trying to insult anyone.. but actualy trying to have people show facts not just hearsay..

    I have have seen these types of video files.
    i have also seen files that were named. filenam.mp3.1000spaces.exe or what ever. so you know that since even if you do have show extentions in the file name your not going to see the actual extention with all those spaces in the name.

    The video file that opens a url i have seen only happens for me anyway when i use VLC (videolan) im not sure if it happens with WMP but it may. i can look on my computer to see if i can find one.. they are usualy 1 or 2 min porn clips or some crap.




Similar Threads

Visit our sponsor! Try DVDFab and backup Blu-rays!