Transferring viruses?

[Lucifers_Ghost]

Greetings,

If an mp3 has an embedded virus or spyware or something in it (I believe thats possible to do anyway) and you transfer said mp3 to your cell phone, is it possible that the virus or what not in the mp3 can be transferred to the phone and mess it up?

Just curious.
LG

[thecoalman]

Viruses are designed to exploit specific vulnerabilities in software, so you would need a MP3 file with a virus that was made to exploit a vulnerability in your phones software.

Having said that files such as MP3's, video, images...etc are data files and are not likely to contain any malicious code. The only thing that comes to mind that I'm aware of recently was a vulnerability in a few Windows applications with JPEG's. Images and other data files can contain embedded meta data such as time the image was taken, camera, name of the song....etc Some MS apps were vulnerable to malicious code inserted into these fields. That was a few years ago.

[Heywould3]

http://www.mp3newswire.net/stories/2002/MP3virus.html

there is a threat in mp3s or was but it more meant to give hackers access to your computer. that wont really work on a phone. but i guess someday a person could make it so it sends the phone info or something to a hacker to gain acess to your service .. doubtful though.

[thecoalman]

That article is 5 years old.

12/19/02

[Heywould3]

That article is 5 years old.

12/19/02

I know, i just picked the first Google i found as i said "is or was" the threat has been fixed with patches. my point in posting that was to show that its possible with mp3s. in the case that i posted it was with a stack over flow but there have been other threats.

[EddyH]

I really dont know how dumb your software maker would have to be in order for their program to be susceptible to a virus *somehow* embedded in a JPG (see: microsoft ... this explains why my oldskool version of MSN refuses to transfer JPGs in or out of itself due to 'virus risks') or an MP3. They're just data files... no executable code. Either there would be a massive security hole, MS-style, that allowed data execution, or something else in the program could trigger it (the software writer in concert with the virus writer?), or an existing 'part 1' virus on a system may be able to take a more powerful and well hidden/inactive 'part 2' out of a data container file and polymorph the code into itself to become really nasty. but all these require some pre-existing condition in the computer/phone, like a susceptible program, virus writers who learn about it and figure out how to exploit it, oh, and in this particular case, some kind of virus that can automatically port itself between two completely different machine code languages when being transferred between platforms...

[thecoalman]

I really dont know how dumb your software maker would have to be in order for their program to be susceptible to a virus *somehow* embedded in a JPG

They weren't embedded in the picture data itself but in the EXIF data which stores information like the date the picture was taken, camera, all kinds of stuff. The image itself can exist with o without the EXIF data. Not sure how many programs this affected but there was a similar vulnerability in PHP, just like the windows bug it had to do with the EXIF data. Not sure if it was a separate issue but many PHP based photo galleries were also susceptible to embedded data.