MP3 Virii
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: MP3 Virii

  1. #1
    Member
    Join Date
    Apr 2002
    Posts
    97

    MP3 Virii

    My parents computer has recently been thrashed by a virus, and it's gotten me to think about virii more seriously. In my ponderings I began to wonder whether or not a virus has been created that could attach itself to MP3's. This is not a request for any virii that can do so, just a curiosity of whether it has been developed yet so I can protect myself from a possible threat. Any input would be greatly appreciated.
    The radiance of ignorace in a world of nothingness and all of this time your pestilence has created nothing but uselessness

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Location
    Helsinki, Finland
    Posts
    570
    No, mp3's can't contain executable code BUT an *.mp3-file can still be harmful, because the players don't check the file extension, they just check the header stuff in the file. That way a *.wma-file (or other that can contain malicious code) can be renamed to *.mp3 and players just play it and execute the code, user won't know that it's actually a .wma-file.

    This was an issue in Winamp 2.79 but it was quicly fixed in 2.80 update. The current version is 3.something which is not vulnerable. I don't know about other players.
    Q: Why do computer scientists confuse Christmas and Halloween?
    A: Because Oct 31 = Dec 25

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Plain MP3 cannot contain any contain active content (i.e. code), therefor it cannot contain viruscode. WMA files can contain active content and thus can potentially be infected.

    Unfortunately .wma files can be renamed to .mp3 and WMP will happely play them (and execute any code contained in them).

    See http://online.securityfocus.com/news/338
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Junior Member
    Join Date
    Jun 2002
    Posts
    4
    maybe .mp3.exe . I remember getting a virus on kazaa when they had problems with their filtering. I did a search for nofx- the decline under audio and I didn't check the filename. Sure enough it was nofx- the decline.mp3.exe . Kazaa's poor filtering found me nofx- the decline.mp3 . This was about a year ago when I didn't have virus proteciton and My hardrive trashed due to it. But umm, there's my answer, it's early in teh morning so sorry if i'm rambling.
    UberGeek\'s Signature
    ub3r.net - my Web site
    tell your AIM buddies who owns you
    funny ass video

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Location
    Helsinki, Finland
    Posts
    570
    Edit/Add: Not to mention if the file is named "song.mp3.vbs" or "song.mp3.exe", that's a worse thing, but you do keep the file extensions visible for all file types, don't you??
    Q: Why do computer scientists confuse Christmas and Halloween?
    A: Because Oct 31 = Dec 25

  6. #6
    Senior Member
    Join Date
    May 2002
    Posts
    390
    i believe microsoft recently put out an update for their player that protects a little more. but zero is right you should have your file extensions visible to see the multiple extensions (er rather just the name and the one actual exec extension like vbs or exe)
    recently we've had...

    Microsoft Security Bulletin MS02-046: Buffer Overrun in TSAC ActiveX Control Could Allow Code Execution (Q327521)
    Microsoft Security Bulletin MS02-032: 26 June 2002 Cumulative Patch for Windows Media Player (Q320920) (Version 2.0)
    just like water off a duck\'s back... I AM HERE.

    for CMOS help, check out my CMOS tut?

  7. #7
    Banned
    Join Date
    Jul 2002
    Posts
    877
    There was a MP3 virus hoax that had some peaple spooked. I useually stay away from long names that are so long that it cuts off part of the name. A example of this would be RARESOooNG.e.... clearly this is a example someone trying to cover a exe by makeing the name so long that it becomes hard to tell what it really is. If your downloading software then you will be at much larger risk then a music download. A friend of mine downloaded a game but he discovered shortly after downloading that the 'GAME' he had downloaded had miles and miles of exacutable files. Luckly his AV caught onto the viruses before anything spread but its still dreadfull that a person could get that amount of evil code within one download.

  8. #8
    Senior Member Unl3Ashed's Avatar
    Join Date
    Aug 2002
    Posts
    103
    ...........Bloat' spreads in a manner similar to the recent Word-Macro virus family. Virus code is conveyed and spread within *.mp3 audio files upon being opened by player software. The program inserts a single string of virus code immediately following the title/artist tag of an Mp3 file. Bloat only targets files having an MP3 or EXE extension. Similar audio formats such as VQF (Twin-VQ), WAV, Mp4 (under development), RA (Real Audio), and AAC (Advanced Audio Coding) cannot carry the virus.

    Source: http://www.mp3.com/news/111.html
    "Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
    - Albert Einstein

  9. #9
    Member
    Join Date
    Apr 2002
    Posts
    97
    "A MP3 Virus hoax is circulating on the net and snaring some of the more popular MP3 sites in its scam. In spite of what appears to be an official announcement, a little fact checking reveals the organizations cited to be nonexistent and no record of the virus with any credible authority.


    The always diligent Brian McWilliams of PC-radio.com pointed out that the phony message first appeared in newsgroups more than a month ago. Also, his own research into the supposed source organization came up empty."

    I think you missed the first few paragraphs Unl3Ashed......
    The radiance of ignorace in a world of nothingness and all of this time your pestilence has created nothing but uselessness

  10. #10
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    I Use my own GUI with mIRC to play Mp3's and WMA's, mIRC is too stupid to execute any kind of code other than Audio

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides