MP3 Viruses?
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: MP3 Viruses?

  1. #1
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548

    MP3 Viruses?

    Just wondering. but are there any viruses which can be implemented into audio or video files, for example .mp3 .mpg etc...

    As far as I have researched I have found none, but just want to check!

    J_K9
    TAZForum <---- click

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    In short.... No

    google search

    These files are "content" files. As such they are not executed but the contents are displayed by the associated program file.

    As with the recent .jpg vulnerability the file that can exploit the vulnerability is malformed, thus, techincally, it isn't a jpg file... it's simply an exploit disguised as a jpg file.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729
    i believe *.asf are capable of opening webpages so i wouldnt doubt it

    also i wouldnt put it past mp3 files either..its reading the file transalting 0's and 1's to audio.....maybe if you found an exploit in an audio player i would think it possiable.....weirder stuff has happened
    work it harder, make it better, do it faster, makes us stronger

  4. #4
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    Thanks. You have all confirmed my thoughts that mp3 viruses don't exist, and I think I've learnt something!

    Thank a lot!

    J_K9
    TAZForum <---- click

  5. #5
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    wasn't there a problem with Windows media WMA files.(suprise suprise). and this could be carried across to MP3 when the ´nfected" WMA was converted to MP3.. could have been a proof of concept or just a vulnerability report.. I can't find the info just now..

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I suppose the point I was trying to make is that it matters not what the file extension is. If a non-executable file is malformed, deliberately or not, then it is not longer a file of the type it purports to be by the use of it's extension.

    Thus if there is a vulnerablity in the application that runs the files of a given extension then the application can be exploited by the _malformed_ file. Strictly speaking the "virus" has not come in the form of a file of an appropriate file structure but merely in a file that purports to be of an appropriate structure.

    IMO, this is a serious failure in the security model. Allowing programs to act upon files while relying only on something as arbitrary as the file extension is a mistake. Common file types should have recognizable headers, (most do IIRC), and double clicking a file should initiate an application that checks the headers for validity and then calls the appropriate application and passes the file to it as parameter. In this way the file extension becomes irrelevant. Furthermore, if the header is unrecognized it would be no harder to associate the header to the appropriate application than it is to associate the application to the file extension as we do anyway. File headers that approximate a known header type but are "malformed" could then be flagged by to the user as potentially harmful and even be blocked if they are encountered in the future.... There's the GDIPlus.dll issue fixed.....

    You could argue that you could name a file picture .jpg when it is actually an executable .exe file and the application checking the headers would simply run the file thus leaving a huge hole for social engineering..... It wouldn't be difficult to have that application check the header against the extension and warn, (or even double warn to avoid mistakes), that the file extension is of a benign type but the header is that of executable code and that you should not continue unless you are sure the file is safe......

    Next problem please.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Senior Member
    Join Date
    Feb 2004
    Location
    Near Manchester (England)
    Posts
    145

    Thumbs up I Like Tiger Shark's Above Suggestion ...

    It makes sense, to me at least, and is simple but effective, and the simplest things work best!

    Tiger Shark - Have you submitted this idea to MicroSoft? If not, you certainly should.

    Can any one see any potential problems with this? It seems so obvious I can't believe it's not been implemented!
    Tomorrow is another day for yesterdays work!

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I'm pretty sure that this has been thought about and for some reason that I am too dim to come up with at this point they haven't done it....

    OTOH, if it's this simple and they haven't thought about it then I'm a genius.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    I may have misundertood the information at the time seems I have on the JPG problem..
    The JPG file vulnerability is AFIK a header corruption.. meaning that any picture can be corrupted.. as with what I undersood about a vulenerability with Windows media files.. this problem would then be carried across to a resulting MP3 file IF it was converted from an infected WM file.. for the life of me there was a thread on this matter on AO some bloody where.. I don't have the time or patients now to stuff around searching for it..

    AS for what TS is saying about File header information is true.. and there was a bug in WM9 that would allow it to execute a file: ie. an exe renamed as MP3 or WMA.. so any MP3 or WMA virus would be working on a weakness in the media player.. be it malformed header, or just renamed file..

    cheers

    if it's this simple and they haven't thought about it then I'm a genius....
    "and the candle flickers brighter for a second only to return to normal dim glow...." could be this effect..

    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Undies:

    The JPG file vulnerability is AFIK a header corruption.. meaning that any picture can be corrupted..
    When the header is corrupted in a malicious way then what follows in the rest of the file is not a .jpg. It's a buffer overflow followed by the exploit code. Thus it isn't a .jpg... It's a POS masquerading as a jpg.... hence my comments on the failure in the security model. It's not a problem with .jpg's it's a vulnerability in the associated application that is being exploited by people who lie about the nature of the file structure. It's really close to social engineering insofar as people "trust" .jpg's. But the exploit is part social engineering and part exploitation of an OS that depends upon a file extension to know what to do with it rather than assessing the file header in conjunction with the extension and determining a course of "sensible" action....

    "and the candle flickers brighter for a second only to return to normal dim glow...." could be this effect..
    How many times has this happened in my life already.... I get brilliant ideas only to find that the wheel was re-invented last week.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides