MP3 and viruses

[Ka Khiong Kwok]

Don't know whether this is old news or not, but anyway I get the feeling
someone's being trying to infect MP3s with viruses. I don't mean just
renamed files but actual MP3s.

Just guts instinct really. Helpfully I'm wrong about it.

Regards,

Ka.

 

[Ian.H]

Don't know whether this is old news or not, but anyway I get the feeling
someone's being trying to infect MP3s with viruses. I don't mean just
renamed files but actual MP3s.

Just guts instinct really. Helpfully I'm wrong about it.

Regards,

Ka.

Can't be done (realistically).. the subject has been covered / discussed
in some detail in various places (IIRC.. there was an interview on C4 news
(UK) with Rhape97 regarding this a few years back).

My opinion, is in theory, yes, it could be done.. but you'd also have to
write an MP3 player along with it that everyone wanted to use to read /
execute your newly injected data.

I think the closest to an MP3 affecter, would be the likes of
W32/Scrambler which IIRC, read the MP3 and wrote the data back jumbled up
(hence 'Scrambler') which obviously, made your MP3s sound somewhat
"different" =)



Regards,

Ian

 

[John Coutts]

Don't know whether this is old news or not, but anyway I get the feeling
someone's being trying to infect MP3s with viruses. I don't mean just
renamed files but actual MP3s.

Just guts instinct really. Helpfully I'm wrong about it.

Regards,

Ka.

********************** REPLY SEPARATER **********************
A file must be executable in order to load a virus. That is to say that a pure
data file such as a .gif, or a .jpg cannot be executed. But one must be
careful about how a data file is defined. Document files such as .doc and
database files such as .mdb are supposedly data files, but Microsoft in it's
wisdom fostered the use of scripts embedded in both of these. Now a benign
data file suddenly becomes an executable with the potential to become a
vehicle for transmitting a virus.

To the best of my knowledge, MP3's do not contain any executable code, and
thus could be considered benign. The program used to download and play these
files however is an executable, and therefore has the potential to carry a
virus or open up back doors to your computer.

J.A. Coutts
Systems Engineer
MantaNet/TravPro

 

[Sugien]

Can't be done (realistically).. the subject has been covered / discussed
in some detail in various places (IIRC.. there was an interview on C4 news
(UK) with Rhape97 regarding this a few years back).

I would qualify that as "Can't be done as of this writing"; because not so
long ago it was said in news groups that by just reading an email one could
not get infected by a virus as we all know was proven wrong. Who knows what
will be possible in the future and what with Microsoft and the way they
handle plugins some time in the future who knows maybe a MP3 buffer
overflow using a M$ browser may be possible.

 

[James Egan]

not get infected by a virus as we all know was proven wrong. Who knows what
will be possible in the future and what with Microsoft and the way they
handle plugins some time in the future who knows maybe a MP3 buffer
overflow using a M$ browser may be possible.

There's already a buffer overrun vulnerability in unpatched xp by
mousing over mp3 files in windows explorer (and thus reading the tag)
but strictly speaking it's not a virus, is it?


Jim.

 

[Sugien]

There's already a buffer overrun vulnerability in unpatched xp by
mousing over mp3 files in windows explorer (and thus reading the tag)
but strictly speaking it's not a virus, is it?


Jim.

I am not so sure; because a buffer overrun could possibly be used to write
the viral code; but in the truest since I guess that would make the MP3 a
dropper and as such it would be a part of a virus; but not the actual virus?

 

[James Egan]

I am not so sure; because a buffer overrun could possibly be used to write
the viral code; but in the truest since I guess that would make the MP3 a
dropper and as such it would be a part of a virus; but not the actual virus?

Hmm. It'd be pedantic to differentiate between the two. Better call it
malware just in case.


Jim.

 

[Sugien]

virus?

Hmm. It'd be pedantic to differentiate between the two. Better call it
malware just in case.


Jim.

What with the way knowledge seams to be increasing exponationaley especially
in the computer world I have taken to trying to *never* say that something
is imposable, well without at least qualifying it by adding "at this time".

 

[Ka Khiong Kwok]

Ditto. I used to think that it's impossible for home users to have hi speed
net access, now it's as common as muck.
I just aim for the day when 1.44" gets scrubbed for zip disks and CDRW as
the standard for quick access storage.

All the best,

Ka.

virus?

Hmm. It'd be pedantic to differentiate between the two. Better call it
malware just in case.


Jim.

What with the way knowledge seams to be increasing exponationaley especially
in the computer world I have taken to trying to *never* say that something
is imposable, well without at least qualifying it by adding "at this time".


--
/}
@###{ ]:::::ino-Soft Software::::::>
\}
http://www.dino-soft.org/cam

 

[Sugien]

Ditto. I used to think that it's impossible for home users to have hi speed
net access, now it's as common as muck.
I just aim for the day when 1.44" gets scrubbed for zip disks and CDRW as
the standard for quick access storage.

All the best,

Even better how about someone create some sort of memory stick that can
just be put into the old floppy drives and hold say a Gig of battery backed
up ram much like the USB ram sticks now that are available which most don't
even need any type of driver need be loaded on the system. Those USB Ram
sticks are very quick and easy to hide and if someone wanted a quick and
easy way to take something off a system these would have been classified
back in the cold war days.

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on

back in the cold war days.

"Back" in the cold war days?

It's worse now than then.
With Asscrotch's constitution shredding Patriot Act,
Department of Homeland Security (Stassi),
and free Caribbean vacations,
The new threat isn't Red,
but Red, White, and Blue,
and isn't European, but Washingtonian.

Research: Eschelon, Carnivore, Magic Lantern
http://www.fas.org/irp/program/process/echelon.htm
http://www.robertgraham.com/pubs/carnivore-faq.html
http://www.cotse.net/privacy/magic_lantern.htm

 

[FromTheRafters]

I would qualify that as "Can't be done as of this writing"; because not so
long ago it was said in news groups that by just reading an email one could
not get infected by a virus as we all know was proven wrong.

Errr....no it wasn't. The problem is that the program using the data
did more than "just read" it. Just reading an e-mail still cannot infect
you, but some e-mail clients do more than "just read" the data ~ they
read and interpret some of it as instructions.

There is a difference between what people consider "just reading" an
e-mail. and what programmers consider "just reading" a file. E-mail
is a textual data file, and you cannot get infected by "just reading" it.

Yes Sugien, I realize that it is what the average person thinks that
really matters to you on this subject, and not what the terms really
mean, but it is the same with the terms "open" and "execute" ~ you
cannot get infected by just opening an attachment either - it is when
you execute it that that happens. You can "open" a file for reading
or writing (think editor) without executing it. To the average person
the act of "opening" an attachment is equivalent to execution, but
that isn't really the case.

As long as MP3 files are treated as data only, they will not be
able to infect - or be considered infectable themselves.

 

[Smitty]

In Message-ID:<[email protected]> posted on


"Back" in the cold war days?

It's worse now than then.
With Asscrotch's constitution shredding Patriot Act,
Department of Homeland Security (Stassi),
and free Caribbean vacations,
The new threat isn't Red,
but Red, White, and Blue,
and isn't European, but Washingtonian.

GBTF,YL!

 

[Sugien]

Errr....no it wasn't. The problem is that the program using the data
did more than "just read" it. Just reading an e-mail still cannot infect
you, but some e-mail clients do more than "just read" the data ~ they
read and interpret some of it as instructions.

There is a difference between what people consider "just reading" an
e-mail. and what programmers consider "just reading" a file. E-mail
is a textual data file, and you cannot get infected by "just reading" it.

Yes Sugien, I realize that it is what the average person thinks that
really matters to you on this subject, and not what the terms really
mean, but it is the same with the terms "open" and "execute" ~ you
cannot get infected by just opening an attachment either - it is when
you execute it that that happens. You can "open" a file for reading
or writing (think editor) without executing it. To the average person
the act of "opening" an attachment is equivalent to execution, but
that isn't really the case.

As long as MP3 files are treated as data only, they will not be
able to infect - or be considered infectable themselves.

That is just a long winded way to say *nothing* ;because even the most
virulent virus there is can be opened in a hexeditor safely and not infect
the user. What maters more then the quote unquote *correct* terms is what
the average user thinks; because it isn't the experts that indirectly slow
down the internet or get infected because of their using correct
terminology; but rather the average user that gets confused when the so
called experts start bandying about the term and say that they *can NOT* get
infected by just reading an email and then the average user after using
their email client that has the ability to parse and execute scripts inside
a html email *does* infect them and then their system starts sending out to
other average users that likewise have been confused by the *experts* that
have said they *can NOT* get infected by just reading an email that the
whole internet community expert and average user alike pay the price because
of the experts wanting to use *precise terms*
When you and others get off this kick of trying to call things by the
expert terminology then maybe the average users won't get so confused;
because to the average users just reading an email *will* infect them;
because to them it is just reading an email even if the email client they
are using to "just read" the email is executing scripts contained in the
html portion of the email, after all even html is *just text* that is
interpreted by the email program or browser even a script is *just text*
that is interpreted. An email client could even be written that could take
plane text and interpret it and when the email client sees the text *infect*
it could, well I think you get the point.

p.s.
after my re-reading my reply I can see how some may think my reply is a
heated reply; but it is not in anger or any such thing, just that I get
tired of people telling users over and over that they can't get infected by
just reading an email and then the new user thinks they are safe and they
read an email and their email client is set to parse and execute embedded
scripts and they get infected which is bad for everyone on the net.

 

[Ka Khiong Kwok]

I still love the fact that Washington banned Furbys from their offices due
to security risks.
I'm surprise they haven't already arrested the head of Mattel for espionage.
Coming from an IT background, it's a good thing that people are more
paranoid, might mean more jobs for guys like me. :')

Then again though, I'd rather sit on a beach with bottle of Kentucky
bourbon, a bottle of Thai Whisky and a babe and just watch the sun go down.

Man, I need a cushy corporate job.

All the best,

Ka.

Ditto. I used to think that it's impossible for home users to have hi speed
net access, now it's as common as muck.
I just aim for the day when 1.44" gets scrubbed for zip disks and CDRW as
the standard for quick access storage.

All the best,

Even better how about someone create some sort of memory stick that can
just be put into the old floppy drives and hold say a Gig of battery backed
up ram much like the USB ram sticks now that are available which most don't
even need any type of driver need be loaded on the system. Those USB Ram
sticks are very quick and easy to hide and if someone wanted a quick and
easy way to take something off a system these would have been classified
back in the cold war days.
--
/}
@###{ ]:::::ino-Soft Software::::::>
\}
http://www.dino-soft.org/cam

 

[Laura Fredericks]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That is just a long winded way to say *nothing*...

That should be your new usenet sig, Dimbulb, or should
I say -- Slag Part II. <snicker>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
Comment: Because I *can* be.

iQA+AwUBP4VhWqRseRzHUwOaEQJ3xwCgmkIj9mE4EAW2+msb1snnZVHBVEQAljFC
eXkgeVVJOpIziQBtEuRLQ8A=
=8U1c
-----END PGP SIGNATURE-----

--
Laura Fredericks
PGP key ID - DH/DSS 2048/1024: 0xC753039A

http://www.queenofcyberspace.com/usenet/

Remove CLOTHES to reply.

 

[FromTheRafters]

after my re-reading my reply I can see how some may think my reply is a
heated reply; but it is not in anger or any such thing, just that I get
tired of people telling users over and over that they can't get infected by
just reading an email

Which is why I stated that I know that you were more concerned
with the popular lexicon than with any actual definition of terms.
You are correct about the confusion, even recently there have been
posters here asking about the possibility of autoexecution of malware
while using OE ~ I thought *everyone* knew about that already.

....and I think that because of the many OE aided autoexecuting
worms we have seen, there are less people confused about this
than there were previously.

and then the new user thinks they are safe and they
read an email and their email client is set to parse and execute embedded
scripts and they get infected which is bad for everyone on the net.

I don't think that they do this because they have been told
it was safe, but rather because they had no reason to assume
that it wasn't.