Avi or mpeg virus possible ?

Avi or mpeg virus possible ?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Computer Software Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Avi or mpeg virus possible ? nightwing_97838 07-01-2007
Posted by on July 1, 2007, 6:50 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I have 2 friends who claimed their computer was infected by a virus from an
avi media file .
They downloaded it off a newsgroup a couple of days ago .
I helped them do a lowlevel format & reinstall of everything & it was
necessary .

How is it possible to imbed or install a virus,trojan etc.. with a media
file
One of my teachers in college claims this can't be done while another says
it can ?
If this is possible , then how do you defend against it ?
Hell I've heard some boast they can put viruses in text now ?

Any info & advice you may have is greatly appreciated :)

Posted by Sebastian G. on July 1, 2007, 10:51 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
nightwing_97838@yahoo.com wrote:

> I have 2 friends who claimed their computer was infected by a virus from an
> avi media file .


Well, we all know incompetent people. Some can be recognized by whitespaces
in front of punctuation...

> They downloaded it off a newsgroup a couple of days ago.


That is, of course, nonsense. Binary stuff on NNTP is a well-excluded for a
reason and commonly not counted as part of the Usenet.

> How is it possible to imbed or install a virus,trojan etc.. with a media
> file


Well, that's trivial.
# cat something.avi malware.exe > something_with_malware_embedded.avi

> One of my teachers in college claims this can't be done while another says
> it can?


Well, maybe you're talking nonsense. Embedding is not the problem, getting
it to execute is the real problem. This is typically done by exploiting
vulnerabilities in the associated playback software and some more
complicated embedding scheme.

> If this is possible , then how do you defend against it?


Not using horribly defective playback software? Normalizing the data?

> Hell I've heard some boast they can put viruses in text now?


# cat text.txt malware.exe > text_with_malware_embedded.txt

Now, the very same problem about getting it executed... text editors
typically are not that broken... But I think you were actually talking about
formatted documents in the well-known totally broken pseudo-format .doc
parsed by the well-known totally pseudo office suite from Microsoft.

Posted by Todd H. on July 2, 2007, 12:51 am
If you were  Registered and logged in, you could reply and use other advanced thread options
nightwing_97838@yahoo.com writes:

> I have 2 friends who claimed their computer was infected by a virus
> from an avi media file . They downloaded it off a newsgroup a
> couple of days ago . I helped them do a lowlevel format & reinstall
> of everything & it was necessary .
>
> How is it possible to imbed or install a virus,trojan etc.. with a
> media file One of my teachers in college claims this can't be done
> while another says it can ? If this is possible , then how do you
> defend against it ? Hell I've heard some boast they can put viruses
> in text now ?
>
> Any info & advice you may have is greatly appreciated :)

Malware is entirely possible in an avi or mpeg, pdf file, word .doc,
you name the format, depending on what you view it in, there's
probably some published vulnerability on it.

To get the malware to exectute, there must be a vulnerability in the
media player on which it is played.

For example, here's just one example of an .avi vulnerability that
existed in many versions of windows (patched by Microsoft in
2005)
http://www.securityfocus.com/bid/15063/discuss

--but there are others certainly, and go knows how many privately held
0day exploits for vulnerabilities not known to the general public.

Countermeasures are to vigilantly update with all vendor released
patches, run non-low-hanging-fruit operating systems, or run quality
regularly updated anti-virus programs (and hope to god there's a
reliable signature for whatever malware you might unwittingly
download--there isn't always), and if you're going to download porn
from usenet binary groups where you might be exposing yourself to 0day
exploits for which there is no known signature and the vendors haven't
fixed the vulnerabilities they exploit... then your friends might want
to consider running them in VMWare virtual machines that they fire up
just for the purpose of viewing these untrusted files.


By the way, Sebastian G is a very unhappy person apparently, so my
apologies for having to endure his abusive reply that had a lot more
heat than light in it.

Best Regards,
--
Todd H.
http://www.toddh.net/

Posted by Todd H. on August 3, 2007, 11:07 am
If you were  Registered and logged in, you could reply and use other advanced thread options
comphelp@toddh.net (Todd H.) writes:
> nightwing_97838@yahoo.com writes:
>
> > I have 2 friends who claimed their computer was infected by a virus
> > from an avi media file . They downloaded it off a newsgroup a
> > couple of days ago . I helped them do a lowlevel format & reinstall
> > of everything & it was necessary .
> >
> > How is it possible to imbed or install a virus,trojan etc.. with a
> > media file One of my teachers in college claims this can't be done
> > while another says it can ? If this is possible , then how do you
> > defend against it ? Hell I've heard some boast they can put viruses
> > in text now ?
> >
> > Any info & advice you may have is greatly appreciated :)
>
> Malware is entirely possible in an avi or mpeg, pdf file, word .doc,
> you name the format, depending on what you view it in, there's
> probably some published vulnerability on it.
>
> To get the malware to exectute, there must be a vulnerability in the
> media player on which it is played.


Blackhat talk on weaponizing digital media:
http://news.yahoo.com/s/ap/20070803/ap_on_hi_te/weaponizing_digital_media


--
Todd H.
http://www.toddh.net/

Posted by Jim Watt on July 2, 2007, 3:46 am
If you were  Registered and logged in, you could reply and use other advanced thread options
On Sun, 1 Jul 2007 22:50:22 GMT, nightwing_97838@yahoo.com wrote:

>I helped them do a lowlevel format & reinstall of everything & it was
>necessary .

Hey you are slipping Sebastian - you did not take the piss
out of that statement.

Low level formats as a technique mostly went away with MFM
disks of 30Mb with two cables.
--
Jim Watt
http://www.gibnet.com

Similar ThreadsPosted
Re: new virus November 18, 2005, 9:30 am
Virus? March 29, 2007, 12:18 pm
virus program help June 11, 2005, 9:54 am
anti-virus August 31, 2005, 10:05 am
New virus-rootkit ? May 10, 2006, 3:50 am
Comptuer Virus Help November 13, 2006, 2:52 pm
SSL and Anti-Virus June 10, 2007, 3:35 pm
Anti-Virus Recommendation August 27, 2005, 12:39 pm
Anti-virus problem October 21, 2005, 11:33 am
AVG Anti-virus and ZoneAlarms January 21, 2006, 6:44 am

The site map in XML format XML site map

Contact Us | Privacy Policy