Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Avi or mpeg virus possible ?

Reply
Thread Tools

Avi or mpeg virus possible ?

 
 
nightwing_97838@yahoo.com
Guest
Posts: n/a
 
      07-01-2007
I have 2 friends who claimed their computer was infected by a virus from an
avi media file .
They downloaded it off a newsgroup a couple of days ago .
I helped them do a lowlevel format & reinstall of everything & it was
necessary .

How is it possible to imbed or install a virus,trojan etc.. with a media
file
One of my teachers in college claims this can't be done while another says
it can ?
If this is possible , then how do you defend against it ?
Hell I've heard some boast they can put viruses in text now ?

Any info & advice you may have is greatly appreciated
 
Reply With Quote
 
 
 
 
Sebastian G.
Guest
Posts: n/a
 
      07-02-2007
http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

> I have 2 friends who claimed their computer was infected by a virus from an
> avi media file .



Well, we all know incompetent people. Some can be recognized by whitespaces
in front of punctuation...

> They downloaded it off a newsgroup a couple of days ago.



That is, of course, nonsense. Binary stuff on NNTP is a well-excluded for a
reason and commonly not counted as part of the Usenet.

> How is it possible to imbed or install a virus,trojan etc.. with a media
> file



Well, that's trivial.
# cat something.avi malware.exe > something_with_malware_embedded.avi

> One of my teachers in college claims this can't be done while another says
> it can?



Well, maybe you're talking nonsense. Embedding is not the problem, getting
it to execute is the real problem. This is typically done by exploiting
vulnerabilities in the associated playback software and some more
complicated embedding scheme.

> If this is possible , then how do you defend against it?



Not using horribly defective playback software? Normalizing the data?

> Hell I've heard some boast they can put viruses in text now?



# cat text.txt malware.exe > text_with_malware_embedded.txt

Now, the very same problem about getting it executed... text editors
typically are not that broken... But I think you were actually talking about
formatted documents in the well-known totally broken pseudo-format .doc
parsed by the well-known totally pseudo office suite from Microsoft.
 
Reply With Quote
 
 
 
 
Todd H.
Guest
Posts: n/a
 
      07-02-2007
(E-Mail Removed) writes:

> I have 2 friends who claimed their computer was infected by a virus
> from an avi media file . They downloaded it off a newsgroup a
> couple of days ago . I helped them do a lowlevel format & reinstall
> of everything & it was necessary .
>
> How is it possible to imbed or install a virus,trojan etc.. with a
> media file One of my teachers in college claims this can't be done
> while another says it can ? If this is possible , then how do you
> defend against it ? Hell I've heard some boast they can put viruses
> in text now ?
>
> Any info & advice you may have is greatly appreciated


Malware is entirely possible in an avi or mpeg, pdf file, word .doc,
you name the format, depending on what you view it in, there's
probably some published vulnerability on it.

To get the malware to exectute, there must be a vulnerability in the
media player on which it is played.

For example, here's just one example of an .avi vulnerability that
existed in many versions of windows (patched by Microsoft in
2005)
http://www.securityfocus.com/bid/15063/discuss

--but there are others certainly, and go knows how many privately held
0day exploits for vulnerabilities not known to the general public.

Countermeasures are to vigilantly update with all vendor released
patches, run non-low-hanging-fruit operating systems, or run quality
regularly updated anti-virus programs (and hope to god there's a
reliable signature for whatever malware you might unwittingly
download--there isn't always), and if you're going to download porn
from usenet binary groups where you might be exposing yourself to 0day
exploits for which there is no known signature and the vendors haven't
fixed the vulnerabilities they exploit... then your friends might want
to consider running them in VMWare virtual machines that they fire up
just for the purpose of viewing these untrusted files.


By the way, Sebastian G is a very unhappy person apparently, so my
apologies for having to endure his abusive reply that had a lot more
heat than light in it.

Best Regards,
--
Todd H.
http://www.toddh.net/
 
Reply With Quote
 
Jim Watt
Guest
Posts: n/a
 
      07-02-2007
On Sun, 1 Jul 2007 22:50:22 GMT, (E-Mail Removed) wrote:

>I helped them do a lowlevel format & reinstall of everything & it was
>necessary .


Hey you are slipping Sebastian - you did not take the ****
out of that statement.

Low level formats as a technique mostly went away with MFM
disks of 30Mb with two cables.
--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      07-02-2007
From: <(E-Mail Removed)>

| I have 2 friends who claimed their computer was infected by a virus from an
| avi media file .
| They downloaded it off a newsgroup a couple of days ago .
| I helped them do a lowlevel format & reinstall of everything & it was
| necessary .
|
| How is it possible to imbed or install a virus,trojan etc.. with a media
| file
| One of my teachers in college claims this can't be done while another says
| it can ?
| If this is possible , then how do you defend against it ?
| Hell I've heard some boast they can put viruses in text now ?
|
| Any info & advice you may have is greatly appreciated

Only if it is a double extension fuile such as; Britney Spears.avi .exe


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
Sebastian G.
Guest
Posts: n/a
 
      07-02-2007
David H. Lipman wrote:


> Only if it is a double extension fuile such as; Britney Spears.avi .exe


"The current system settings don't allow you to run this program."

Hm... there's something I'm doing right...
 
Reply With Quote
 
Todd H.
Guest
Posts: n/a
 
      07-03-2007
"David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

> From: <(E-Mail Removed)>
>
> | I have 2 friends who claimed their computer was infected by a virus from an
> | avi media file .
> | They downloaded it off a newsgroup a couple of days ago .
> | I helped them do a lowlevel format & reinstall of everything & it was
> | necessary .
> |
> | How is it possible to imbed or install a virus,trojan etc.. with a media
> | file
> | One of my teachers in college claims this can't be done while another says
> | it can ?
> | If this is possible , then how do you defend against it ?
> | Hell I've heard some boast they can put viruses in text now ?
> |
> | Any info & advice you may have is greatly appreciated
>
> Only if it is a double extension fuile such as; Britney Spears.avi .exe


That is certainly the easiest and most common way to get owned by such downloads.

In a rare departure from David's usual reliable advice, though, I'm
afraid I have to disagree that it's the only way. Media files can and
have been crafted to exploit vulnerabilities in specific media players
(buffer overruns, etc.). Quicktime and Flash vulnerabilities seem to
be more common with this than .avi here recently, but .avi has been
hit in the past via DirectX vulns.

Best Regards,
--
Todd H.
http://www.toddh.net/
 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      07-05-2007
From: "Todd H." <(E-Mail Removed)>


|
| That is certainly the easiest and most common way to get owned by such downloads.
|
| In a rare departure from David's usual reliable advice, though, I'm
| afraid I have to disagree that it's the only way. Media files can and
| have been crafted to exploit vulnerabilities in specific media players
| (buffer overruns, etc.). Quicktime and Flash vulnerabilities seem to
| be more common with this than .avi here recently, but .avi has been
| hit in the past via DirectX vulns.
|
| Best Regards,

You are right, they can use Exploit Code. However, the question was embedded malware in the
actual file.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
Todd H.
Guest
Posts: n/a
 
      07-05-2007
"David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

> From: "Todd H." <(E-Mail Removed)>
>
>
> |
> | That is certainly the easiest and most common way to get owned by such downloads.
> |
> | In a rare departure from David's usual reliable advice, though, I'm
> | afraid I have to disagree that it's the only way. Media files can and
> | have been crafted to exploit vulnerabilities in specific media players
> | (buffer overruns, etc.). Quicktime and Flash vulnerabilities seem to
> | be more common with this than .avi here recently, but .avi has been
> | hit in the past via DirectX vulns.
> |
> | Best Regards,
>
> You are right, they can use Exploit Code. However, the question was embedded malware in the
> actual file.


That's what I'm talking about.

An embedded netcat listener, for example, is surely an example of
malware, and these can be made extremely tiny in size, and embedded
right into a media file crafted against a specific media viewer's
vulnerability. View the media file, get owned by by malware. No
external moving parts required.

--
Todd H.
http://www.toddh.net/
 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      07-06-2007
From: "Todd H." <(E-Mail Removed)>


|
| That's what I'm talking about.
|
| An embedded netcat listener, for example, is surely an example of
| malware, and these can be made extremely tiny in size, and embedded
| right into a media file crafted against a specific media viewer's
| vulnerability. View the media file, get owned by by malware. No
| external moving parts required.
|

Viewing will not extract a binary. You need a helper application to extract a binary from a
graphic or moving graphic file.

The Tibs Trojan is well known to do this with the well known FroggerEXE.

The EXE files are stored in JPEGs and all you see is a simple Frog in a picture.
Viewing the Frog in the JPEG will not extract the EXE. An external program has to do it.

The same holds true for; AVI, MOV, MPEG, etc.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to convert popular video formats (including MPEG, m1p, m2p, DAT, MPEG, MOV, AVI, WMV) to DVD with Video to DVD Burner bobo DVD Video 2 06-24-2009 10:01 AM
How to convert popular video formats (including MPEG, m1p, m2p, DAT, MPEG, MOV, AVI, WMV) to DVD with Video to DVD Burner zijuan Computer Support 0 07-26-2006 02:05 AM
How to convert popular video formats (including MPEG, m1p, m2p, DAT, MPEG, MOV, AVI, WMV) to DVD with Video to DVD Burner bobo DVD Video 0 07-25-2006 06:46 AM
Looking for technique examples - text transcript alternative for movies (MPEG, AVI, etc) EightNineThree HTML 3 08-24-2003 06:19 PM



Advertisments