Avi or mpeg virus possible ?

Discussion in 'Computer Security' started by nightwing_97838@yahoo.com, Jul 1, 2007.

  1. Guest

    I have 2 friends who claimed their computer was infected by a virus from an
    avi media file .
    They downloaded it off a newsgroup a couple of days ago .
    I helped them do a lowlevel format & reinstall of everything & it was
    necessary .

    How is it possible to imbed or install a virus,trojan etc.. with a media
    file
    One of my teachers in college claims this can't be done while another says
    it can ?
    If this is possible , then how do you defend against it ?
    Hell I've heard some boast they can put viruses in text now ?

    Any info & advice you may have is greatly appreciated :)
    , Jul 1, 2007
    #1
    1. Advertising

  2. Sebastian G. Guest

    wrote:

    > I have 2 friends who claimed their computer was infected by a virus from an
    > avi media file .



    Well, we all know incompetent people. Some can be recognized by whitespaces
    in front of punctuation...

    > They downloaded it off a newsgroup a couple of days ago.



    That is, of course, nonsense. Binary stuff on NNTP is a well-excluded for a
    reason and commonly not counted as part of the Usenet.

    > How is it possible to imbed or install a virus,trojan etc.. with a media
    > file



    Well, that's trivial.
    # cat something.avi malware.exe > something_with_malware_embedded.avi

    > One of my teachers in college claims this can't be done while another says
    > it can?



    Well, maybe you're talking nonsense. Embedding is not the problem, getting
    it to execute is the real problem. This is typically done by exploiting
    vulnerabilities in the associated playback software and some more
    complicated embedding scheme.

    > If this is possible , then how do you defend against it?



    Not using horribly defective playback software? Normalizing the data?

    > Hell I've heard some boast they can put viruses in text now?



    # cat text.txt malware.exe > text_with_malware_embedded.txt

    Now, the very same problem about getting it executed... text editors
    typically are not that broken... But I think you were actually talking about
    formatted documents in the well-known totally broken pseudo-format .doc
    parsed by the well-known totally pseudo office suite from Microsoft.
    Sebastian G., Jul 2, 2007
    #2
    1. Advertising

  3. Todd H. Guest

    writes:

    > I have 2 friends who claimed their computer was infected by a virus
    > from an avi media file . They downloaded it off a newsgroup a
    > couple of days ago . I helped them do a lowlevel format & reinstall
    > of everything & it was necessary .
    >
    > How is it possible to imbed or install a virus,trojan etc.. with a
    > media file One of my teachers in college claims this can't be done
    > while another says it can ? If this is possible , then how do you
    > defend against it ? Hell I've heard some boast they can put viruses
    > in text now ?
    >
    > Any info & advice you may have is greatly appreciated :)


    Malware is entirely possible in an avi or mpeg, pdf file, word .doc,
    you name the format, depending on what you view it in, there's
    probably some published vulnerability on it.

    To get the malware to exectute, there must be a vulnerability in the
    media player on which it is played.

    For example, here's just one example of an .avi vulnerability that
    existed in many versions of windows (patched by Microsoft in
    2005)
    http://www.securityfocus.com/bid/15063/discuss

    --but there are others certainly, and go knows how many privately held
    0day exploits for vulnerabilities not known to the general public.

    Countermeasures are to vigilantly update with all vendor released
    patches, run non-low-hanging-fruit operating systems, or run quality
    regularly updated anti-virus programs (and hope to god there's a
    reliable signature for whatever malware you might unwittingly
    download--there isn't always), and if you're going to download porn
    from usenet binary groups where you might be exposing yourself to 0day
    exploits for which there is no known signature and the vendors haven't
    fixed the vulnerabilities they exploit... then your friends might want
    to consider running them in VMWare virtual machines that they fire up
    just for the purpose of viewing these untrusted files.


    By the way, Sebastian G is a very unhappy person apparently, so my
    apologies for having to endure his abusive reply that had a lot more
    heat than light in it.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
    Todd H., Jul 2, 2007
    #3
  4. Jim Watt Guest

    On Sun, 1 Jul 2007 22:50:22 GMT, wrote:

    >I helped them do a lowlevel format & reinstall of everything & it was
    >necessary .


    Hey you are slipping Sebastian - you did not take the piss
    out of that statement.

    Low level formats as a technique mostly went away with MFM
    disks of 30Mb with two cables.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Jul 2, 2007
    #4
  5. From: <>

    | I have 2 friends who claimed their computer was infected by a virus from an
    | avi media file .
    | They downloaded it off a newsgroup a couple of days ago .
    | I helped them do a lowlevel format & reinstall of everything & it was
    | necessary .
    |
    | How is it possible to imbed or install a virus,trojan etc.. with a media
    | file
    | One of my teachers in college claims this can't be done while another says
    | it can ?
    | If this is possible , then how do you defend against it ?
    | Hell I've heard some boast they can put viruses in text now ?
    |
    | Any info & advice you may have is greatly appreciated :)

    Only if it is a double extension fuile such as; Britney Spears.avi .exe


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Jul 2, 2007
    #5
  6. Sebastian G. Guest

    David H. Lipman wrote:


    > Only if it is a double extension fuile such as; Britney Spears.avi .exe


    "The current system settings don't allow you to run this program."

    Hm... there's something I'm doing right...
    Sebastian G., Jul 2, 2007
    #6
  7. Todd H. Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

    > From: <>
    >
    > | I have 2 friends who claimed their computer was infected by a virus from an
    > | avi media file .
    > | They downloaded it off a newsgroup a couple of days ago .
    > | I helped them do a lowlevel format & reinstall of everything & it was
    > | necessary .
    > |
    > | How is it possible to imbed or install a virus,trojan etc.. with a media
    > | file
    > | One of my teachers in college claims this can't be done while another says
    > | it can ?
    > | If this is possible , then how do you defend against it ?
    > | Hell I've heard some boast they can put viruses in text now ?
    > |
    > | Any info & advice you may have is greatly appreciated :)
    >
    > Only if it is a double extension fuile such as; Britney Spears.avi .exe


    That is certainly the easiest and most common way to get owned by such downloads.

    In a rare departure from David's usual reliable advice, though, I'm
    afraid I have to disagree that it's the only way. Media files can and
    have been crafted to exploit vulnerabilities in specific media players
    (buffer overruns, etc.). Quicktime and Flash vulnerabilities seem to
    be more common with this than .avi here recently, but .avi has been
    hit in the past via DirectX vulns.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
    Todd H., Jul 3, 2007
    #7
  8. From: "Todd H." <>


    |
    | That is certainly the easiest and most common way to get owned by such downloads.
    |
    | In a rare departure from David's usual reliable advice, though, I'm
    | afraid I have to disagree that it's the only way. Media files can and
    | have been crafted to exploit vulnerabilities in specific media players
    | (buffer overruns, etc.). Quicktime and Flash vulnerabilities seem to
    | be more common with this than .avi here recently, but .avi has been
    | hit in the past via DirectX vulns.
    |
    | Best Regards,

    You are right, they can use Exploit Code. However, the question was embedded malware in the
    actual file.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Jul 5, 2007
    #8
  9. Todd H. Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

    > From: "Todd H." <>
    >
    >
    > |
    > | That is certainly the easiest and most common way to get owned by such downloads.
    > |
    > | In a rare departure from David's usual reliable advice, though, I'm
    > | afraid I have to disagree that it's the only way. Media files can and
    > | have been crafted to exploit vulnerabilities in specific media players
    > | (buffer overruns, etc.). Quicktime and Flash vulnerabilities seem to
    > | be more common with this than .avi here recently, but .avi has been
    > | hit in the past via DirectX vulns.
    > |
    > | Best Regards,
    >
    > You are right, they can use Exploit Code. However, the question was embedded malware in the
    > actual file.


    That's what I'm talking about.

    An embedded netcat listener, for example, is surely an example of
    malware, and these can be made extremely tiny in size, and embedded
    right into a media file crafted against a specific media viewer's
    vulnerability. View the media file, get owned by by malware. No
    external moving parts required.

    --
    Todd H.
    http://www.toddh.net/
    Todd H., Jul 5, 2007
    #9
  10. From: "Todd H." <>


    |
    | That's what I'm talking about.
    |
    | An embedded netcat listener, for example, is surely an example of
    | malware, and these can be made extremely tiny in size, and embedded
    | right into a media file crafted against a specific media viewer's
    | vulnerability. View the media file, get owned by by malware. No
    | external moving parts required.
    |

    Viewing will not extract a binary. You need a helper application to extract a binary from a
    graphic or moving graphic file.

    The Tibs Trojan is well known to do this with the well known FroggerEXE.

    The EXE files are stored in JPEGs and all you see is a simple Frog in a picture.
    Viewing the Frog in the JPEG will not extract the EXE. An external program has to do it.

    The same holds true for; AVI, MOV, MPEG, etc.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Jul 6, 2007
    #10
  11. Sebastian G. Guest

    David H. Lipman wrote:

    > From: "Todd H." <>
    >
    >
    > |
    > | That's what I'm talking about.
    > |
    > | An embedded netcat listener, for example, is surely an example of
    > | malware, and these can be made extremely tiny in size, and embedded
    > | right into a media file crafted against a specific media viewer's
    > | vulnerability. View the media file, get owned by by malware. No
    > | external moving parts required.
    > |
    >
    > Viewing will not extract a binary. You need a helper application to extract a binary from a
    > graphic or moving graphic file.



    Viewing will extract the binary to the memory of the viewer application. If
    then an exploit triggers a vulnerability in the viewer application, it can
    be made misbehave to jump to the mentioned memory section.

    Of course, this means your either need an exploit or make the user run an
    external application, whereas the latter rather is a trivial case of PEBKAC
    that doesn't need to be discussed.
    Sebastian G., Jul 6, 2007
    #11
  12. Todd H. Guest

    "Sebastian G." <> writes:

    > David H. Lipman wrote:
    >
    > > From: "Todd H." <>
    > >
    > >
    > > |
    > > | That's what I'm talking about.
    > > |
    > > | An embedded netcat listener, for example, is surely an example of
    > > | malware, and these can be made extremely tiny in size, and embedded
    > > | right into a media file crafted against a specific media viewer's
    > > | vulnerability. View the media file, get owned by by malware. No
    > > | external moving parts required.
    > > |
    > >
    > > Viewing will not extract a binary. You need a helper application
    > > to extract a binary from a graphic or moving graphic file.


    The fallacy in this argument, David, is that "viewing" requires a
    viewer, and viewers can and often have had vulnerabilities. Sometimes
    the viewer is built into the operating system, but it is still very
    much a viewer.

    I'll give you 3 examples of past cases.

    Here's one AVI example that attacked Windows built in fucntionality
    and allowed arbitrary code execution:
    http://www.securityfocus.com/bid/15063/discuss
    "Successful exploitation will permit execution of arbitrary code
    in the context of the user who opens a malicious .AVI file."

    "Arbitrary code" in the parlance of these advisories means "yer done."

    Here's another .AVI specific example--view a malciciously crafted AVI
    in an old version of RealPlayer and yer done:
    http://research.eeye.com/html/advisories/published/AD20050623.html

    "The vulnerability allows a remote attacker to reliably
    overwrite heap memory with arbitrary data and execute arbitrary
    code in the context of the user who executed the player. / By
    specially crafting a malformed .avi movie file, a direct heap
    overwrite is triggered, and reliable code execution is then
    possible. This vulnerability can be triggered when a user views
    a webpage, or opens an .avi file via email, instant messenger,
    or other common file transfer programs."

    For an MPEG example, and mpeg-4 file on any version iTunes older than
    4.8 allowed arbitrary code execution:
    http://www.securityfocus.com/bid/13565/discuss

    "A specifically malformed MPEG4 file could trigger this
    overflow, causing a denial of service or execution of arbitrary
    code. This vulnerability was addressed in iTunes 4.8"

    > Viewing will extract the binary to the memory of the viewer
    > application. If then an exploit triggers a vulnerability in the
    > viewer application, it can be made misbehave to jump to the
    > mentioned memory section.


    Yup.

    And if your nefarious "external application" is small enough, it can
    be packed right into the nefarious payload depending on the exploit.

    For instance, there is a "bind shell" payload for Windows, for
    instance that opens a network port listener on a windows box listening
    and waiting for a connection and spawns a command shell if someone
    connections. Guess how big it is. It's all of 317 bytes. Not
    kilobytes, not megabytes. Bytes. It's freely available as a payload
    in the metasploit framework.

    In summary, to the original poster's question in the subject of the
    this thread, the answer is "yes."

    The question that might keep you up at night is "what popular media
    viewers currently have unpatched vulnerabilities for which there are
    private held, privately developed exploits in circulation in the black
    hat community?" The links above are only to known, patched
    vulnerabilities. The bad guys don't necessarily give us a nice
    database of all the vulns they've discovered.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
    Todd H., Jul 6, 2007
    #12
  13. From: "Todd H." <>


    |
    | The fallacy in this argument, David, is that "viewing" requires a
    | viewer, and viewers can and often have had vulnerabilities. Sometimes
    | the viewer is built into the operating system, but it is still very
    | much a viewer.
    |
    | I'll give you 3 examples of past cases.
    |
    | Here's one AVI example that attacked Windows built in fucntionality
    | and allowed arbitrary code execution:
    | http://www.securityfocus.com/bid/15063/discuss
    | "Successful exploitation will permit execution of arbitrary code
    | in the context of the user who opens a malicious .AVI file."
    |
    | "Arbitrary code" in the parlance of these advisories means "yer done."
    |
    | Here's another .AVI specific example--view a malciciously crafted AVI
    | in an old version of RealPlayer and yer done:
    | http://research.eeye.com/html/advisories/published/AD20050623.html
    |
    | "The vulnerability allows a remote attacker to reliably
    | overwrite heap memory with arbitrary data and execute arbitrary
    | code in the context of the user who executed the player. / By
    | specially crafting a malformed .avi movie file, a direct heap
    | overwrite is triggered, and reliable code execution is then
    | possible. This vulnerability can be triggered when a user views
    | a webpage, or opens an .avi file via email, instant messenger,
    | or other common file transfer programs."
    |
    | For an MPEG example, and mpeg-4 file on any version iTunes older than
    | 4.8 allowed arbitrary code execution:
    | http://www.securityfocus.com/bid/13565/discuss
    |
    | "A specifically malformed MPEG4 file could trigger this
    | overflow, causing a denial of service or execution of arbitrary
    | code. This vulnerability was addressed in iTunes 4.8"
    |
    >> Viewing will extract the binary to the memory of the viewer
    >> application. If then an exploit triggers a vulnerability in the
    >> viewer application, it can be made misbehave to jump to the
    >> mentioned memory section.

    |
    | Yup.
    |
    | And if your nefarious "external application" is small enough, it can
    | be packed right into the nefarious payload depending on the exploit.
    |
    | For instance, there is a "bind shell" payload for Windows, for
    | instance that opens a network port listener on a windows box listening
    | and waiting for a connection and spawns a command shell if someone
    | connections. Guess how big it is. It's all of 317 bytes. Not
    | kilobytes, not megabytes. Bytes. It's freely available as a payload
    | in the metasploit framework.
    |
    | In summary, to the original poster's question in the subject of the
    | this thread, the answer is "yes."
    |
    | The question that might keep you up at night is "what popular media
    | viewers currently have unpatched vulnerabilities for which there are
    | private held, privately developed exploits in circulation in the black
    | hat community?" The links above are only to known, patched
    | vulnerabilities. The bad guys don't necessarily give us a nice
    | database of all the vulns they've discovered.
    |
    | Best Regards,

    Viewing will NOT extract the binary. It will either be seen as garbage (noise), cause a
    problem with the viewer or be skipped. The malware would need an extractor/helper
    application.

    As for the idea of exploitation. Certainly. If a an object uses exploitation code on a
    known vulnerability such as a buffer overflow condition then an elevation of privileges and
    can lead to malware installation. However the the file using explotation code will NOT be
    the infector. It will be the causitive factor but not the end result.


    I disagree. The answer to the OP is NO.

    Please post a specific case of malware that hides within either a static or moving graphic
    file that can install all by itself. I am fully aware of steganographic techniques and they
    don't include auto-extraction, installation, capabilities.

    I also am fully aware of companies such as Zango exploiting the Windows DRM of Windows Media
    Player to download malware.



    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Jul 6, 2007
    #13
  14. Todd H. Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:
    > Viewing will NOT extract the binary. It will either be seen as
    > garbage (noise), cause a problem with the viewer or be skipped. The
    > malware would need an extractor/helper application.
    >
    > As for the idea of exploitation. Certainly. If a an object uses
    > exploitation code on a known vulnerability such as a buffer overflow
    > condition then an elevation of privileges and can lead to malware
    > installation. However the the file using explotation code will NOT
    > be the infector. It will be the causitive factor but not the end
    > result.
    >
    >
    > I disagree. The answer to the OP is NO.
    >
    > Please post a specific case of malware that hides within either a
    > static or moving graphic file that can install all by itself. I am
    > fully aware of steganographic techniques and they don't include
    > auto-extraction, installation, capabilities.
    >
    > I also am fully aware of companies such as Zango exploiting the
    > Windows DRM of Windows Media Player to download malware.


    Hi David,

    What are your definitions of
    "Extract the binary"
    "Installation"

    and how they differ from mere:
    "Exploitation"

    To me, arbitrary code is arbitrary code. I'm not sure how your
    distinction of an exploit payload being a "causitive factor" vs end
    result has any bearing on whether an avi or mpeg virus is possible.

    To my view, if you're running a vulnerable viewer as a user of
    sufficient privilege (administrator as most windows users are), and
    you open an .avi or .mpeg maliciously created to to exploit that
    viewer's vulnerability, and that vulnerability allows arbitrary code
    execution, yer done. What payload the author has chosen to include in
    there can attempt to replicate and attach itself to other files, which
    would certainly qualify it as a virus. Whether it installs permanent
    running processes and adds things to a registry, seems orthogonal to
    the discussion.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
    Todd H., Jul 6, 2007
    #14
  15. From: "Todd H." <>


    |
    | Hi David,
    |
    | What are your definitions of
    | "Extract the binary"
    | "Installation"

    Extract the binary -- To pull out the binary data that is a distinct executable in such a
    form as a disk file or ADS such that the OS can execute it or load it.

    Installation -- A disk file or ADS that the OS executes or loads.

    |
    | and how they differ from mere:
    | "Exploitation"

    Exploitattion -- The act of taking advnatage of a vulnerability or perceived vulnerability.


    |
    | To me, arbitrary code is arbitrary code. I'm not sure how your
    | distinction of an exploit payload being a "causitive factor" vs end
    | result has any bearing on whether an avi or mpeg virus is possible.
    |
    | To my view, if you're running a vulnerable viewer as a user of
    | sufficient privilege (administrator as most windows users are), and
    | you open an .avi or .mpeg maliciously created to to exploit that
    | viewer's vulnerability, and that vulnerability allows arbitrary code
    | execution, yer done. What payload the author has chosen to include in
    | there can attempt to replicate and attach itself to other files, which
    | would certainly qualify it as a virus. Whether it installs permanent
    | running processes and adds things to a registry, seems orthogonal to
    | the discussion.
    |
    | Best Regards,

    The privilege of the user is often not a factor as most exploit vulnerabilities that allow
    an elevation of privileges. Thus a limited user on a PC found to be vulnerable can lead to
    malware being silently being installed even though the actual user's privilege would not
    allow it.

    Having a given exploitaion effect upon a vulnerability is NOT a guarantee of infection. It
    depends on the situation. Take a SDBot variant. It will send TCP ports 135 and/or 445
    packets out seeking vulnerabilities in the LSASS or RPC/RPCSS DCOM modules. Then it will
    excploit the buffer overflow situation and then install itself on the vulnerable platform.
    However this is I-worm activity.

    Take a WMV Malware using the Media Player DRM, so-called exploitation. Instead of the video
    file seeking a license, it goes out and will try to download a EXE and use Social
    Engineering to get you to install the EXE file. This isn't a vulnerability per se but it is
    a form of Media Player DRM exploitation because DRM was NOT meant to causer EXE files get
    downloaded but that what Zango actually did.

    Now I have seen; VML in HTML, WMF, ANI and other Exploits used. These are loaded on web
    sites that use a combination of exploitation and code execution. It is the combination of
    exploutation and script execution that causes the malware to be installed. Just playing a
    WMV, AVI, MPEG, MOOV etc, will not have this one, two, punch. You must look at "HOW" the
    "aribitrary code" is to be executed and/or loaded. Now I can download a QTS file that uses
    exploitation code but if I take it out of context will it actually cause malware to be
    installed ? The answer is no. I will just create a exploitable condition. Now place that
    QTS file in a web site or HTML email message and there is a greater possibility of actually
    taking advantage of that subsequent exploitable condition.

    Getting back to the OP, the answer is no. I believe the discussion the OP had with his
    frinds did NOT properdiscuss tghe subject matter and knowing that the OS defaults to "hiding
    extensions of know file types" it is much more likely that Social Engineering was the
    culprit using a Double-Extension files such as my previous example of; Britney Spears.avi
    ..exe

    This is *very* common. I have come across many files that do the above and in some cases
    will use numerous spaces between the VI and .EXE extension.

    BTW: Good Discussion :)

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Jul 7, 2007
    #15
  16. Sebastian G. Guest

    David H. Lipman wrote:


    > Take a WMV Malware using the Media Player DRM, so-called exploitation. Instead of the video
    > file seeking a license, it goes out and will try to download a EXE and use Social
    > Engineering to get you to install the EXE file.



    Which is utterly stupid, since it could simply run this EXE file by itself.

    > This isn't a vulnerability per se but it is


    > a form of Media Player DRM exploitation because DRM was NOT meant to causer EXE files



    So? The documentation says this it actually what it's supposed to do.

    > Now I have seen; VML in HTML, WMF, ANI and other Exploits used. These are loaded on web
    > sites that use a combination of exploitation and code execution. It is the combination of
    > exploutation and script execution that causes the malware to be installed.



    Huh? Using a script to build the exploit code in memory instead of loading
    it a a gzipped multi-megabyte file isn't exactly a necessity, just reasonable.

    > Just playing a WMV, AVI, MPEG, MOOV etc, will not have this one, two, punch.



    Hm.. but it seems like it does.

    > I will just create a exploitable condition. Now place that
    > QTS file in a web site or HTML email message and there is a greater possibility of actually
    > taking advantage of that subsequent exploitable condition.



    Or by simply playing it. That's what users typically do with media files.
    Sebastian G., Jul 7, 2007
    #16
  17. Todd H. Guest

    (Todd H.) writes:
    > writes:
    >
    > > I have 2 friends who claimed their computer was infected by a virus
    > > from an avi media file . They downloaded it off a newsgroup a
    > > couple of days ago . I helped them do a lowlevel format & reinstall
    > > of everything & it was necessary .
    > >
    > > How is it possible to imbed or install a virus,trojan etc.. with a
    > > media file One of my teachers in college claims this can't be done
    > > while another says it can ? If this is possible , then how do you
    > > defend against it ? Hell I've heard some boast they can put viruses
    > > in text now ?
    > >
    > > Any info & advice you may have is greatly appreciated :)

    >
    > Malware is entirely possible in an avi or mpeg, pdf file, word .doc,
    > you name the format, depending on what you view it in, there's
    > probably some published vulnerability on it.
    >
    > To get the malware to exectute, there must be a vulnerability in the
    > media player on which it is played.



    Blackhat talk on weaponizing digital media:
    http://news.yahoo.com/s/ap/20070803/ap_on_hi_te/weaponizing_digital_media


    --
    Todd H.
    http://www.toddh.net/
    Todd H., Aug 3, 2007
    #17
  18. Guest

    Any movie file format that is capable of doing anything other than
    holding the movie itself is inherently dangerous.

    WMV files for example were created as a wrapper for movie files
    specifically to enable them to do this. Never play or use WMV files is a
    good habit.

    There is no reason to have a movie file format capable of containing data
    or code other than the raw movie itself plus a header identifying the
    codec. All arguaments for this are spurious.

    Any format doing more than that can will and IS being used to hack.

    Providing you have no trojans on your system the following file
    formats/codecs are safe:

    Intel AVI
    Mpeg-1
    Mpeg-2
    VOB

    ALL others are unsafe no matter what claims are made for them.

    NEVER install players capable of identifying the file type - eg A media
    player that will play an mpeg with an AVI file extension is a massive
    security hazard - that means almost all on any microsoft system - they
    designed it that way - they create revenue for anti-virus companies.

    Those are the facts - what you do about them is up to you.
    , Oct 11, 2007
    #18
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. James Doyle

    VCD to AVI, WMV or MPEG

    James Doyle, Jul 13, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    477
    gangle
    Jul 13, 2003
  2. Dave

    Converting 'avi' to 'mpeg' - help please

    Dave, Aug 27, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    1,192
    Bigfred
    Aug 30, 2003
  3. bobo
    Replies:
    2
    Views:
    5,138
    cindylili
    Jun 24, 2009
  4. bobo
    Replies:
    0
    Views:
    1,029
  5. zijuan
    Replies:
    0
    Views:
    972
    zijuan
    Jul 26, 2006
Loading...

Share This Page