Malware outbreak blamed on file-swapped MP3s, MPEGs
Posted by Tom Warren on 07 May 2008 - 08:22 · 15 comments & 6377 views
About the Author
Full name: Tom Warren
Forum name: creamhackered
Contact: via forum PM
Submissions: Normal · Headline
Full name: Tom Warren
Forum name: creamhackered
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(4 replies)
#1 Posted by artnada on 07 May 2008 - 08:24
- Hold on. I see no mention of the RIAA/MPAA/BPI in this report! Is this correct?
Anyway, I suspect this is just another boring ploy by certain monopolies to "scare" the kiddies into believing they're all gonna die if they carry on downloading those naughty mp3s!
Last edited by artnada on 07 May 2008 - 08:39 -
#1.1 Posted by creamhackered on 07 May 2008 - 08:33
- Exactly what I thought when reading it
-
#1.2 Posted by gigapixels on 07 May 2008 - 09:14
- Except for the fact that when you have people who don't know what they're doing and simply download Limewire to try and get free music, they get infected in a heartbeat. BitTorrent is much safer (I've personally never seen a fake file), but most people don't know what it is or how to use it, so they use something like Limewire and just start downloading whatever. It gets pretty bad. 90% of the malware I see on customer computers gets on there from Limewire or Bearshare or some other crappy filesharing program.
This is a completely valid article. I just don't see why this is just now coming to light. I've known this for years now. -
#1.3 Posted by Shadrack on 07 May 2008 - 20:05
- (gigapixels said @ #1.2)Except for the fact that when you have people who don't know what they're doing and simply download Limewire to try and get free music, they get infected in a heartbeat. BitTorrent is much safer (I've personally never seen a fake file), but most people don't know what it is or how to use it, so they use something like Limewire and just start downloading whatever. It gets pretty bad. 90% of the malware I see on customer computers gets on there from Limewire or Bearshare or some other crappy filesharing program.
This is a completely valid article. I just don't see why this is just now coming to light. I've known this for years now.
Doesn't limewire install malware from the very start?
-
#2 Posted by plastikaa on 07 May 2008 - 08:57
- Craig Schmugar, threat researcher at McAfee Avert Labs, explains in a blog entry that if people agree to download and run the executable they are asked to agree to a phony end user license agreement and some other useless software.
If you are promted and asked to agree with an end user license agreement - thats probably when you should stop trying to play you mp3 or mpeg
-
#3 Posted by Foub on 07 May 2008 - 09:27
- This is like when they said that pot smokers helped support the terrorists.
-
#5 Posted by fuzi0719 on 07 May 2008 - 14:11
- Anyone that can't recognize an executable from an MP3 or MPEG deserves whatever they get. They shouldn't be allowed to access a computer anyway.
-
(4 replies)
#6 Posted by vanacid on 07 May 2008 - 15:37
- In fact, you can't integrate executable code in an mp3 or mpg file.
BUT, you can make a virus by using WMA since they contain executable parts for DRM purposes. Many virus are transmitted this way. I was infected by some of these files in my time. Now I am more vigilent.
File types (I know) that can contain a virus if they are crafted correctly :
WMA
WMV
DOC
XLS
EXE (obviously)
VBS (obviously)
JS (obviously)
File types (I know) that can't contain executable code (and are safe) :
MP3
MPG
OGG
MPG
PNG
GIF
JPG
MNG
BMP
TGA
File types (I know) containing executable code, but that are executed in a virtualised environment (should be safe) :
SWF
MOV -
#6.1 Posted by shhac on 07 May 2008 - 16:54
- The files could well have been called it yourmusic.mp3.exe, and those less familiar with computers may have fallen for it. Or it could have been designed to create some kind of buffer overflow.
-
#6.2 Posted by Roger2 on 07 May 2008 - 19:29
- JPG
Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
http://www.microsoft.com/technet/security/...n/MS04-028.mspx -
#6.3 Posted by HalcyonX12 on 07 May 2008 - 23:45
- (Roger2 said @ #6.2)JPG
Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
http://www.microsoft.com/technet/security/...n/MS04-028.mspx
The JPG didn't run the code, a library that loaded it did. If you didn't use that library to load the JPG, you were safe. Just saying, it was exploiting a particular program. In that case you could consider any file to contain a virus, because who knows what programs can be exploited by loading certain data. -
#6.4 Posted by zachdms on 08 May 2008 - 06:51
- And the article says that the files are ".mpg" and ".mp3", so maybe we should wait a second before jumping to conclusions about "what is safe"...
... with the note that if you're being required to download some special player to play these files, you probably know right then that those files are a really bad plan.
Last edited by zachdms on 08 May 2008 - 06:56
McAfee Avert Labs reported on Tuesday that more than 500,000 detections of a Trojan horse masquerading as a media file have been found on computers since Friday on services like Limewire and eDonkey. Instead of playing an adult video, the Lion King in Portuguese, or the Girls Aloud theme from the St Trinnians soundtrack, for example, hundreds of rigged MP3 and MPEG files on the services trigger the download of an executable that serves ad to the infected computer.
Craig Schmugar, threat researcher at McAfee Avert Labs, explains in a blog entry that if people agree to download and run the executable they are asked to agree to a phony end user license agreement and some other useless software.