MP3's can contain viruses?

[Red Squirrel]

So I noticed Avira popped up because of some MP3's I have, pointing to EXP/ASF.GetCodec.Gen. Did some searching on this topic and apparently MP3's can have code in them that downloads a codec, but instead it will download a trojan. WTF? Who's the dumb ass that thought of implementing something like this? That's a huge design/security flaw.

Had no clue a simple audio file could be a virus. Guess it's time to scan MP3's too when I download stuff then.

Would something like this only affect windows media player, or does it not matter what player is being used?

 

[Kromis]

That is exactly why no one uses Limewire or whatever crap anymore. I've heard of such things but I didn't think they were true. I guess I'm wrong.

 

[balloonshark]

Did it have a double extension? staind.mp3.exe (you would have to untick "hide extensions for known file types" in folder options but you probably already knew that)

It's a good idea to scan everything you download before you do anything with the files. When I remove anything from Sandboxie it gets scanned with Avira, MBAM, SAS and/or uploaded to VirusTotal or Jotti.

 

[Red Squirrel]

Nope no double extension. Not enough to outsmart me. I lol when I see an email with a file "document.pdf [many spaces] .exe" with a "generic exe" icon. Yeah, like that's going to fool me.

I was googling further on this subject and it seems it's rare to actually get infected, and that there has not been any known big viruses based on MP3's but it's still a concern though. I always just automatically assumed stuff like static documents, pictures, music, video etc was virus free and was technically impossible to be infected.

 

[Ken90630]

So I noticed Avira popped up because of some MP3's I have, pointing to EXP/ASF.GetCodec.Gen. Did some searching on this topic and apparently MP3's can have code in them that downloads a codec, but instead it will download a trojan. WTF? Who's the dumb ass that thought of implementing something like this? That's a huge design/security flaw.

Had no clue a simple audio file could be a virus. Guess it's time to scan MP3's too when I download stuff then.

Would something like this only affect windows media player, or does it not matter what player is being used?

According to A-V Comparatives (the most comprehensive test lab I know of), Avira appears to have notable problems with false positives. You might not be infected at all.

Maybe run NOD32's and/or McAfee's online scanner & see what they show? (Temporarily disable Avira & any other security apps you have first, of course.)

And run HijackThis! too.

 

[Red Squirrel]

Actually would malwarebytes detect viruses or is it mostly for spyware? Since it's actually the malwarebytes scan that triggered avira to pop up. Come to think of it, I don't know why Avira never came up when I tried to play the MP3. I remember testing it, as it was part of a download for a CD someone wanted me to make them.

 

[balloonshark]

MBAM detects a little bit of everything.

 

[Absolution75]

The mp3 would have to be played in a program that uses the extension included and executes the code vulnerability. It isn't likely this would lead to an infection as there are a variety of programs people use to play mp3's. Keeping that program up to date would also lower the chance.

Otherwise its probably just an exe renamed as .mp3

 

[HeXen]

Even pictures can contain viruses...have for over a decade. I used to silk thread keyloggers into pictures by creating a scrap file...sooo easy back then. Also used long file names so the extension was not as easy to see, though later hackers somehow made a method where there was no extra extension, how it worked i dunno, i was no longer into it at that point

but heck hackers are always a few years ahead of everyone else. I remember playing with rootkits back in 1998 and it wasnt publically known until 2005. lol

 

[Red Squirrel]

Even pictures can contain viruses...have for over a decade. I used to silk thread keyloggers into pictures by creating a scrap file...sooo easy back then. Also used long file names so the extension was not as easy to see, though later hackers somehow made a method where there was no extra extension, how it worked i dunno, i was no longer into it at that point

but heck hackers are always a few years ahead of everyone else. I remember playing with rootkits back in 1998 and it wasnt publically known until 2005. lol

Hmm think I recall .pif or .lnk files actually acting as executables, maybe that's how they did it. They are basically shortcuts, but will execute if an exe is renamed. I don't think that works anymore though.

 

[RebateMonger]

While I'm sure it's possible, I've never seen an infected .MP3 file and never heard of anybody being infected by one. But folks didn't used to think a .WMF drawing file could be infectious, either. It'd depend on what kind of vulnerabilities the .MP3 player has.

 

[thescreensavers]

a few years back my friend who had tons of crap from limewire, had pics, mp3s and some video files with virus/spyware.


Yes Anti Vir does give a bit more false Positives but I rather have that then non at all. So I know my protection is working 110%

there latest version is much better in FP's now according to Av comparatives.

 

[us3rnotfound]

I believe it, I recently had repaired a user's computer that was full of viruses, they had Limewire and Napster installed, is it 1999 again? Those are nothing but bad news that's for sure. Why can't people just spend a little bit of money every now and then on some songs, and/or use Pandora.

 

[HeXen]

I believe it, I recently had repaired a user's computer that was full of viruses, they had Limewire and Napster installed, is it 1999 again? Those are nothing but bad news that's for sure. Why can't people just spend a little bit of money every now and then on some songs, and/or use Pandora.

agree, though i would think most any decent malware monitoring utility should find those the second its done downloading if not before.

though i dont think these old methods are very effective anymore, but with torrents today, its easy to unpack the .exe file and see if there is suspicious files packed inside or use virus total....but people got stupid into believing a little too trustingly in "false detection". "ah its just false detection" they say. lol...but how does one truly know 100%, especially if virustotal shows like 5 positives they assume the others are correct in not identifying anything so the 5 must be false ...screw that risk, if i get 1 positive, i delete it cause Bios rootkits are some bad mofo's assuming you ever find out about it and its being more and more common. though most new mobo's have flash on/off thank god.

 

[Red Squirrel]

Bios rootkits? I remember hearing about those... back in like 2000, are those still possible? I figured bioses did not allow any access once control is given to the OS.

That is a scary thought. Even a reformat would not kill it. The mobo would basically be bricked.

Really it's sad that p2p networks are so full of viruses and crap. The concept is great, but hackers had to go ruin it.

 

[HeXen]

Bios rootkits? I remember hearing about those... back in like 2000, are those still possible? I figured bioses did not allow any access once control is given to the OS.

That is a scary thought. Even a reformat would not kill it. The mobo would basically be bricked.

Really it's sad that p2p networks are so full of viruses and crap. The concept is great, but hackers had to go ruin it.

i noticed the newer bios's have the option to turn off flashing. at least this new MSI i got is the first i've ever seen to have such an option.

but yeah, their gathering bios's that are common and not just PC's...cell phones too but apparantly doesnt matter which OS you have but i havnt kept up on the scene in years, so not sure how they do things now, just know from what i read on news sites here and there which typically are years old news to hacker groups anyway.

 

[Modelworks]

Their is currently no way to put a virus inside a mp3 file. The way the file is read by players is like a data file , it never is used in a manner that makes it executable. Picture files on the other hand can contain malicious code because some of the formats contain information that actually executes inside the image viewing application. The safest image formats are bitmap formats because they are pure color data.

New motherboards and lots of devices like phones have moved away from the older format of flashing media which was done using a parallel interface to the flash chips. That required a lot of data lines and dedication by the cpu in processing the signals timing and code so the flash wouldn't be corrupted. The cpu had to handle the whole process making it harder for someone to attack the bios.

In come the new flash , serial flash. What once was a 32 pin chip with 16 data lines and clock, write enable, read enable, and other wires has become a 3 wire interface. Clock, Data, Mode.

It is now possible to flash the bios inside windows, linux, dos, or anything else without what the cpu is processing even knowing it has been done. The bios is only used until the host OS loads, then that OS takes over. Someone can change the bios and nobody is the wiser till a reboot when the bios is loaded again. How can you stop it ? It varies with the board.
The bios is just code running on the cpu at boot . The southbridge chip handles the new serial interfaces so any protection would have to be within the southbridge chip.

Some serial memory has a WE or write enable pin that has to have 3.3volt applied to write to it, motherboard makers could put a jumper on the board to disable that pin and nobody could flash the bios.

 

[mechBgon]

Their is currently no way to put a virus inside a mp3 file. The way the file is read by players is like a data file , it never is used in a manner that makes it executable.

According to Kaspersky Lab, what happens is that the original MP3 gets converted to WMA format, which is capable of launching links in a browser, and Trojanized by adding a link to a site that pimps a fake codec Trojan on the user.

So basically it's an indirect Zlob-type attack using P2P to distribute Trojanized .MP3 files.

 

[Cl1ckm3]

^or
songtitle.mp3.exe ....i think in XP, extensions were hidden by default, so users download and just see songtitle
or
as mentioned before, you make a really long file name songtitle_albuminfo_tracknumber.mp3.exe ....and then you typically don't see the extensions due to the long title. The malware is bonded to the file and executed when you clicked on it, actually, both song and virus were executed at once.

At one time at least, the method did in fact work. it was how i used to spy to see if women i were seeing were also seeing other guys. i'd bond a file and send it to them via email saing hey, check out this song.

Anyways, the big threats these days are Botnets and fake banking login screens. Apparantly, China right now has the cyber attack power to shut down the US power grid...so some say. Lots of crazy stuff in those Cyberwarfare books.

 

[RebateMonger]

Some serial memory has a WE or write enable pin that has to have 3.3volt applied to write to it, motherboard makers could put a jumper on the board to disable that pin and nobody could flash the bios.

I'm pretty sure that I've used motherboards that had jumpers on the motherboard that disabled BIOS modifications. I'm thinking some of my Intel boards had that.

 

[Barfo]

^or
it was how i used to spy to see if women i were seeing were also seeing other guys. i'd bond a file and send it to them via email saing hey, check out this song.

Sick mofo.

 

[gsellis]

Sick mofo.

Ditto and illegal. Ban.

 

[gsellis]

So I noticed Avira popped up because of some MP3's I have, pointing to EXP/ASF.GetCodec.Gen. ...

Anything can carry a payload. There just has to be an exploit in the target app to leverage it. And then more times than not, it is a false positive. Frigging AV just deleted a 10 year old DLL in some DVD mastering software (Maestro) that I own. It thought it had an exploit in it that was released years later. $#%&!@# GRRRRR