Can malware “hide” in a video file?

I was wondering if malware could “hide” so to speak in a video file such as an mpeg? I know that you could download what appears to me an mpeg but its extension is actually an .exe and when you went to watch the video you execute it and get infected. But can malware actually be buried in a real mpeg file that otherwise plays normaly in windows media player or whatever?

 

Yes, malware can hide within a video. You can embed VB-Scripts, Java, C++, and instruct the video to execute whatever program, such as IE, etc. reset your homepage, and download or upload specific machine identification. Especially info from the WMI service from windows.

Just remember the internet is more like "death by a thousand cuts". You can disable active scripting within media player--> goto tools--> options-->security / disable active scripting. This should help a little.

There are way too many services running in windows that can potentially lead to a comprimise in security. Just far too many to list here....That will be another topic.

 

OK good to know, now can this malware be picked up by an AV/AT scanner upon scanning the file in question? Or would an AV/AT not pick it up?

 

Any decent program would only do what it's used for. Like playing a video. Any malware inclusion should result in an corrupt file that the player will reject or just play until the real content runs out. At that moment the error handling of the player takes over and the process must stop.
If there's a bug (vulnerability) in the player, then infection might take place. But this requires that an attacker must know the type and version of player and the type of vulnerability and perhaps even the os version that you're running. If the malware inclusion doesn't fit your particular system, chances of infection are nil.
In my opinion the risk of infection is really quite small, provided that you use a decent, regularly patched, mediaplayer (and other security measures of course).
Security scanners can be instructed to check all kinds of media files, but they will probably only look for signatures in certain places. Remember, any file is just a number of zero's and one's. You can't identify malware without checking the whole file for the signatures. Even harder to sandbox a media file of many megabytes or even gigs.

 

Here's a link to a problem that I had:
https://www.wilderssecurity.com/showthread.php?t=72660