Can malware “hide” in a video file?

Discussion in 'other security issues & news' started by Matt_Smi, Apr 13, 2005.

Thread Status:
Not open for further replies.
  1. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    I was wondering if malware could “hide” so to speak in a video file such as an mpeg? I know that you could download what appears to me an mpeg but its extension is actually an .exe and when you went to watch the video you execute it and get infected. But can malware actually be buried in a real mpeg file that otherwise plays normaly in windows media player or whatever?
     
  2. yolinux

    yolinux Registered Member

    Joined:
    Apr 13, 2005
    Posts:
    4
    Location:
    California
    Yes, malware can hide within a video. You can embed VB-Scripts, Java, C++, and instruct the video to execute whatever program, such as IE, etc. reset your homepage, and download or upload specific machine identification. Especially info from the WMI service from windows.

    Just remember the internet is more like "death by a thousand cuts". You can disable active scripting within media player--> goto tools--> options-->security / disable active scripting. This should help a little.

    There are way too many services running in windows that can potentially lead to a comprimise in security. Just far too many to list here....That will be another topic.
     
  3. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    OK good to know, now can this malware be picked up by an AV/AT scanner upon scanning the file in question? Or would an AV/AT not pick it up?
     
  4. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Any decent program would only do what it's used for. Like playing a video. Any malware inclusion should result in an corrupt file that the player will reject or just play until the real content runs out. At that moment the error handling of the player takes over and the process must stop.
    If there's a bug (vulnerability) in the player, then infection might take place. But this requires that an attacker must know the type and version of player and the type of vulnerability and perhaps even the os version that you're running. If the malware inclusion doesn't fit your particular system, chances of infection are nil.
    In my opinion the risk of infection is really quite small, provided that you use a decent, regularly patched, mediaplayer (and other security measures of course).
    Security scanners can be instructed to check all kinds of media files, but they will probably only look for signatures in certain places. Remember, any file is just a number of zero's and one's. You can't identify malware without checking the whole file for the signatures. Even harder to sandbox a media file of many megabytes or even gigs.
     
  5. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
Loading...
Thread Status:
Not open for further replies.