Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 50

Thread: How does an MP3 contain a Virus???

  1. #11
    Join Date
    Mar 2003
    Posts
    1,700
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    Virii however, are written using LOOPS and almost NEVER have an exit condition. Because of this, a virus, once loaded, stays in memory forever.

    However, how would you get a virus to load on a pc if the file was named virus.exe? Who would run the file? That's exactly why virii use stealth techniques, like adding themselves to the header instruction set of another exe file, (thereby infecting the file). Usually this is within the first 8 bytes of the exe file. Specifications differ nowadays.

    However a virus cannot do this on its own. The original hacker has to wrap it in an exe file and then upload it somewhere. The next person who downloads and runs the file, loads the virus into memory.

    MPEG and MP3 virii have their own execute instruction set header. All they need to do is to get into memory. If you recall, a file is noting more than a stream of bits. If you concatenate a stream of bits from an MP3 file with the bitstream of a virus and then the bit stream of the rest of the mp3 file, all you've done is wrap the virus into the file. The file will still load. But when it gets to the part where your player is to render the virus bit stream, it will either produce noise, a stopgap, or in a worse case scenario, crash your player (since it is not expecting that bit stream in the middle of the MP3 bit stream).

    Smart players will load the stream into memory, realise that it can't play it, and move on. The weaker player will load it into memory, keep trying to read the bit stream, and fall into a divide by zero bitshift or an infinite loop - thus hanging the program or crashing it.

    The bottom line is, once that bit stream gets into memory, it's all downhill from there. Concatenating bit streams of different file types is nothing new. This should come as no surprise to anyone. Ofcourse, it's not as simple as I've outlined above, as to concatenate bitstreams, bitshifting is necessary, and that... is a fairly complicated thing to program.

  2. #12
    Join Date
    May 2003
    Posts
    896
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    So what interprets the virii code?

  3. #13
    Join Date
    Mar 2003
    Posts
    1,700
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    The code in a virus looks something like this:

    Code:
    int x = 0;
    while (x < 1){
       //execute all kinds of evil things  ;D
       //x is NEVER incremented *evil grin*
       }
    Virii code is almost always based on perpetual loops.

  4. #14
    Join Date
    Mar 2003
    Posts
    1,700
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    So what interprets the virii code?
    The operating system. The operating system executes the code. It has no reason to suspect the code. Remember, a virus is STILL an executable bitstream. All it does is find means to get into memory. Once it gets there, the operating system will find it, and execute it. An operating system works like this:

    Code:
    dim x as Long Integer
    dim programArray Array[] //A resizeable array
    x = 0;
    while MEMORY.location != '/0'                //the null bit
       programArray[x] = MEMORY[x];
       run programArray[x];
       x++; //increment X by 1, in other words, move to the next memory location that is not empty
    endWhile
    So all the operating system does is find all executable code in memory, and RUN it. The operating system is almost like a virus, in that it is a constantly running loop. But UNLIKE a virus, the operating system has an exit condition (not shown above).

    Without getting too technical, it's easy for you to see why once the virus gets into memory, your operating system will detect it as executable code, and RUN it. Again, all the virus needs to do is get into memory. How it gets there, is irrelevant.

  5. #15
    Join Date
    May 2003
    Posts
    3,041
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    [quote author=Xenocrates link=board=5;threadid=1247;start=0#msg11697 date=1058215528]
    The code in a virus looks something like this:

    Code:
    int x = 0;
    while (x < 1){
       //execute all kinds of evil things  ;D
       //x is NEVER incremented *evil grin*
       }
    Virii code is almost always based on perpetual loops.
    [/quote]

    Sure, sure...all this is really good info.
    Thanks too deakie, but i think we all know that site and a handfull more.
    I am not saying that a virus has to be an executable as in .exe file for it to work. What I said was that it has to be called somehow. I acknowledge too that a really skilled person could find a way to exploit sloppy coding in a mp3 player to call a virus. This however is very unlikely. Why? A virus' power relies heavily on the power of the user that called it. Hardly any mp3 player requires administrative privelagees to run.
    A wrapped .exe file is totally different from a wrapped .mp3 file. A mp3 file is read. A exe file has instructions. They are approached from two different angles. In fact, this would be equal to running a virus by opeing a wrapped .txt file.
    : zeen

  6. #16
    Join Date
    May 2003
    Posts
    2,546
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    well, the coding in c isnt my game,, but i would also add that if i knew that an mp3 player, when looking for details in a header, could give the header a lil change that led somewhere else, like an offset which in turn then rose a fucntion, like the loop, to keep the player busy before it saw that the following code was doing summing else.

    hey, how would the user see that? the player crashed or become stuck, unable to shutdown or summing?
    interesting stuff.

  7. #17
    Join Date
    Mar 2003
    Posts
    1,700
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    Somehow I don't think you understood me...

    Let's say for example that: 11110101 is a virus. Cool?

    Let's say that 110010010001010110101 is a file (we don't care what kind of file, it's just a bit stream.)

    When 110010010001010110101 get's loaded into memory, since it starts with 1100 and not 1111, the operating system does not try to execute it. It finds a program that knows how to. Cool?

    If I were a hacker, and I wanted to sneak 11110101 into memory, all I have to do is wrap it like this:

    1100100100 + 11110101 + 01010110101

    to get:

    11001001001111010101010110101

    cool?

    Now, when program X loads the above bit stream, it uses 1100100100 just fine. But when it gets to the 1111, it has a problem. The checksum of that stream doesn't match the checksum that it is expecting. So it either keeps trying to read that stream or moves on.

    When program X is done with 11001001001111010101010110101, it is unloaded from memory EXCEPT 11110101. This is because the operating system has already latched onto 11110101, sees that it starts with 1111 and then attempts to execute it (since this operating system interprets executable bitstreams as those starting with 1111).

    BOOM

    Instant viral infection. I think the part that you are struggling with, is the HOW it is executed. I've said before that the operating system will execute ANY executable bitstream that is loaded into memory. Once it gets into memory, whether intentionally, or accidently, the Operating System will try to interpret it first before it goes anywhere else.

    When you play a MP3 file, Winamp renders the bit stream as a WAVE output. Windows FINDS the WAV output in memory, and redirects it to your Sound Drivers, which in turn, relays it to a Windows Virtual Device driver which is a part of the hardware abstraction layer. The HAL then feeds the WAVE output to your soundcard because that's what it knows it should do with a WAVE output stream in memory.

    However, if Windows does not get a WAVE output bitstream, but rather, an executable one, it will try to execute it.

    Everything that is done on your computer has to go through the operating system before it becomes output to your hardware devices. That's how a virus is executed when it is wrapped. It is basically exploiting a fundamental property of the operating system.

  8. #18
    Join Date
    Apr 2003
    Posts
    1,389
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    back when I used to like getting files from astalavista me n a bredrin came across a certain program that loaded mini-servers unto the users box and then sent out info to a specified locale... so an e-mail adress. This thing could log keystrokes, push windows and the like... the greatest part was that you could attach these mini-servers to ANY file and u wouldn't get a .exe extension, all that happened was that the file bloated in size.

    We messed wit a good couple o our frenz by sending them these sever-appended files then taking control of their box... we made this one guys mom think he was gay (turned up his mic level and listened in on his surroundings, changed his bg color to hot pink and when we heard his door open pushed a few gay website pages so they came up... the person coming in turned out to be his mom, and in his natural reactin to minimize the windows it came across all too wrong .. anyway.. I'm forgiven for that)

    But yeh... I gotta say.. I have to agree with Xeno on this one... as what these would do (don't ask about the mechanics cuz i don't know) .. but on the first call of that file (dbl - click or simple open) the miniservers detached and then "melted away" ... the latest release of Norton was helpless.. only Black Ice Defender caught it.. ;D

    anyway.. i can't explain it devnull .. but I can back the other guys and say it's possible!

  9. #19
    Join Date
    Jan 2003
    Posts
    3,004
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    ok i dont know if this is what u guys r talking about but recently in downloading some songs with kazaa lite the mp3 i got would play for like 15 sec and then the rest is garbled mumbo jumbo, the time of the song is also wrong, some way out time like 9mins. tell me if this is similar to what u guys are talking about?

  10. #20
    Join Date
    May 2003
    Posts
    2,546
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    not necc, could be that its just the bloating virii....oooo i can feel the worry from here...heheh....just remember that the music publishers are putting up fake files on kazza to waste your time.
    if you have to use kazzaa, then check for trojans regularly.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •