Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 50

Thread: How does an MP3 contain a Virus???

  1. #21
    Join Date
    May 2003
    Posts
    896
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    [quote author=GodKid link=board=5;threadid=1247;start=15#msg11728 date=1058219875]
    back when I used to like getting files from astalavista me n a bredrin came across a certain program that loaded mini-servers unto the users box and then sent out info to a specified locale... so an e-mail adress. This thing could log keystrokes, push windows and the like... the greatest part was that you could attach these mini-servers to ANY file and u wouldn't get a .exe extension, all that happened was that the file bloated in size.

    We messed wit a good couple o our frenz by sending them these sever-appended files then taking control of their box... we made this one guys mom think he was gay (turned up his mic level and listened in on his surroundings, changed his bg color to hot pink and when we heard his door open pushed a few gay website pages so they came up... the person coming in turned out to be his mom, and in his natural reactin to minimize the windows it came across all too wrong .. anyway.. I'm forgiven for that)

    But yeh... I gotta say.. I have to agree with Xeno on this one... as what these would do (don't ask about the mechanics cuz i don't know) .. but on the first call of that file (dbl - click or simple open) the miniservers detached and then "melted away" ... the latest release of Norton was helpless.. only Black Ice Defender caught it.. ;D

    anyway.. i can't explain it devnull .. but I can back the other guys and say it's possible!
    [/quote]

    I understand what you are sayin Godkid about binding a trojan with an exe file and sending it to another person for I use to do that to and I named the fiel mypic.exe and funny enought people were stupid enough to open a file called mypic.exe. But we are discussing right now is a mp3 file transporting code that can be executed upon execution of the mp3 itself.

  2. #22
    Join Date
    May 2003
    Posts
    896
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    [quote author=<<MiTcHiE>> link=board=5;threadid=1247;start=15#msg11742 date=1058220915]
    ok i dont know if this is what u guys r talking about but recently in downloading some songs with kazaa lite the mp3 i got would play for like 15 sec and then the rest is garbled mumbo jumbo, the time of the song is also wrong, some way out time like 9mins. tell me if this is similar to what u guys are talking about?
    [/quote]

    This is what Xeno is telling us to be aware of although not all instances of this problem point to a trojan/virus.

  3. #23
    Join Date
    Jan 2003
    Posts
    3,004
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    devnull, now u r scaring me, because i just re installed xp, and i am yet to install norton antivirus 2003 because i cant bother to download all the tons of updates, and i am yet to reinstall my trojan remover, i might do this tonight. it also leaves me to wonder if this is the reason my machine is starting to hang at startup and at random instances :'(

  4. #24
    Join Date
    May 2003
    Posts
    896
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    With all this information it still hasnt been proven that this is done. How would one insert code into an mp3. You simple cant open up notepad and do it cuz that wont work eithe rwith wav or mp3. Are there any programs that allow this type of 'hack' to be done? If so point me in the direction of such program so that I may experiment with it.

    Its easily done with two exe's but an mp3 file executing contained text? This no doubt has to be around the internet somewhere so an example shouldn't be too hard to find.

  5. #25
    Join Date
    Mar 2003
    Posts
    1,700
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    Devnull, I thoroughly respect your doubt in the matter. I respect it because it's a true sign of a REAL techie. You don't accept everything you hear / read. I thoroughly respect that dude. But I'm not trying to pull the wool over your eyes, nor would I try to mislead all of the members of this site.

    I say that wrapping a trojan with an MP3 IS POSSIBLE because I have done it before with an MPEG MOVIE and a JPEG picture.

    The movie played, and the Picture opened, but I was still able to usurp control over the machine by wrapping a trojan with an MPEG movie and a JPEG picture. These are the same people that developed the MPEG Layer 3 standard for audio. The technology is not that radically different. If I was able to do it with an MPEG movie, I see no reason why it cannot be done with an MP3 file.

    I think you are somehow choosing not to accept what I've told you. That's cool. I totally respect your doubt none-the-less. But I'm telling you that it is possible. I've tried my best to explain to you how it is done but somehow you still don't seem to understand. I really don't know how else to explain it to you. I don't know how you were able to miss news that the RIAA and the MPAA were planning to do this to find out who was downloading Movies and stealing music VIA Kazaa. It was a severe blow to the RIAA when the court decided against it because it was using the same methods that hackers used.

    [More to come...]

  6. #26
    Join Date
    Mar 2003
    Posts
    1,700
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    Devnull, hear me out. I've told you that once a bit stream is executable, and it gets into memory, the OS will try to execute it. To make it as simple as possible for you to understand, check this pseudocode for a typical OS:

    start
    while the user has not chosen to exit
    enumerate all bitstreams in memory
    if the bitstream is executable
    execute the bitstream
    else
    determine which program recognizes this bitstream
    call that program
    endif
    endWhile
    end

    A program that calls an MP3 that is infected uses the following pseudocode:

    start
    open an exclusive handle to the file
    read the first 4 bytes of the file
    if it is bitstream that we're supposed to handle
    process the 4 bytes we just read
    pass output to operating system
    while we're not at the end of the file
    read the next 4 bytes of the file
    if it is bitstream that we're supposed to handle
    process the bytes
    else
    read the next 4 bytes of the file
    loop // This loop statement takes us back to the While loop
    // and skips the pass output statement below.
    // This leaves the deviant bitstream in memory.
    // The operating system will recognize the bitstream
    // at this point as an executable one, and run it.
    endif
    pass output to operating system
    endWhile
    endIf
    stop

    Everytime the READ command is executed, the Operating System temporarily takes control from WinAmp, or whatever you are using to play the file, because the READ statement is not a WINAMP command, it's an OS command. Only the OS has direct access to your computer's hardware. The OS will then analyse the bitstream and realise that it is not executable and pass control back to WinAmp.

    IF however, the bitstream happens to be executable, it will run it. Control will still be passed back to WinAmp. Because WinAmp uses the basic algorithm shown above, it will neither crash, nor play garbage (unless the bit stream is pretty long). What it will do is suddenly JUMP to the next readable portion of the MP3. So what you hear in an infected MP3 file is something like:

    "I'm coming up so you better...........started"

    The "get this party" portion of the MP3 file was overwritten in the bitshift with the bits for the trojan. Winamp skips over the deviant bitstream (because it doesn't recognize it) and continues to play where it recognizes something that it can handle. The deviant portion is caught by the operating system (since it examines every bit that is processed before passing control back to WinAmp).

    [More to come...]

  7. #27
    Join Date
    Mar 2003
    Posts
    1,700
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    I'm sure you've heard of processor threads. Threads are the silver bullet that makes operating systems such as Windows NT, 2000 and XP more stable than their Win9X counterparts. This threading function is what examines each bit that programs use to ensure that program is not trying to directly access the hardware.

    This was a major flaw with earlier operating systems (allowing programs to directly access hardware) which allowed virii like AntiCMOS and AntiEXE to run amok in Windows 95, Windows 3.1 and MS-DOS. These older virii directly accessed hardware and in some cases caused physical damage to hard drives and processors.

    These virii will never run under Windows XP or Windows NT because their executable startup bitset is not recognized as a Windows XP or NT application. That's why you get the error:

    "This is not a valid Windows application"

    when you try to run some older DOS programs under Windows XP or even Windows 2000.

  8. #28
    Join Date
    May 2003
    Posts
    896
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    Xeno I understand your explanations down to the most minute bit (no pun intended...well maybe a little;D) but I think I may need to do some personal research on this but if it is possible why hasn't this exploit been put forth by mass media?

  9. #29
    Join Date
    Mar 2003
    Posts
    1,700
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    Please note, that not every MP3 file with skips or jumps is infected. The file could genuinely merely have a few corrupted bits in its stream. That is the reason why it's would be so hard for end users to determine whether or not an MP3 is infected.

    If the RIAA was given the go ahead to use this method to catch people who download movies and music via peer to peer networks, we'd all have been screwed. Royally. :-\

  10. #30
    Join Date
    Mar 2003
    Posts
    1,700
    Rep Power
    0

    Default Re:How does an MP3 contain a Virus???

    Devnull, how many people were panicking when the year 2000 was coming around? No matter how many techie's sounded the "you are overreacting" alert, people were still panicking that the Year 2000 Bug was going to end civilization once and for all.

    Every website from CNN to MSN was touting the validity of the fact that the world was going to end in 2000 and that planes would fall out of the sky, and mass riots would envelope the world.

    It's all about mass hysteria Devnull. The greater public is still ignorant and mystified by computers. That's one of the reaons why this site exists. I'm sure nobody here freaked out when the year 2000 rolled around. Why is that? It's because we're all techies here and we know that this year 2000 nonsense was just overhyped public hysteria. But no matter how many people we tell, they will still believe the hype.

    [More to come...]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •