Microsoft: piracy is getting virusy

[FromTheRafters]

Bast expressed precisely :
>
> FromTheRafters wrote:
>> Bast submitted this idea :
>>>
>>> Virus Guy wrote:
>>>> "David H. Lipman" wrote:
>>>>
>>>>>>> It it even possible that when launched from a media-player (such
>>>>>>> as VLC) that there exists a class of avi, mp3, flac (etc) malware
>>>>>>> that can leverage a player vulnerability and cause it to run
>>>>>>> arbitrary code?
>>>>>>
>>>>>> Yes.
>>>>>>
>>>>>> Some specific players could be tricked into visiting a maliciously
>>>>>> formed website embedded in the id3tags.
>>>>
>>>>>> The Wimad trojan
>>>>
>>>> So basically these boil down to browser exploits. A URL launched from
>>>> Windoze Media Player is still a browser exploit.
>>>>
>>>> And they're not even exploits - they depend on user action in the
>>>> browser to allow what-ever operation they're trying to accomplish (ie
>>>> - social engineering).
>>>>
>>>> What I'm asking about is a media file that upon playing can cause any
>>>> media player to run arbitrary code WITHOUT NEEDING THE USER'S HELP,
>>>> and thereby cause the user's system to download secondary payloads,
>>>> change registry settings, etc. All without enlisting the system's
>>>> web-browser. Has there ever been a media file (mp3, avi, flac, etc) that
>>>> could
>>>> accomplish that?
>>>
>>>
>>>
>>>
>>> Nope, not if a user has file types set.
>>>
>>> An exploit in widows can allow renaming a file extension from say .exe
>>> to .mov
>>> Or naming it with no extension at all.
>>> And windows was stupid enough to recognize it as an .exe despite the
>>> extension, and run it as such.
>>
>> Er, what is stupid is relying on the extension to mean anything. Now,
>> it is usually the actual format of the file that tells the OS what it
>> really is and how it should be handled.
>>>
>>> But that is almost impossible now, unless users manually allow that.
>>
>> Don't trust names to have any meaning, that goes for extensions too.
>
>
>
>
> The whole point is if you set your system to specific applications for
> certain extensions,.....you can't run into too many problems if say a file
> with .mov or .avi, that is really a malware type .exe,.... automatically is
> opened by a video player, all it will do is choke and throw an error without
> doing any damage.
>
> Let windows decide on it's own how to run it and you are begging for problems

Right, but when you download a file you are not actually downloading a
file, you are downloading content from a remote file into a new local
file that may or may not even have the same naming convention. If
decisions were made as to what icon to present in the GUI or what
application to associate the file with are made with respect to the
content rather than the filename there would be less chance for
confusion. A exefile named benign.jpg would still be associated with
the loader chain and have an icon showing it as an executable.

Custom icons could still be used, but as with the little arrow that
Windows uses for shortcut icons - there could be a little star or
border or something to show it as an executable. That way, if an exe
had an icon like notepad and an extension of .txt it would *still* show
the user that it is an executable and it would still be loadable
because the OS uses the content rather than the name to make its
decisions about loading an executable image.

[Bast]

FromTheRafters wrote:
> Bast expressed precisely :
>>
>> FromTheRafters wrote:
>>> Bast submitted this idea :
>>>>
>>>> Virus Guy wrote:
>>>>> "David H. Lipman" wrote:
>>>>>
>>>>>>>> It it even possible that when launched from a media-player (such
>>>>>>>> as VLC) that there exists a class of avi, mp3, flac (etc) malware
>>>>>>>> that can leverage a player vulnerability and cause it to run
>>>>>>>> arbitrary code?
>>>>>>>
>>>>>>> Yes.
>>>>>>>
>>>>>>> Some specific players could be tricked into visiting a maliciously
>>>>>>> formed website embedded in the id3tags.
>>>>>
>>>>>>> The Wimad trojan
>>>>>
>>>>> So basically these boil down to browser exploits. A URL launched
>>>>> from Windoze Media Player is still a browser exploit.
>>>>>
>>>>> And they're not even exploits - they depend on user action in the
>>>>> browser to allow what-ever operation they're trying to accomplish
>>>>> (ie - social engineering).
>>>>>
>>>>> What I'm asking about is a media file that upon playing can cause
>>>>> any media player to run arbitrary code WITHOUT NEEDING THE USER'S
>>>>> HELP, and thereby cause the user's system to download secondary
>>>>> payloads,
>>>>> change registry settings, etc. All without enlisting the system's
>>>>> web-browser. Has there ever been a media file (mp3, avi, flac, etc)
>>>>> that could
>>>>> accomplish that?
>>>>
>>>>
>>>>
>>>>
>>>> Nope, not if a user has file types set.
>>>>
>>>> An exploit in widows can allow renaming a file extension from say
>>>> .exe to .mov
>>>> Or naming it with no extension at all.
>>>> And windows was stupid enough to recognize it as an .exe despite the
>>>> extension, and run it as such.
>>>
>>> Er, what is stupid is relying on the extension to mean anything. Now,
>>> it is usually the actual format of the file that tells the OS what it
>>> really is and how it should be handled.
>>>>
>>>> But that is almost impossible now, unless users manually allow that.
>>>
>>> Don't trust names to have any meaning, that goes for extensions too.
>>
>>
>>
>>
>> The whole point is if you set your system to specific applications for
>> certain extensions,.....you can't run into too many problems if say a
>> file with .mov or .avi, that is really a malware type .exe,....
>> automatically is opened by a video player, all it will do is choke and
>> throw an error without doing any damage.
>>
>> Let windows decide on it's own how to run it and you are begging for
>> problems
>
> Right, but when you download a file you are not actually downloading a
> file,


Whaaaaa ??????
You download a file, PERIOD.


you are downloading content from a remote file into a new local
> file that may or may not even have the same naming convention. If
> decisions were made as to what icon to present in the GUI or what
> application to associate the file with are made with respect to the
> content rather than the filename there would be less chance for
> confusion. A exefile named benign.jpg would still be associated with
> the loader chain and have an icon showing it as an executable.
>
> Custom icons could still be used, but as with the little arrow that
> Windows uses for shortcut icons - there could be a little star or
> border or something to show it as an executable. That way, if an exe
> had an icon like notepad and an extension of .txt it would *still* show
> the user that it is an executable and it would still be loadable
> because the OS uses the content rather than the name to make its
> decisions about loading an executable image.




FILE ICONS are created and placed by your own system, they are not
downloaded with files.
Website icons are downloaded only when you view a webpage but are only saved
and read by a browser.

[Shadow]

On Sat, 13 Oct 2012 09:08:32 -0400, "Bast" <fakename@nomail.invalid>
wrote:

>FILE ICONS are created and placed by your own system, they are not
>downloaded with files.

Huh ? Maybe in linux, but most Windows icons are in the
(downloaded) executables .....
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

[FromTheRafters]

Bast brought next idea :
>
> FromTheRafters wrote:
>> Bast expressed precisely :
>>>
>>> FromTheRafters wrote:
>>>> Bast submitted this idea :
>>>>>
>>>>> Virus Guy wrote:
>>>>>> "David H. Lipman" wrote:
>>>>>>
>>>>>>>>> It it even possible that when launched from a media-player (such
>>>>>>>>> as VLC) that there exists a class of avi, mp3, flac (etc) malware
>>>>>>>>> that can leverage a player vulnerability and cause it to run
>>>>>>>>> arbitrary code?
>>>>>>>>
>>>>>>>> Yes.
>>>>>>>>
>>>>>>>> Some specific players could be tricked into visiting a maliciously
>>>>>>>> formed website embedded in the id3tags.
>>>>>>
>>>>>>>> The Wimad trojan
>>>>>>
>>>>>> So basically these boil down to browser exploits. A URL launched
>>>>>> from Windoze Media Player is still a browser exploit.
>>>>>>
>>>>>> And they're not even exploits - they depend on user action in the
>>>>>> browser to allow what-ever operation they're trying to accomplish
>>>>>> (ie - social engineering).
>>>>>>
>>>>>> What I'm asking about is a media file that upon playing can cause
>>>>>> any media player to run arbitrary code WITHOUT NEEDING THE USER'S
>>>>>> HELP, and thereby cause the user's system to download secondary
>>>>>> payloads,
>>>>>> change registry settings, etc. All without enlisting the system's
>>>>>> web-browser. Has there ever been a media file (mp3, avi, flac, etc)
>>>>>> that could
>>>>>> accomplish that?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Nope, not if a user has file types set.
>>>>>
>>>>> An exploit in widows can allow renaming a file extension from say
>>>>> .exe to .mov
>>>>> Or naming it with no extension at all.
>>>>> And windows was stupid enough to recognize it as an .exe despite the
>>>>> extension, and run it as such.
>>>>
>>>> Er, what is stupid is relying on the extension to mean anything. Now,
>>>> it is usually the actual format of the file that tells the OS what it
>>>> really is and how it should be handled.
>>>>>
>>>>> But that is almost impossible now, unless users manually allow that.
>>>>
>>>> Don't trust names to have any meaning, that goes for extensions too.
>>>
>>>
>>>
>>>
>>> The whole point is if you set your system to specific applications for
>>> certain extensions,.....you can't run into too many problems if say a
>>> file with .mov or .avi, that is really a malware type .exe,....
>>> automatically is opened by a video player, all it will do is choke and
>>> throw an error without doing any damage.
>>>
>>> Let windows decide on it's own how to run it and you are begging for
>>> problems
>>
>> Right, but when you download a file you are not actually downloading a
>> file,
>
>
> Whaaaaa ??????
> You download a file, PERIOD.

Okay.
>
> you are downloading content from a remote file into a new local
>> file that may or may not even have the same naming convention. If
>> decisions were made as to what icon to present in the GUI or what
>> application to associate the file with are made with respect to the
>> content rather than the filename there would be less chance for
>> confusion. A exefile named benign.jpg would still be associated with
>> the loader chain and have an icon showing it as an executable.
>>
>> Custom icons could still be used, but as with the little arrow that
>> Windows uses for shortcut icons - there could be a little star or
>> border or something to show it as an executable. That way, if an exe
>> had an icon like notepad and an extension of .txt it would *still* show
>> the user that it is an executable and it would still be loadable
>> because the OS uses the content rather than the name to make its
>> decisions about loading an executable image.
>
>
>
>
> FILE ICONS are created and placed by your own system, they are not downloaded
> with files.

Some are, some aren't.

> Website icons are downloaded only when you view a webpage but are only saved
> and read by a browser.

Okay.

[Bast]

FromTheRafters wrote:
> Bast brought next idea :
>>
>> FromTheRafters wrote:
>>> Bast expressed precisely :
>>>>
>>>> FromTheRafters wrote:
>>>>> Bast submitted this idea :
>>>>>>
>>>>>> Virus Guy wrote:
>>>>>>> "David H. Lipman" wrote:
>>>>>>>
>>>>>>>>>> It it even possible that when launched from a media-player
>>>>>>>>>> (such as VLC) that there exists a class of avi, mp3, flac
>>>>>>>>>> (etc) malware that can leverage a player vulnerability and
>>>>>>>>>> cause it to run arbitrary code?
>>>>>>>>>
>>>>>>>>> Yes.
>>>>>>>>>
>>>>>>>>> Some specific players could be tricked into visiting a
>>>>>>>>> maliciously formed website embedded in the id3tags.
>>>>>>>
>>>>>>>>> The Wimad trojan
>>>>>>>
>>>>>>> So basically these boil down to browser exploits. A URL launched
>>>>>>> from Windoze Media Player is still a browser exploit.
>>>>>>>
>>>>>>> And they're not even exploits - they depend on user action in the
>>>>>>> browser to allow what-ever operation they're trying to accomplish
>>>>>>> (ie - social engineering).
>>>>>>>
>>>>>>> What I'm asking about is a media file that upon playing can cause
>>>>>>> any media player to run arbitrary code WITHOUT NEEDING THE USER'S
>>>>>>> HELP, and thereby cause the user's system to download secondary
>>>>>>> payloads,
>>>>>>> change registry settings, etc. All without enlisting the system's
>>>>>>> web-browser. Has there ever been a media file (mp3, avi, flac,
>>>>>>> etc) that could
>>>>>>> accomplish that?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Nope, not if a user has file types set.
>>>>>>
>>>>>> An exploit in widows can allow renaming a file extension from say
>>>>>> .exe to .mov
>>>>>> Or naming it with no extension at all.
>>>>>> And windows was stupid enough to recognize it as an .exe despite
>>>>>> the extension, and run it as such.
>>>>>
>>>>> Er, what is stupid is relying on the extension to mean anything.
>>>>> Now, it is usually the actual format of the file that tells the OS
>>>>> what it really is and how it should be handled.
>>>>>>
>>>>>> But that is almost impossible now, unless users manually allow
>>>>>> that.
>>>>>
>>>>> Don't trust names to have any meaning, that goes for extensions too.
>>>>
>>>>
>>>>
>>>>
>>>> The whole point is if you set your system to specific applications
>>>> for certain extensions,.....you can't run into too many problems if
>>>> say a file with .mov or .avi, that is really a malware type .exe,....
>>>> automatically is opened by a video player, all it will do is choke
>>>> and throw an error without doing any damage.
>>>>
>>>> Let windows decide on it's own how to run it and you are begging for
>>>> problems
>>>
>>> Right, but when you download a file you are not actually downloading a
>>> file,
>>
>>
>> Whaaaaa ??????
>> You download a file, PERIOD.
>
> Okay.
>>
>> you are downloading content from a remote file into a new local
>>> file that may or may not even have the same naming convention. If
>>> decisions were made as to what icon to present in the GUI or what
>>> application to associate the file with are made with respect to the
>>> content rather than the filename there would be less chance for
>>> confusion. A exefile named benign.jpg would still be associated with
>>> the loader chain and have an icon showing it as an executable.
>>>
>>> Custom icons could still be used, but as with the little arrow that
>>> Windows uses for shortcut icons - there could be a little star or
>>> border or something to show it as an executable. That way, if an exe
>>> had an icon like notepad and an extension of .txt it would *still*
>>> show the user that it is an executable and it would still be loadable
>>> because the OS uses the content rather than the name to make its
>>> decisions about loading an executable image.
>>
>>
>>
>>
>> FILE ICONS are created and placed by your own system, they are not
>> downloaded with files.
>
> Some are, some aren't.



I am pointing out that if you simply download a file of data, you don't get
a file icon with it.
Unless you download a .zip and it's in there.

However you can download ICON FILES as prepared graphics (.ico) , but then
you have to manually assign them to a file type

But in the context of this thread you have virtually no chance of
downloading an .Mp3 or .avi and having an icon come in with it.






>
>> Website icons are downloaded only when you view a webpage but are only
>> saved and read by a browser.
>
> Okay.

[FromTheRafters]

Bast wrote on 10/14/2012 :
>
> FromTheRafters wrote:
>> Bast brought next idea :
>>>
>>> FromTheRafters wrote:
>>>> Bast expressed precisely :
>>>>>
>>>>> FromTheRafters wrote:
>>>>>> Bast submitted this idea :
>>>>>>>
>>>>>>> Virus Guy wrote:
>>>>>>>> "David H. Lipman" wrote:
>>>>>>>>
>>>>>>>>>>> It it even possible that when launched from a media-player
>>>>>>>>>>> (such as VLC) that there exists a class of avi, mp3, flac
>>>>>>>>>>> (etc) malware that can leverage a player vulnerability and
>>>>>>>>>>> cause it to run arbitrary code?
>>>>>>>>>>
>>>>>>>>>> Yes.
>>>>>>>>>>
>>>>>>>>>> Some specific players could be tricked into visiting a
>>>>>>>>>> maliciously formed website embedded in the id3tags.
>>>>>>>>
>>>>>>>>>> The Wimad trojan
>>>>>>>>
>>>>>>>> So basically these boil down to browser exploits. A URL launched
>>>>>>>> from Windoze Media Player is still a browser exploit.
>>>>>>>>
>>>>>>>> And they're not even exploits - they depend on user action in the
>>>>>>>> browser to allow what-ever operation they're trying to accomplish
>>>>>>>> (ie - social engineering).
>>>>>>>>
>>>>>>>> What I'm asking about is a media file that upon playing can cause
>>>>>>>> any media player to run arbitrary code WITHOUT NEEDING THE USER'S
>>>>>>>> HELP, and thereby cause the user's system to download secondary
>>>>>>>> payloads,
>>>>>>>> change registry settings, etc. All without enlisting the system's
>>>>>>>> web-browser. Has there ever been a media file (mp3, avi, flac,
>>>>>>>> etc) that could
>>>>>>>> accomplish that?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Nope, not if a user has file types set.
>>>>>>>
>>>>>>> An exploit in widows can allow renaming a file extension from say
>>>>>>> .exe to .mov
>>>>>>> Or naming it with no extension at all.
>>>>>>> And windows was stupid enough to recognize it as an .exe despite
>>>>>>> the extension, and run it as such.
>>>>>>
>>>>>> Er, what is stupid is relying on the extension to mean anything.
>>>>>> Now, it is usually the actual format of the file that tells the OS
>>>>>> what it really is and how it should be handled.
>>>>>>>
>>>>>>> But that is almost impossible now, unless users manually allow
>>>>>>> that.
>>>>>>
>>>>>> Don't trust names to have any meaning, that goes for extensions too.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> The whole point is if you set your system to specific applications
>>>>> for certain extensions,.....you can't run into too many problems if
>>>>> say a file with .mov or .avi, that is really a malware type .exe,....
>>>>> automatically is opened by a video player, all it will do is choke
>>>>> and throw an error without doing any damage.
>>>>>
>>>>> Let windows decide on it's own how to run it and you are begging for
>>>>> problems
>>>>
>>>> Right, but when you download a file you are not actually downloading a
>>>> file,
>>>
>>>
>>> Whaaaaa ??????
>>> You download a file, PERIOD.
>>
>> Okay.
>>>
>>> you are downloading content from a remote file into a new local
>>>> file that may or may not even have the same naming convention. If
>>>> decisions were made as to what icon to present in the GUI or what
>>>> application to associate the file with are made with respect to the
>>>> content rather than the filename there would be less chance for
>>>> confusion. A exefile named benign.jpg would still be associated with
>>>> the loader chain and have an icon showing it as an executable.
>>>>
>>>> Custom icons could still be used, but as with the little arrow that
>>>> Windows uses for shortcut icons - there could be a little star or
>>>> border or something to show it as an executable. That way, if an exe
>>>> had an icon like notepad and an extension of .txt it would *still*
>>>> show the user that it is an executable and it would still be loadable
>>>> because the OS uses the content rather than the name to make its
>>>> decisions about loading an executable image.
>>>
>>>
>>>
>>>
>>> FILE ICONS are created and placed by your own system, they are not
>>> downloaded with files.
>>
>> Some are, some aren't.
>
>
>
> I am pointing out that if you simply download a file of data, you don't get a
> file icon with it.
> Unless you download a .zip and it's in there.

Yes, and I was pointing out that what actually happens is that your OS
has its filesystem create a new "file" as a destination for the content
of the remote (source) "file's" content. There is no actual "file"
being transferred even though you may be using FTP which by its name
should be a Protocol for Tranferring Files. The source file may even
have a name that is incompatible with your local OS/filesystem's
destination file.
>
> However you can download ICON FILES as prepared graphics (.ico) , but then
> you have to manually assign them to a file type

Yes, and some DLLs are icon libraries as opposed to executable code
libraries. Still, if you try to download an icon file, what you get is
a local file being created on the filesystem for the content of the
remote icon file to be stored locally in. You don't get "that file" -
in fact you may get one of a different name (8.3 vs. LFN) depending on
your system.
>
> But in the context of this thread you have virtually no chance of downloading
> an .Mp3 or .avi and having an icon come in with it.

Of course not, but an executable file can have its own custom icon that
travels with the content when it is downloaded.

[...]

[Bast]

FromTheRafters wrote:
> Bast wrote on 10/14/2012 :
>>
>> FromTheRafters wrote:
>>> Bast brought next idea :
>>>>
>>>> FromTheRafters wrote:
>>>>> Bast expressed precisely :
>>>>>>
>>>>>> FromTheRafters wrote:
>>>>>>> Bast submitted this idea :
>>>>>>>>
>>>>>>>> Virus Guy wrote:
>>>>>>>>> "David H. Lipman" wrote:
>>>>>>>>>
>>>>>>>>>>>> It it even possible that when launched from a media-player
>>>>>>>>>>>> (such as VLC) that there exists a class of avi, mp3, flac
>>>>>>>>>>>> (etc) malware that can leverage a player vulnerability and
>>>>>>>>>>>> cause it to run arbitrary code?
>>>>>>>>>>>
>>>>>>>>>>> Yes.
>>>>>>>>>>>
>>>>>>>>>>> Some specific players could be tricked into visiting a
>>>>>>>>>>> maliciously formed website embedded in the id3tags.
>>>>>>>>>
>>>>>>>>>>> The Wimad trojan
>>>>>>>>>
>>>>>>>>> So basically these boil down to browser exploits. A URL
>>>>>>>>> launched from Windoze Media Player is still a browser exploit.
>>>>>>>>>
>>>>>>>>> And they're not even exploits - they depend on user action in
>>>>>>>>> the browser to allow what-ever operation they're trying to
>>>>>>>>> accomplish (ie - social engineering).
>>>>>>>>>
>>>>>>>>> What I'm asking about is a media file that upon playing can
>>>>>>>>> cause any media player to run arbitrary code WITHOUT NEEDING
>>>>>>>>> THE USER'S HELP, and thereby cause the user's system to
>>>>>>>>> download secondary payloads,
>>>>>>>>> change registry settings, etc. All without enlisting the
>>>>>>>>> system's web-browser. Has there ever been a media file (mp3,
>>>>>>>>> avi, flac, etc) that could
>>>>>>>>> accomplish that?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Nope, not if a user has file types set.
>>>>>>>>
>>>>>>>> An exploit in widows can allow renaming a file extension from say
>>>>>>>> .exe to .mov
>>>>>>>> Or naming it with no extension at all.
>>>>>>>> And windows was stupid enough to recognize it as an .exe despite
>>>>>>>> the extension, and run it as such.
>>>>>>>
>>>>>>> Er, what is stupid is relying on the extension to mean anything.
>>>>>>> Now, it is usually the actual format of the file that tells the OS
>>>>>>> what it really is and how it should be handled.
>>>>>>>>
>>>>>>>> But that is almost impossible now, unless users manually allow
>>>>>>>> that.
>>>>>>>
>>>>>>> Don't trust names to have any meaning, that goes for extensions
>>>>>>> too.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> The whole point is if you set your system to specific applications
>>>>>> for certain extensions,.....you can't run into too many problems if
>>>>>> say a file with .mov or .avi, that is really a malware type
>>>>>> .exe,.... automatically is opened by a video player, all it will
>>>>>> do is choke and throw an error without doing any damage.
>>>>>>
>>>>>> Let windows decide on it's own how to run it and you are begging
>>>>>> for problems
>>>>>
>>>>> Right, but when you download a file you are not actually
>>>>> downloading a file,
>>>>
>>>>
>>>> Whaaaaa ??????
>>>> You download a file, PERIOD.
>>>
>>> Okay.
>>>>
>>>> you are downloading content from a remote file into a new local
>>>>> file that may or may not even have the same naming convention. If
>>>>> decisions were made as to what icon to present in the GUI or what
>>>>> application to associate the file with are made with respect to the
>>>>> content rather than the filename there would be less chance for
>>>>> confusion. A exefile named benign.jpg would still be associated with
>>>>> the loader chain and have an icon showing it as an executable.
>>>>>
>>>>> Custom icons could still be used, but as with the little arrow that
>>>>> Windows uses for shortcut icons - there could be a little star or
>>>>> border or something to show it as an executable. That way, if an exe
>>>>> had an icon like notepad and an extension of .txt it would *still*
>>>>> show the user that it is an executable and it would still be
>>>>> loadable because the OS uses the content rather than the name to
>>>>> make its decisions about loading an executable image.
>>>>
>>>>
>>>>
>>>>
>>>> FILE ICONS are created and placed by your own system, they are not
>>>> downloaded with files.
>>>
>>> Some are, some aren't.
>>
>>
>>
>> I am pointing out that if you simply download a file of data, you
>> don't get a file icon with it.
>> Unless you download a .zip and it's in there.
>
> Yes, and I was pointing out that what actually happens is that your OS
> has its filesystem create a new "file" as a destination for the content
> of the remote (source) "file's" content. There is no actual "file"
> being transferred even though you may be using FTP which by its name
> should be a Protocol for Tranferring Files. The source file may even
> have a name that is incompatible with your local OS/filesystem's
> destination file.
>>
>> However you can download ICON FILES as prepared graphics (.ico) , but
>> then you have to manually assign them to a file type
>
> Yes, and some DLLs are icon libraries as opposed to executable code
> libraries. Still, if you try to download an icon file, what you get is
> a local file being created on the filesystem for the content of the
> remote icon file to be stored locally in. You don't get "that file" -
> in fact you may get one of a different name (8.3 vs. LFN) depending on
> your system.
>>
>> But in the context of this thread you have virtually no chance of
>> downloading an .Mp3 or .avi and having an icon come in with it.
>
> Of course not, but an executable file can have its own custom icon that
> travels with the content when it is downloaded.
>
> [...]



But who would be stupid enough to think an .exe would contain media content
?

[FromTheRafters]

It happens that Bast formulated :
>
> FromTheRafters wrote:
>> Bast wrote on 10/14/2012 :
>>>
>>> FromTheRafters wrote:
>>>> Bast brought next idea :
>>>>>
>>>>> FromTheRafters wrote:
>>>>>> Bast expressed precisely :
>>>>>>>
>>>>>>> FromTheRafters wrote:
>>>>>>>> Bast submitted this idea :
>>>>>>>>>
>>>>>>>>> Virus Guy wrote:
>>>>>>>>>> "David H. Lipman" wrote:
>>>>>>>>>>
>>>>>>>>>>>>> It it even possible that when launched from a media-player
>>>>>>>>>>>>> (such as VLC) that there exists a class of avi, mp3, flac
>>>>>>>>>>>>> (etc) malware that can leverage a player vulnerability and
>>>>>>>>>>>>> cause it to run arbitrary code?
>>>>>>>>>>>>
>>>>>>>>>>>> Yes.
>>>>>>>>>>>>
>>>>>>>>>>>> Some specific players could be tricked into visiting a
>>>>>>>>>>>> maliciously formed website embedded in the id3tags.
>>>>>>>>>>
>>>>>>>>>>>> The Wimad trojan
>>>>>>>>>>
>>>>>>>>>> So basically these boil down to browser exploits. A URL
>>>>>>>>>> launched from Windoze Media Player is still a browser exploit.
>>>>>>>>>>
>>>>>>>>>> And they're not even exploits - they depend on user action in
>>>>>>>>>> the browser to allow what-ever operation they're trying to
>>>>>>>>>> accomplish (ie - social engineering).
>>>>>>>>>>
>>>>>>>>>> What I'm asking about is a media file that upon playing can
>>>>>>>>>> cause any media player to run arbitrary code WITHOUT NEEDING
>>>>>>>>>> THE USER'S HELP, and thereby cause the user's system to
>>>>>>>>>> download secondary payloads,
>>>>>>>>>> change registry settings, etc. All without enlisting the
>>>>>>>>>> system's web-browser. Has there ever been a media file (mp3,
>>>>>>>>>> avi, flac, etc) that could
>>>>>>>>>> accomplish that?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Nope, not if a user has file types set.
>>>>>>>>>
>>>>>>>>> An exploit in widows can allow renaming a file extension from say
>>>>>>>>> .exe to .mov
>>>>>>>>> Or naming it with no extension at all.
>>>>>>>>> And windows was stupid enough to recognize it as an .exe despite
>>>>>>>>> the extension, and run it as such.
>>>>>>>>
>>>>>>>> Er, what is stupid is relying on the extension to mean anything.
>>>>>>>> Now, it is usually the actual format of the file that tells the OS
>>>>>>>> what it really is and how it should be handled.
>>>>>>>>>
>>>>>>>>> But that is almost impossible now, unless users manually allow
>>>>>>>>> that.
>>>>>>>>
>>>>>>>> Don't trust names to have any meaning, that goes for extensions
>>>>>>>> too.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> The whole point is if you set your system to specific applications
>>>>>>> for certain extensions,.....you can't run into too many problems if
>>>>>>> say a file with .mov or .avi, that is really a malware type
>>>>>>> .exe,.... automatically is opened by a video player, all it will
>>>>>>> do is choke and throw an error without doing any damage.
>>>>>>>
>>>>>>> Let windows decide on it's own how to run it and you are begging
>>>>>>> for problems
>>>>>>
>>>>>> Right, but when you download a file you are not actually
>>>>>> downloading a file,
>>>>>
>>>>>
>>>>> Whaaaaa ??????
>>>>> You download a file, PERIOD.
>>>>
>>>> Okay.
>>>>>
>>>>> you are downloading content from a remote file into a new local
>>>>>> file that may or may not even have the same naming convention. If
>>>>>> decisions were made as to what icon to present in the GUI or what
>>>>>> application to associate the file with are made with respect to the
>>>>>> content rather than the filename there would be less chance for
>>>>>> confusion. A exefile named benign.jpg would still be associated with
>>>>>> the loader chain and have an icon showing it as an executable.
>>>>>>
>>>>>> Custom icons could still be used, but as with the little arrow that
>>>>>> Windows uses for shortcut icons - there could be a little star or
>>>>>> border or something to show it as an executable. That way, if an exe
>>>>>> had an icon like notepad and an extension of .txt it would *still*
>>>>>> show the user that it is an executable and it would still be
>>>>>> loadable because the OS uses the content rather than the name to
>>>>>> make its decisions about loading an executable image.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> FILE ICONS are created and placed by your own system, they are not
>>>>> downloaded with files.
>>>>
>>>> Some are, some aren't.
>>>
>>>
>>>
>>> I am pointing out that if you simply download a file of data, you
>>> don't get a file icon with it.
>>> Unless you download a .zip and it's in there.
>>
>> Yes, and I was pointing out that what actually happens is that your OS
>> has its filesystem create a new "file" as a destination for the content
>> of the remote (source) "file's" content. There is no actual "file"
>> being transferred even though you may be using FTP which by its name
>> should be a Protocol for Tranferring Files. The source file may even
>> have a name that is incompatible with your local OS/filesystem's
>> destination file.
>>>
>>> However you can download ICON FILES as prepared graphics (.ico) , but
>>> then you have to manually assign them to a file type
>>
>> Yes, and some DLLs are icon libraries as opposed to executable code
>> libraries. Still, if you try to download an icon file, what you get is
>> a local file being created on the filesystem for the content of the
>> remote icon file to be stored locally in. You don't get "that file" -
>> in fact you may get one of a different name (8.3 vs. LFN) depending on
>> your system.
>>>
>>> But in the context of this thread you have virtually no chance of
>>> downloading an .Mp3 or .avi and having an icon come in with it.
>>
>> Of course not, but an executable file can have its own custom icon that
>> travels with the content when it is downloaded.
>>
>> [...]
>
>
>
> But who would be stupid enough to think an .exe would contain media content ?

I've seen executable files with RLO characters in their filename so
that the shell GUI displays something like simplexe.txt for what
*really* is an executable named simpl[RLO}txt.exe.

one might even be able to see that here since NNTP supports Unicode
now.

simplexe.txt
simpl*txt.exe

If this executable had a notepad icon in its resource section then it
wouldn't take an idiot to be fooled.