Bast brought next idea :
>
> FromTheRafters wrote:
>> Bast expressed precisely :
>>>
>>> FromTheRafters wrote:
>>>> Bast submitted this idea :
>>>>>
>>>>> Virus Guy wrote:
>>>>>> "David H. Lipman" wrote:
>>>>>>
>>>>>>>>> It it even possible that when launched from a media-player (such
>>>>>>>>> as VLC) that there exists a class of avi, mp3, flac (etc) malware
>>>>>>>>> that can leverage a player vulnerability and cause it to run
>>>>>>>>> arbitrary code?
>>>>>>>>
>>>>>>>> Yes.
>>>>>>>>
>>>>>>>> Some specific players could be tricked into visiting a maliciously
>>>>>>>> formed website embedded in the id3tags.
>>>>>>
>>>>>>>> The Wimad trojan
>>>>>>
>>>>>> So basically these boil down to browser exploits. A URL launched
>>>>>> from Windoze Media Player is still a browser exploit.
>>>>>>
>>>>>> And they're not even exploits - they depend on user action in the
>>>>>> browser to allow what-ever operation they're trying to accomplish
>>>>>> (ie - social engineering).
>>>>>>
>>>>>> What I'm asking about is a media file that upon playing can cause
>>>>>> any media player to run arbitrary code WITHOUT NEEDING THE USER'S
>>>>>> HELP, and thereby cause the user's system to download secondary
>>>>>> payloads,
>>>>>> change registry settings, etc. All without enlisting the system's
>>>>>> web-browser. Has there ever been a media file (mp3, avi, flac, etc)
>>>>>> that could
>>>>>> accomplish that?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Nope, not if a user has file types set.
>>>>>
>>>>> An exploit in widows can allow renaming a file extension from say
>>>>> .exe to .mov
>>>>> Or naming it with no extension at all.
>>>>> And windows was stupid enough to recognize it as an .exe despite the
>>>>> extension, and run it as such.
>>>>
>>>> Er, what is stupid is relying on the extension to mean anything. Now,
>>>> it is usually the actual format of the file that tells the OS what it
>>>> really is and how it should be handled.
>>>>>
>>>>> But that is almost impossible now, unless users manually allow that.
>>>>
>>>> Don't trust names to have any meaning, that goes for extensions too.
>>>
>>>
>>>
>>>
>>> The whole point is if you set your system to specific applications for
>>> certain extensions,.....you can't run into too many problems if say a
>>> file with .mov or .avi, that is really a malware type .exe,....
>>> automatically is opened by a video player, all it will do is choke and
>>> throw an error without doing any damage.
>>>
>>> Let windows decide on it's own how to run it and you are begging for
>>> problems
>>
>> Right, but when you download a file you are not actually downloading a
>> file,
>
>
> Whaaaaa ??????
> You download a file, PERIOD.

Okay.
>
> you are downloading content from a remote file into a new local
>> file that may or may not even have the same naming convention. If
>> decisions were made as to what icon to present in the GUI or what
>> application to associate the file with are made with respect to the
>> content rather than the filename there would be less chance for
>> confusion. A exefile named benign.jpg would still be associated with
>> the loader chain and have an icon showing it as an executable.
>>
>> Custom icons could still be used, but as with the little arrow that
>> Windows uses for shortcut icons - there could be a little star or
>> border or something to show it as an executable. That way, if an exe
>> had an icon like notepad and an extension of .txt it would *still* show
>> the user that it is an executable and it would still be loadable
>> because the OS uses the content rather than the name to make its
>> decisions about loading an executable image.
>
>
>
>
> FILE ICONS are created and placed by your own system, they are not downloaded
> with files.

Some are, some aren't.

> Website icons are downloaded only when you view a webpage but are only saved
> and read by a browser.

Okay.