Page 1 of 6 123 ... LastLast
Results 1 to 10 of 57

Thread: Microsoft: piracy is getting virusy

  1. #1
    David_B Guest

    Microsoft: piracy is getting virusy

    The underweb grows ever more slimy, Microsoft says, as downloads of
    pirated movies, music, software and other media increasingly come
    bearing malware.

    In the latest edition of the Microsoft Security Intelligence Report
    [PDF], released on Monday, the company tackles unsafe supply chains,
    which it describes as "the websites, protocols, and other channels by
    which software and media files are informally distributed, both legally
    and illegally."

    The definition covers underground sites where pirated software and media
    are openly exchanged, as well as legitimate websites that make shareware
    or free music files available for public download.

    In fact, unsafe supply chains encompass even computers sold at retail.

    More .....

    http://nakedsecurity.sophos.com/2012...d%252Bsecurity

    Or http://goo.gl/RFSJH

  2. #2
    Virus Guy Guest

    Re: Microsoft: piracy is getting virusy

    David_B wrote:

    > The underweb grows ever more slimy, Microsoft says, as downloads of
    > pirated movies, music, software and other media increasingly come
    > bearing malware.


    http://nakedsecurity.sophos.com/2012...getting-virusy

    > The definition covers underground sites where pirated software and
    > media are openly exchanged, as well as legitimate websites that make
    > shareware or free music files available for public download.


    This Micro$oft report seems to want to blur the lines between
    music/movies and software.

    In the many gb worth of music and movies that I've downloaded from
    file-lockers, I haven't come across any files that turned out to be
    malware.

    It it even possible that when launched from a media-player (such as VLC)
    that there exists a class of avi, mp3, flac (etc) malware that can
    leverage a player vulnerability and cause it to run arbitrary code?

    I'm well aware of the bogus movie files that upon viewing they try to
    coax you to download a codec, but they can't in-and-of themselves take
    control of your computer - without you helping them.

    The websites where file-locker links to music, movies and software (and
    ebooks, etc) are freely offered (ie - avaxhome.ws) have message boards
    for every offering, and any that are found to be malicious would be
    quickly flagged - but I've never seen this for music, movies or TV
    shows. This is in contrast to torrent sites where there is often a
    barrier to people posting casual, anonymous comments and where movie
    files are often fakes.

    When it comes to software - I'm not so sure that what can be found on
    file-lockers is always the real thing.

    For example, would I download this:

    http://avaxhome.ws/software/software....0.0.2688.html

    ???

    I don't know. I see no mention of a crack or key-gen. This could
    simply be the download package that is freely offered by Avira on their
    website, and is useless without a key or serial.

  3. #3
    David_B Guest

    Re: Microsoft: piracy is getting virusy

    Virus Guy wrote:
    > David_B wrote:
    >
    >> The underweb grows ever more slimy, Microsoft says, as downloads of
    >> pirated movies, music, software and other media increasingly come
    >> bearing malware.

    >
    > http://nakedsecurity.sophos.com/2012...getting-virusy
    >
    >> The definition covers underground sites where pirated software and
    >> media are openly exchanged, as well as legitimate websites that make
    >> shareware or free music files available for public download.

    >
    > This Micro$oft report seems to want to blur the lines between
    > music/movies and software.
    >
    > In the many gb worth of music and movies that I've downloaded from
    > file-lockers, I haven't come across any files that turned out to be
    > malware.
    >
    > It it even possible that when launched from a media-player (such as VLC)
    > that there exists a class of avi, mp3, flac (etc) malware that can
    > leverage a player vulnerability and cause it to run arbitrary code?
    >
    > I'm well aware of the bogus movie files that upon viewing they try to
    > coax you to download a codec, but they can't in-and-of themselves take
    > control of your computer - without you helping them.
    >
    > The websites where file-locker links to music, movies and software (and
    > ebooks, etc) are freely offered (ie - avaxhome.ws) have message boards
    > for every offering, and any that are found to be malicious would be
    > quickly flagged - but I've never seen this for music, movies or TV
    > shows. This is in contrast to torrent sites where there is often a
    > barrier to people posting casual, anonymous comments and where movie
    > files are often fakes.


    Thanks for taking the time and trouble to comment, VG! :-)

    > When it comes to software - I'm not so sure that what can be found on
    > file-lockers is always the real thing.
    >
    > For example, would I download this:
    >
    > http://avaxhome.ws/software/software....0.0.2688.html
    >
    > ???
    >
    > I don't know. I see no mention of a crack or key-gen. This could
    > simply be the download package that is freely offered by Avira on their
    > website, and is useless without a key or serial.


    If I wanted the Avira software, I'd personally start here:

    http://www.avira.com/en/for-home

  4. #4
    Dustin Guest

    Re: Microsoft: piracy is getting virusy

    David_B <David_B@nomail.afraid.org> wrote in
    news:zvCdnZufMcFCTuvNnZ2dnUVZ8lOdnZ2d@bt.com:

    > The underweb grows ever more slimy, Microsoft says, as downloads of
    > pirated movies, music, software and other media increasingly come
    > bearing malware.


    *ALL* of HHI music/movie releases are malware free. Guaranteed.


    --
    There ain't no rest for the wicked. Money don't grow on trees. I got bills
    to pay. I got mouths to feed. Ain't nothing in this world for free. Oh No.
    I can't slow down, I can't hold back though you know I wish I could. Oh no
    there ain't no rest for the wicked, until we close our eyes for good.




  5. #5
    Dustin Guest

    Re: Microsoft: piracy is getting virusy

    Virus Guy <Virus@Guy.com> wrote in news:50773BB1.38D8AAE6@Guy.com:

    > It it even possible that when launched from a media-player (such as
    > VLC) that there exists a class of avi, mp3, flac (etc) malware that
    > can leverage a player vulnerability and cause it to run arbitrary
    > code?


    Yes.

    Some specific players could be tricked into visiting a maliciously formed
    website embedded in the id3tags. Others could execute code embedded in
    those tags. This shouldn't still be an issue tho.




    --
    There ain't no rest for the wicked. Money don't grow on trees. I got bills
    to pay. I got mouths to feed. Ain't nothing in this world for free. Oh No.
    I can't slow down, I can't hold back though you know I wish I could. Oh no
    there ain't no rest for the wicked, until we close our eyes for good.




  6. #6
    David H. Lipman Guest

    Re: Microsoft: piracy is getting virusy

    From: "Dustin" <bughunter.dustin@gmail.com>

    > Virus Guy <Virus@Guy.com> wrote in news:50773BB1.38D8AAE6@Guy.com:
    >
    >> It it even possible that when launched from a media-player (such as
    >> VLC) that there exists a class of avi, mp3, flac (etc) malware that
    >> can leverage a player vulnerability and cause it to run arbitrary
    >> code?

    >
    > Yes.
    >
    > Some specific players could be tricked into visiting a maliciously formed
    > website embedded in the id3tags. Others could execute code embedded in
    > those tags. This shouldn't still be an issue tho.
    >


    The Wimad trojan
    http://www.symantec.com/security_res...709-99&tabid=2
    http://www.microsoft.com/security/po...ASX%2fWimad.BD


    --
    Dave
    Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
    http://www.pctipp.ch/downloads/dl/35905.asp


  7. #7
    Virus Guy Guest

    Re: Microsoft: piracy is getting virusy

    "David H. Lipman" wrote:

    > >> It it even possible that when launched from a media-player (such
    > >> as VLC) that there exists a class of avi, mp3, flac (etc) malware
    > >> that can leverage a player vulnerability and cause it to run
    > >> arbitrary code?

    > >
    > > Yes.
    > >
    > > Some specific players could be tricked into visiting a maliciously
    > > formed website embedded in the id3tags.


    > > The Wimad trojan


    So basically these boil down to browser exploits. A URL launched from
    Windoze Media Player is still a browser exploit.

    And they're not even exploits - they depend on user action in the
    browser to allow what-ever operation they're trying to accomplish (ie -
    social engineering).

    What I'm asking about is a media file that upon playing can cause any
    media player to run arbitrary code WITHOUT NEEDING THE USER'S HELP, and
    thereby cause the user's system to download secondary payloads, change
    registry settings, etc. All without enlisting the system's web-browser.

    Has there ever been a media file (mp3, avi, flac, etc) that could
    accomplish that?

  8. #8
    Bast Guest

    Re: Microsoft: piracy is getting virusy



    Virus Guy wrote:
    > "David H. Lipman" wrote:
    >
    >>>> It it even possible that when launched from a media-player (such
    >>>> as VLC) that there exists a class of avi, mp3, flac (etc) malware
    >>>> that can leverage a player vulnerability and cause it to run
    >>>> arbitrary code?
    >>>
    >>> Yes.
    >>>
    >>> Some specific players could be tricked into visiting a maliciously
    >>> formed website embedded in the id3tags.

    >
    >>> The Wimad trojan

    >
    > So basically these boil down to browser exploits. A URL launched from
    > Windoze Media Player is still a browser exploit.
    >
    > And they're not even exploits - they depend on user action in the
    > browser to allow what-ever operation they're trying to accomplish (ie -
    > social engineering).
    >
    > What I'm asking about is a media file that upon playing can cause any
    > media player to run arbitrary code WITHOUT NEEDING THE USER'S HELP, and
    > thereby cause the user's system to download secondary payloads, change
    > registry settings, etc. All without enlisting the system's web-browser.
    >
    > Has there ever been a media file (mp3, avi, flac, etc) that could
    > accomplish that?





    Nope, not if a user has file types set.

    An exploit in widows can allow renaming a file extension from say .exe to
    ..mov
    Or naming it with no extension at all.
    And windows was stupid enough to recognize it as an .exe despite the
    extension, and run it as such.

    But that is almost impossible now, unless users manually allow that.



  9. #9
    FromTheRafters Guest

    Re: Microsoft: piracy is getting virusy

    Bast submitted this idea :
    >
    > Virus Guy wrote:
    >> "David H. Lipman" wrote:
    >>
    >>>>> It it even possible that when launched from a media-player (such
    >>>>> as VLC) that there exists a class of avi, mp3, flac (etc) malware
    >>>>> that can leverage a player vulnerability and cause it to run
    >>>>> arbitrary code?
    >>>>
    >>>> Yes.
    >>>>
    >>>> Some specific players could be tricked into visiting a maliciously
    >>>> formed website embedded in the id3tags.

    >>
    >>>> The Wimad trojan

    >>
    >> So basically these boil down to browser exploits. A URL launched from
    >> Windoze Media Player is still a browser exploit.
    >>
    >> And they're not even exploits - they depend on user action in the
    >> browser to allow what-ever operation they're trying to accomplish (ie -
    >> social engineering).
    >>
    >> What I'm asking about is a media file that upon playing can cause any
    >> media player to run arbitrary code WITHOUT NEEDING THE USER'S HELP, and
    >> thereby cause the user's system to download secondary payloads, change
    >> registry settings, etc. All without enlisting the system's web-browser.
    >>
    >> Has there ever been a media file (mp3, avi, flac, etc) that could
    >> accomplish that?

    >
    >
    >
    >
    > Nope, not if a user has file types set.
    >
    > An exploit in widows can allow renaming a file extension from say .exe to
    > .mov
    > Or naming it with no extension at all.
    > And windows was stupid enough to recognize it as an .exe despite the
    > extension, and run it as such.


    Er, what is stupid is relying on the extension to mean anything. Now,
    it is usually the actual format of the file that tells the OS what it
    really is and how it should be handled.
    >
    > But that is almost impossible now, unless users manually allow that.


    Don't trust names to have any meaning, that goes for extensions too.



  10. #10
    Virus Guy Guest

    Re: Microsoft: piracy is getting virusy

    FromTheRafters, while unnecessarily full-quoting, wrote:

    > >> Has there ever been a media file (mp3, avi, flac, etc) that could
    > >> accomplish that?


    > > Nope, not if a user has file types set.
    > >
    > > An exploit in widows can allow renaming a file extension from say
    > > .exe to .mov Or naming it with no extension at all.


    > > And windows was stupid enough to recognize it as an .exe despite
    > > the extension, and run it as such.

    >
    > Er, what is stupid is relying on the extension to mean anything.
    > Now, it is usually the actual format of the file that tells the
    > OS what it really is and how it should be handled.


    On my win-98 system, my default media player is VLC. Files that have
    extensions like mp3, avi, flac, (etc) show up in my file explorer as
    having VLC icons.

    I took calc.exe, copied it to somewhere else outside of c:\windows,
    renamed it to mp3, and it took on the VLC icon.

    When I double-clicked on the file, VLC started up - and just sat there.
    Didn't display an error message or anything. Not even when I drag
    calc.mp3 over to it. When I right-click on it, I don't get "Open" as an
    option. Open is replaced with "Play".

    What would happen if I repeated this under XP or win-7?

    Would they know the file is really an exe - and launch it as such?

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •