tree_fu_go Posted January 21, 2014 ID:780859 Share Posted January 21, 2014 I am wondering if .mp3 files could contain any sort of malware in any way? I am not talking about a file that is named music.mp3 but the file type is an .exe being hidden by windows. I am talking about a real .mp3 file.I also would preferably like someone to answer who knows what they are talking about.I've been searching on the internet and many say yes and no... So I am still not sure. Also if an .mp3 file could contain something malicious, would an antivirus or antimalware scanner detect it? Thank you. Link to post Share on other sites More sharing options...
David H. Lipman Posted January 21, 2014 ID:780868 Share Posted January 21, 2014 Can it contain malware ?That's a tricky question but simplified the answer is media files can be malicious. In a MP3 format (or WMV, ASF or other format) it won't carry an executable to infect a computer. However it can exploit Windows Digital Rights Management (DRM) or be used to exploit some kind of media playing software. Therefore media files can be malicious and can be flagged as a trojan such as the Wimad Trojan. If a media file is malicious it can and should be flagged by a traditional anti virus application. Link to post Share on other sites More sharing options...
tree_fu_go Posted January 21, 2014 Author ID:780911 Share Posted January 21, 2014 Okay thank you.So if I scanned an .mp3 file with Avast, SUPERAntiSpyware and Malwarebytes and it doesn't detect as a threat, it should be safe?Thanks again. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 21, 2014 Root Admin ID:780958 Share Posted January 21, 2014 You can always upload any suspicious file to www.virustotal.com and have it scanned by many scanners. Link to post Share on other sites More sharing options...
David H. Lipman Posted January 21, 2014 ID:780999 Share Posted January 21, 2014 Okay thank you.So if I scanned an .mp3 file with Avast, SUPERAntiSpyware and Malwarebytes and it doesn't detect as a threat, it should be safe?Thanks again. Malwarebytes specifically will not detect these trojans and I am pretty sure SAS won't either. Malwarebytes' Anti-Malware (MBAM) does not scan media files, graphic files, data files or script files. MBAM only scans Portable Executable (PE) type formatted files and is the reason I wrote "...should be flagged by a traditional anti virus application." One should not confuse SAS and MBAM, which are adjunct scanners, with traditional anti virus scanners which target media files, graphic files, data files or script files and other files that may be malicious or used in exploitation vectors. Link to post Share on other sites More sharing options...
tree_fu_go Posted January 29, 2014 Author ID:783990 Share Posted January 29, 2014 Thank you for all of your answers!So if no antivirus on VirusTotal flags it as malicious, it should be safe? Also, I had another question, can .AVI files be malicious or contain malware aswell? Or can... just any file be malicious? Link to post Share on other sites More sharing options...
David H. Lipman Posted January 29, 2014 ID:784212 Share Posted January 29, 2014 Yes and Yes. There are few types of malware that affect media files and they are relatively easy to detect and be known thus the propensity for detection is very high so if there are ZERO hits on VT then the file is most likely safe. I believe there is the possibility with AVI formatted files as well but I am not 100% sure. AVI files tend to be rather large. If you see a small AVI file it may be suspect and there is a size limitation on VT so if it is a small AVI it can be submitted to VT. However if is many MBs large then it most likely is NOT malicious and shouldn't cause you to worry. Link to post Share on other sites More sharing options...
tree_fu_go Posted February 1, 2014 Author ID:785398 Share Posted February 1, 2014 Thanks for the information!But, what does file size have to do with it being malicious or not? Link to post Share on other sites More sharing options...
David H. Lipman Posted February 1, 2014 ID:785413 Share Posted February 1, 2014 AVI files are large. Therefore if you have a large AVI file there is actual video content within and the chances of it being malicious are greatly reduced. If there is a malicious AVI file it would be created to be malicious and thus it would not have content and it would be small. Link to post Share on other sites More sharing options...
John L. Galt Posted February 1, 2014 ID:785499 Share Posted February 1, 2014 The trick with .AVI (and other such container formats) is that it can indeed contain malicious code. For a great explanation see http://superuser.com/a/445381 - the answer to http://superuser.com/questions/445366/can-avi-files-contain-a-virus Link to post Share on other sites More sharing options...
David H. Lipman Posted February 1, 2014 ID:785512 Share Posted February 1, 2014 The forum thread (if that is what it is) must me taken with a grain of salt. In one post was "The virus is called WMA.wimad [susp]" I have already mentioned the Wimad and it is a trojan and NOT a virus. Frankly, except for the introduction of the concept of double extension files such as MyVideo.avi.exe (exploitaing Microsoft's ignorant setting of "Hide extension of known file types") it really doesn't add anything to the discussion. In that case the file is NOT a media file at all. The case is the same where a file is using Unicode Right to Left Override (RTLO) and pretends to be a media file but is in actuality an executable. An exmaple would be; myfilercs.avi which REALLY is myfileiva.scr The Unicode RTLO is interpreted by Windows Explorer and thus the file name is transposed. Viewing it in DOS (a Command Prompt) by a DIRectory command would show the reality of the file name. The following shows another example (only it pretends to be an Adobe PDF instead of a media file) The following is a view in Windows Explorer. Same file view but this time in a Command Prompt using the DIR command. Link to post Share on other sites More sharing options...
John L. Galt Posted February 1, 2014 ID:785518 Share Posted February 1, 2014 Only the first part talks about clever naming of the file itself. In the technical section it adds more information on how it can exploit a particular player itself. Finally he does wrap it up in the Application section with how it would be player specific and that users should generally be careful and cautious. Also, I was linking to that one specific reply, not the entire thread, for the reading. Of course not every user is going to understand the difference between a virus and a trojan, but that does not detract from this particular answer. Link to post Share on other sites More sharing options...
tree_fu_go Posted February 2, 2014 Author ID:786054 Share Posted February 2, 2014 Thanks everyone for the infomation you have provided me!I appreciate your time. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now