Jump to content

Can an .mp3 file contain Malware?


Recommended Posts

I am wondering if .mp3 files could contain any sort of malware in any way?


I am not talking about a file that is named music.mp3 but the file type is an .exe being hidden by windows. I am talking about a real .mp3 file.

I also would preferably like someone to answer who knows what they are talking about.

I've been searching on the internet and many say yes and no... So I am still not sure.


Also if an .mp3 file could contain something malicious, would an antivirus or antimalware scanner detect it?


Thank you.

Link to post
Share on other sites

Can it contain malware ?

That's a tricky question but simplified the answer is media files can be malicious.


In a MP3 format (or WMV, ASF or other format) it won't carry an executable to infect a computer.  However it can exploit Windows Digital Rights Management (DRM) or be used to exploit some kind of media playing software.  Therefore media files can be malicious and can be flagged as a trojan such as the Wimad Trojan.


If a media file is malicious it can and should be flagged by a traditional anti virus application.

Link to post
Share on other sites

Okay thank you.

So if I scanned an .mp3 file with Avast, SUPERAntiSpyware and Malwarebytes and it doesn't detect as a threat, it should be safe?

Thanks again.


Malwarebytes specifically will not detect these trojans and I am pretty sure SAS won't either.


Malwarebytes' Anti-Malware (MBAM) does not scan media files, graphic files, data files or script files.  MBAM only scans Portable Executable (PE) type formatted files and is the reason I wrote "...should be flagged by a traditional anti virus application."  One should not confuse SAS and MBAM, which are adjunct scanners, with traditional anti virus scanners which target media files, graphic files, data files or script files and other files that may be malicious or used in exploitation vectors.

Link to post
Share on other sites

Yes and Yes.


There are few types of malware that affect media files and they are relatively easy to detect and be known thus the propensity for detection is very high so if there are ZERO hits on VT then the file is most likely safe.


I believe there is the possibility with AVI formatted files as well but I am not 100% sure.


AVI files tend to be rather large.  If you see a small AVI file it may be suspect and there is a size limitation on VT so if it is a small AVI it can be submitted to VT.  However if is many MBs large then it most likely is NOT malicious and shouldn't cause you to worry.

Link to post
Share on other sites

AVI files are large.  Therefore if you have a large AVI file there is actual video content within and the chances of it being malicious are greatly reduced.  If there is a malicious AVI file it would be created to be malicious and thus it would not have content and it would be small.

Link to post
Share on other sites

The forum thread (if that is what it is) must me taken with a grain of salt.  In one post was "The virus is called WMA.wimad [susp]"
I have already mentioned the Wimad and it is a trojan and NOT a virus.
Frankly, except for the introduction of the concept of double extension files such as MyVideo.avi.exe (exploitaing Microsoft's ignorant setting of "Hide extension of known file types") it really doesn't add anything to the discussion.  In that case the file is NOT a media file at all.  The case is the same where a file is using Unicode Right to Left Override (RTLO) and pretends to be a media file but is in actuality an executable. An exmaple would be;   myfilercs.avi which REALLY is  myfileiva.scr The Unicode RTLO is interpreted by Windows Explorer and thus the file name is transposed.   Viewing it in DOS (a Command Prompt) by a DIRectory command would show the reality of the file name.
The following shows another example (only it pretends to be an Adobe PDF instead of a media file)
The following is a view in Windows Explorer.
Same file view but this time in a Command Prompt using the DIR command.

Link to post
Share on other sites

Only the first part talks about clever naming of the file itself.  In the technical section it adds more information on how it can exploit a particular player itself.  Finally he does wrap it up in the Application section with how it would be player specific and that users should generally be careful and cautious.


Also, I was linking to that one specific reply, not the entire thread, for the reading.  Of course not every user is going to understand the difference between a virus and a trojan, but that does not detract from this particular answer.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.