EPTOn August 02 2008 22:18 0xDEADBEEF wrote:
So basically it's just a deception thing... a bit like renaming .mp3 to .mp3.exe and hoping the user has hidden file extensions.
The thing is, MP3 files have no such functionality by default, so if you try to play a MP3 and your media player directs you to a URL you know that there's something wrong about this file (i.e. it's NOT actually a .mp3) and that they want you to download malware. Opening the file, though, does not by itself harm you unless you use this trick and direct the browser to a webpage which tries to exploit a security hole in the browser. If that's not the case (and it's hard to do so), then just playing the file and seeing this page pop up isn't doing anything yet; this trick mostly relies on user stupidity ("you need a codec please download this .exe").
And if you just use a music player which doesn't support playing .asf named as .mp3 and doesn't support such redirection URLs then nothing happens at all.
The MP3 format is inherently safe, like I wrote. This is really more of a deception/social engineering trick because it's a file format disguised as another one. A good player should have no problem detecting this. What I wrote about was about REAL MP3s, and in that case it's practically impossible to sneak malware into them unless a certain player has a certain weakness in reading MP3s in general which allows code to be executed.
So basically it's just a deception thing... a bit like renaming .mp3 to .mp3.exe and hoping the user has hidden file extensions.
The thing is, MP3 files have no such functionality by default, so if you try to play a MP3 and your media player directs you to a URL you know that there's something wrong about this file (i.e. it's NOT actually a .mp3) and that they want you to download malware. Opening the file, though, does not by itself harm you unless you use this trick and direct the browser to a webpage which tries to exploit a security hole in the browser. If that's not the case (and it's hard to do so), then just playing the file and seeing this page pop up isn't doing anything yet; this trick mostly relies on user stupidity ("you need a codec please download this .exe").
And if you just use a music player which doesn't support playing .asf named as .mp3 and doesn't support such redirection URLs then nothing happens at all.
The MP3 format is inherently safe, like I wrote. This is really more of a deception/social engineering trick because it's a file format disguised as another one. A good player should have no problem detecting this. What I wrote about was about REAL MP3s, and in that case it's practically impossible to sneak malware into them unless a certain player has a certain weakness in reading MP3s in general which allows code to be executed.
You're wrong about MP3s being safe. It is actually quite simple to mask a .exe file or an autorun file as an MP3.
