Security issues from torrented AVIs

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

themistry replied

14 January 2010, 19:00
Originally posted by Sysman View Post

<cough> From 2003

As I thought,

thanks
TM
Leave a comment:
Pondlife replied

14 January 2010, 08:56
Thanks folks.

I am still a bit confused by the 'vunerability in AVI player would need to be exploited' part. I am sure in the past various mp3s and such like, downloaded via P2P, have been flagged by antivirus software.
Leave a comment:
NickFitz replied

13 January 2010, 18:44
Originally posted by Pondlife View Post

Basically, can anything dodgy within the AVI file infect a host when run under a linux guest? Also, if the file plays normally under ubuntu is it safe to assume it's kosher?

If your virtual machine is configured not to have access to the drives/partitions (including shares and networked drives and so on) of the Windows system, then it can't touch them (except via some extremely subtle vulnerability in the VM software, in which case you and the rest of the world have bigger problems). Conversely, if it does have access to them and the user account you're using has write access at a suitable privilege level, then it can in theory do whatever it wants, although it seems a bit unlikely that somebody would have written an exploit that relied on Ubuntu running in a VM. (Still, some people like to do these things...)

AVI is a container format, so in theory it could contain malicious code which relied on a vulnerability in the file parsing code of the playback system to be effective. (For comparison, there was a vulnerability in Acrobat Reader a while back whereby, if it found a chunk within a JPEG file that contained JScript, it would execute that code at the privilege level at which the application was running, thereby allowing access to ActiveX controls that could be used for malicious purposes.) I'm not personally aware of any such vulnerabilities, or exploits, in the wild.
Leave a comment:
Sysman replied

13 January 2010, 17:14
<cough> From 2003
Leave a comment:
themistry replied

13 January 2010, 17:07
I didn't even know an AVI could host a virus.

Wouldn't that require a vulnerability in the AVI player as an AVI isn't actually executed?

Alternatively - i just learnt something new today.

TM
Leave a comment:
Pondlife started a topic Security issues from torrented AVIs

13 January 2010, 15:22
Security issues from torrented AVIs

Hopefully this won't be too much of a ramble but...

Obviously I understand that some of the torrents out there are not as described and so currently I do the following;

Step 1) Download via deluge on to a ubuntu guest within virtual box
Step 2) Watch some of the AVI in totem on the ubuntu guest
Step 3) if ok, copy to the Vista host for general viewing pleasure.

How bomb proof is this as an approach?

Basically, can anything dodgy within the AVI file infect a host when run under a linux guest? Also, if the file plays normally under ubuntu is it safe to assume it's kosher?

TIA

PL
Tags: None