Hypothetically yes. But consider that much like a virus growing in a petri dish, it needs an appropriate environment. A mp4/mkv/whatever file sitting on your hard drive that you never access is not going to be problematic. Even when you do access it, it is probably is not going to do anything unless you also open it in the viewer that the malware author intended the payload for. There is no general purpose video decoding malware. They target the players.
as a reminder: in systems on Linux, remember to check the permissions of non executable files if you’re extracting them from a zip folder or similar, since those tends to preserve file permissions before you double-click them.
Also for Linux: If you’re paranoid about getting hit by a video-player exploit, I think you could thwart most attempts by throwing your player into firejail (maybe a properly configured flatpak could also do the trick?)
oh there is a way without the user accessing it espcially on Windows: Anti virus scanner
since most of them scan all downloaded files a zero day exploit for these software might be automatically executed
bonus points: Anti virus software typically has system permissions too
You made me think about it a little more, and there’s one more thing, for the GUI based filemanagers of any operating system: thumbnail generation might also be able to be targeted
Sure. Whether they’re effective and actually able to execute is another question.
A simple way might simply be to put an actual executable in the file instead, and when a user double clicks to open it it’ll run instead.
Or there’s stuff to hide in metadata that could exploit particular players, or even some OS preview systems, and get execution that way.
But……really pretty unlikely. Possible definitely, but you’d have to go through a lot of effort to get hit by something.
The thing about viruses is that it is an arms race. It’s almost impossible to get a virus from playing media on your computer. Why? Well, let me explain in a 3 easy steps:
Viruses have specific goals. They want to spy on you, encrypt your files, use your computer on a botnet, access ads with your computer, etc. In order to do that, they must gain access within your system to do those things.
Since they need access, the easiest way to get access is just by simply asking you. Which is why executables (software and games) are the riskiest stuff to pirate. But it’s possible to get viruses from other sources, they do that by exploring flaws in the software. For example, a while ago they managed to insert viruses through VLC media player subtitles.
However, simply exploiting a flaw isn’t enough because flaws get fixed. Following the VLC Media player example, few days after the virus was distributed, VLC launched a new version that corrected the flaw, making the virus useless. Therefore, it’s necessary that the virus either explores a 0-day (a flaw that hasn’t been widely discovered - this kind of information is sold for a lot of money on the deep web and is usually used to hack governments and bit corporations) or targets people using old software on their machines.
In conclusion: you can catch Aids having sex with condoms, maybe it had a tear, maybe you had a small bleeding on your mouth, etc, but you aren’t getting aids using condoms unless you’re extremely unlucky. In the same vein, it’s possible to catch viruses from media files, but if your software is updated, it’s extremely unlikely.
Absolutely. Hell, hackers have managed to hide complete documents into image files so when you open the file you see only a vacation foto, but using special software, they can remove the secret document.
kinda different there though… it’s trivial to add whatever data you like to images etc (and that’s without even resorting to steganography), but that data is only accessible with an application. i believe the question was intended as whether you could get a virus from downloading/playing media files… the content of that “hidden data” isn’t executable, so whilst it’s reasonable to say it’s possible to transport a virus via hidden data in media, it’s not reasonable to say that you can “get” a virus using that same method alone
Every time questions like this get asked, I get interested in seeing if it’s possible and try to get a proof of concept out. I wonder how many people are like me.
for the most part, you’re safe; because media files aren’t executable (like exe, appimage, etc) including a virus in the file wouldn’t do much.
there could be a zero-day (e.g buffer overflow in the media file that exploits a flaw in the player/decoder, but that isn’t anywhere near as common as including malware in executable files.
There are a bunch of vulnerabilities for VLC for example. Some of them are based on modified .avi or .mkv files.
Note that those are all known and already patched but there are certainly some vulnerabilities out there that are unknown and/or unpatched. You’re quite unlikely to get one of those though.
The biggest security issue probably is an unpatched system so don’t forget to keep your software up to date.
And your device may never get the updates fixing the issue.
There were many cases just in the past decade that involved mobile phones software (the devices most notoriously running outdated software) or their hardware accelerated decoding feature, but if you use VLC than you must also be familiar with it’s security updates.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !piracy@lemmy.dbzer0.com
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Hypothetically yes. But consider that much like a virus growing in a petri dish, it needs an appropriate environment. A mp4/mkv/whatever file sitting on your hard drive that you never access is not going to be problematic. Even when you do access it, it is probably is not going to do anything unless you also open it in the viewer that the malware author intended the payload for. There is no general purpose video decoding malware. They target the players.
as a reminder: in systems on Linux, remember to check the permissions of non executable files if you’re extracting them from a zip folder or similar, since those tends to preserve file permissions before you double-click them.
Also for Linux: If you’re paranoid about getting hit by a video-player exploit, I think you could thwart most attempts by throwing your player into firejail (maybe a properly configured flatpak could also do the trick?)
oh there is a way without the user accessing it espcially on Windows: Anti virus scanner
since most of them scan all downloaded files a zero day exploit for these software might be automatically executed
bonus points: Anti virus software typically has system permissions too
(likelyhood is still hilariously low)
You made me think about it a little more, and there’s one more thing, for the GUI based filemanagers of any operating system: thumbnail generation might also be able to be targeted
Yes they can, exploits in codecs are not unheard-of. Antivirus detect known malware, regardless of file type
Sure. Whether they’re effective and actually able to execute is another question.
A simple way might simply be to put an actual executable in the file instead, and when a user double clicks to open it it’ll run instead. Or there’s stuff to hide in metadata that could exploit particular players, or even some OS preview systems, and get execution that way.
But……really pretty unlikely. Possible definitely, but you’d have to go through a lot of effort to get hit by something.
Oh this takes me back to the old Limewire says, downloading a digital STD along with a cam’d version of Old School, and it taking a whole
night.
Download .rar file of movie and uncompress:
Grandmas_Boy_[Virus-Free].exe
Nuffin’ sus
Yes.
Depends on the virus, but unlikely.
The thing about viruses is that it is an arms race. It’s almost impossible to get a virus from playing media on your computer. Why? Well, let me explain in a 3 easy steps:
Viruses have specific goals. They want to spy on you, encrypt your files, use your computer on a botnet, access ads with your computer, etc. In order to do that, they must gain access within your system to do those things.
Since they need access, the easiest way to get access is just by simply asking you. Which is why executables (software and games) are the riskiest stuff to pirate. But it’s possible to get viruses from other sources, they do that by exploring flaws in the software. For example, a while ago they managed to insert viruses through VLC media player subtitles.
However, simply exploiting a flaw isn’t enough because flaws get fixed. Following the VLC Media player example, few days after the virus was distributed, VLC launched a new version that corrected the flaw, making the virus useless. Therefore, it’s necessary that the virus either explores a 0-day (a flaw that hasn’t been widely discovered - this kind of information is sold for a lot of money on the deep web and is usually used to hack governments and bit corporations) or targets people using old software on their machines.
In conclusion: you can catch Aids having sex with condoms, maybe it had a tear, maybe you had a small bleeding on your mouth, etc, but you aren’t getting aids using condoms unless you’re extremely unlucky. In the same vein, it’s possible to catch viruses from media files, but if your software is updated, it’s extremely unlikely.
Nobody can catch AIDS
Literally any file can be a virus. It’s not a matter of file extension.
Sure, but the difference is that VLC can’t execute code, and if you change the file extension to MP4 then a media player is going to try to open it.
So yeah it could contain a virus, but I think getting hit with that code is almost completely impossible.
Absolutely. Hell, hackers have managed to hide complete documents into image files so when you open the file you see only a vacation foto, but using special software, they can remove the secret document.
kinda different there though… it’s trivial to add whatever data you like to images etc (and that’s without even resorting to steganography), but that data is only accessible with an application. i believe the question was intended as whether you could get a virus from downloading/playing media files… the content of that “hidden data” isn’t executable, so whilst it’s reasonable to say it’s possible to transport a virus via hidden data in media, it’s not reasonable to say that you can “get” a virus using that same method alone
Every time questions like this get asked, I get interested in seeing if it’s possible and try to get a proof of concept out. I wonder how many people are like me.
OP left out thier real question at the end:
And how do I make them?
for the most part, you’re safe; because media files aren’t executable (like exe, appimage, etc) including a virus in the file wouldn’t do much. there could be a zero-day (e.g buffer overflow in the media file that exploits a flaw in the player/decoder, but that isn’t anywhere near as common as including malware in executable files.
As long as you’re using updated software (OS included).
There are a bunch of vulnerabilities for VLC for example. Some of them are based on modified .avi or .mkv files.
Note that those are all known and already patched but there are certainly some vulnerabilities out there that are unknown and/or unpatched. You’re quite unlikely to get one of those though.
The biggest security issue probably is an unpatched system so don’t forget to keep your software up to date.
Our (internet-connected) Windows XP school computers:
You Should never pirate movies, always buy them properly licensed.
Thanks dad.
deleted by creator
Fuck that, I’ll play the content my way, bought legitimately (ripped myself) or not.
deleted by creator
And your device may never get the updates fixing the issue.
There were many cases just in the past decade that involved mobile phones software (the devices most notoriously running outdated software) or their hardware accelerated decoding feature, but if you use VLC than you must also be familiar with it’s security updates.