Problem playing an avi file

Marko Vojinovic vvmarko at gmail.com
Thu Jul 15 14:46:00 UTC 2010


On Thursday, July 15, 2010 15:18:58 Alan Cox wrote:
> On Thu, 15 Jul 2010 14:57:16 +0100 Marko Vojinovic <vvmarko at gmail.com>
> wrote:
> > It's a hoax, coupled with propaganda. The very same thing happens even if
> > you actually use Windows Media Player to play the file, on a Windows
> > machine.
[snip]
> > I didn't try to scan it for viruses/trojans/worms/malware/etc., because I
> > believe you cannot get infected by playing a movie in mplayer (unless
> > mplayer has some serious security exploit that nobody is aware of). So
> > just drop that file and go find a genuine one.
> 
> There have been numerous exploits against video codecs, and fuzz testing
> codecs is .. interesting. The players may well have the odd bug but the
> codecs tend to parse extremely complex compressed data streams from an
> untrusted source, have to do it at high speed and seem to be the main
> source of holes.
> 
> Whether a Windows exploit would work on a non Windows box who knows. It
> may well be the message is because it contains a trojan that *only* works
> in a specific player/codec combination.

Right, so this is not propaganda, but rather instructions which player/codec 
combination is vulnerable to the trojan attack. The user sees the message, 
tries to play the file in the appropriate player with appropriate codec, and 
---  sees the same message yet again, but gets infected in the process. Nifty 
stuff! :-)

So, as long as one *doesn't* follow the instructions on the screen, everything 
is ok. :-) Linux players like mplayer, vlc, and others are most probably 
immune to this, so no problem there.

Luckily, the Windows machine I tried it on is a virtual one (ie. disposable).

Best, :-)
Marko



More information about the users mailing list