[vlc] Malicious code in MP3 files: will VLC execute them?

Gregory Norris gregrnorris at gmail.com
Tue Jun 21 17:56:56 CEST 2011 

On 06/15/2011 05:18, Jean-Baptiste Kempf wrote:
> Hello,
>
> On Linux, you will be safe.
>
> On Wed, Jun 15, 2011 at 10:06:40AM +0300, Dotan Cohen wrote :
>> I am a Linux user so I'm not up to date about current Windows threats.
>> The wife just got a Windows 7 laptop and she wants to play MP3 files
>> from her friends. I am worried about opening files from
>> likely-infected machines (I myself have seen how bad these friends'
>> computers are) on her Windows machine. If there exist malicious code
>> in MP3 files from the other computers, might VLC run it? I understand
>> that malicious code could be injected into MP3 tags and that QuickTime
>> does in fact execute it.
>>
>> On the same note, how does one scan for malicious software the USB key
>> used to transfer the files? Once it's connected I don't need some
>> auto-garbage loading executable code from the drive. Should I run it
>> through ClamAV on the Linux computer first? That is a hassle as the
>> Linux machine is not a laptop.
>>
>> Thanks.
>>
>> -- 
>> Dotan Cohen
>>
>> http://gibberish.co.il
>> http://what-is-what.com
>> ______________________________________________________
>> vlc mailing list
>> To unsubscribe or modify your subscription options:
>> http://mailman.videolan.org/listinfo/vlc
I'm afraid I'm not quite sure if vlc will execute the code (there might 
be an option for it as some media does have an internet connection thing 
and I know WMP has an option regarding scripts in media files).  I do 
however have a suggestion, I don't remember the exact procedure but 
there's a way of making it so code can't be executed off a flash drive 
in windows (I believe it's somewhere in secpol and I basically set my 
Win7 laptop to only run code from from certain trusted devices which I 
myself put programs on).  This method should protect you from 
Auto-loading viruses, as for the malicious code in mp3 files 
Malwarebytes (http://www.malwarebytes.org/  The free version doesn't 
include active protection but if you just scan yourself its possibly the 
best Anti-virus program out there).

Also note that it may be possible for scripts to execute on a Linux 
machine depending on how they work (which I don't particularly know what 
method they use for malicious mp3's).  I know a lot of scripts now use 
web browsers to attack you and by using a web browser it's possible to 
run a variety of viral codes no matter what platform your on.  Those are 
the real threat right now.

Since I'm talking about security here I'll go ahead and make my full 
suggestion for anyone wanting to be more secure (This is a general 
advisory I plan on giving to others as well):
Use Malwarebytes (mbam) (http://www.malwarebytes.org/) to do a full scan 
of your system from time to time.
If you can't be bothered (or are just to forgetful)  to run mbam 
regularly then I suggest also installing Avira or MS Security Essentials 
(I don't personally trust it but I've heard a lot of good).
Install FileHippo's Update Checker (http://filehippo.com/updatechecker/) 
and use it regularly to check for updates to programs.
Install one of Secunia's update programs (such as PSI    
http://secunia.com/).
Run both of these updater programs regularly (you can use Windows Task 
Scheduler to start them so you don't forget) and keep all software 
completely up to date.
If you really want to get fancy you could write a batch script like this 
one (remember to change type in the save dialog from text file to all 
files and give it the .bat extension):

"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /update
"C:\Program Files\filehippo.com\UpdateChecker.exe"
"C:\Program Files\Secunia\PSI\psi.exe"
"C:\Windows\System32\wuapp.exe"
rem add updates for others as well

The above code says to run in this order:  Malwarebytes update (need to 
click ok to go on to next program), File Hippo's Update Checker (I set 
mine to autoclose if no results and it will autoclose after displaying 
results in web browser [I use Firefox]), Secunia PSI (you must tell it 
to exit when done), then finally Windows Update (This will work for both 
Win 7 and Win Vista, for older models you need to open the MS update 
website, once you close out of this it will end the batch file).

Remember that this is tuned to my Win 7 x86 laptop.  Also rem is a batch 
file comment, it won't execute anything it's just a note.

More information about the vlc mailing list