Slashdot Mirror
Viral Videos That Really Are Viral
davidwr writes to mention a BBC article looking at booby-trapped Windows codecs. While some codecs required for online videos actually let you watch your content, others are just excuses to infect your system with spyware or adware. As davidwr says: "Now virtual sex can make your computer sick." From the article: "Mr Robinson said many security firms were now logging instances in which spyware and adware firms are turning out software bundles that claim to roll together many popular codecs or just have the one needed to play a particular clip. Some of the codecs do help to play clips, but others are disguised as a variety of nuisance or malicious programs. Some rogue codecs plague users with pop-up adverts, while others invisibly install keyloggers that try to grab confidential data. "
This is old news, we already knew that Macs could get GRIDS
Slow Down, Cowboy! It's been 60 minutes since you last successfully posted a comment.
There is exactly one way to know if a piece of software is safe to run:
READ THE SOURCE CODE.
If they won't let you read the source code, it's because there's something in there they don't want you to see. If they don't want you to see it, that means they're ashamed of it. Avoid it.
Je fume. Tu fumes. Nous fûmes!
Will your box be at stake then?
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
serves yah right for downloading your codecs from limewire just like your porn.
Now your computer can get STDs as well!
At first glance I thought the article was talking about security flaws in trusted codecs that allowed malformed content (i.e. videos) to install virii, etc... That's a little scary - much akin to the libjpeg flaw from a year back or so.
However, this article is talking about something much more inane. Why do people expect that codecs downloaded from arbitrary untrusted sources would be any less free of viruses, adware, etc... than any other random executables obtained off the net?
Let me guess - only one very popular operating system affected?
"an experienced, industrious, ambitious, and often, quite often, picturesque liar" - Mark Twain
Videos infected with viruses, video at 11.
Have you read my journal today?
The article doesn't say much or give any details you can work with. I suspect codecs themselves are immune as infection vectors as they are not executables. WMP files can cause a redirect to a web site and have licensing which cause me no stay away from them.
As far as codecs, I stick with the K-lite codec pack or K-lite mega codec pack (which features quicktime and real without all the startup crap). Don't download video that is packed in an executable, and if it doesn't play with the k-lite codecs, you don't need to watch it.
Media codecs suck. I encode theora, are people going to stop installing that in favor of official DRM malware because of this? How very...
Install FFDShow, Flash and Quicktime. If it don't play then it ain't woth playing.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
Running Linux does not make you invincable. It would be an easy thing to include some "if (OS == LINUX)" code. A captive Linux box is a worthier target than an XP box, and there are no "automatic" tools to sweep it clean. Many Linux users don't know all the things running on their box, nor pay much attention to it. Do YOU know what all the processes from "ps -ef" do? Are you sure that the process named is really that process?
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
that takes STD's to a whole different level. lets get the ball rolling.
Spyware Through Download
Some of us have a wife and kids, a full time job, working on a masters/Ph. D, other commitments outside the daily grind. We don't have time to sit down and scrutinize every bit that enters our computers (I could - I'm a compotent programmer. That's not the point.). If I choose to download something I trust the developer. I have a level enough head on my shoulder to figure out what looks fishy and what doesn't. And if, for some reason, something bad does happen? Takes but 10 minutes to reimage a drive. Big deal.
That being said the primary machine at home for gaming/surfing is a windows box. Between me, my wife and my kids I don't think I've had to reformat it since it was built.
I'm going to personally recommend a codec pack called CCCP, or the Combined Community Codec Pack. It's primarily meant for viewing anime, but I've never come across any video it couldn't play (aside from MOV and RM). It claims to be free of any sort of malware, and there are a lot of good people vouching for it.
:-)
If anyone has any information about malware being present in this codec pack, please respond to this post; since I have this installed on my system I'd be very interested in hearing it.
Codec packs are for suckers, I think most people should know that by now. Even when everything in them is legit, you end up with a dozen codecs for a given format, which you don't need, and are bound to create problems. Besides which, you want to be sure you're using the best codecs for a given format, which is harder when you have a dozen to chose from. You should always install individual codecs for a specific format. Go to this page for a list of all common formats and specific codecs to use for each of them (they also make a bitchin' media player, and, no, I do not work for them). I followed this guide to install codecs on my system, and I have yet to run into a video format I can't play.
Actually, I have run into one "format" I can't play, and that's Vodei. Another problem with codecs is jerks like this. The video and audio are already encoded, but they add an additional useless layer so you have to buy the vodei "codec" to play a movie, even though you may already have the proper codecs to actually decode the video data. So just a brief PSA, don't buy vodei or download movies that use it, it's a scam
In short, do it yourself and you'll do it correctly, stay away from codec packs.
dumbest post ever
Can anybody say Vodei??
This is not even a Codec, it's a wrapper. Vodei infected AVI files require you to download
their "codec" from http://www.vodei.com/. Funny thing is Vodei infected AVI's
actually become BIGGER and it's a real pain in the ass to convert them back to regular AVI.
Actually it's a good plot since the same guy who owns Vodei also owns moviesempire.com.
1) Illegaly distribute crippled pr0n movies.
2) Make ppl download the spyware/malware ridden "codec"
3) Profit!
As davidwr says: "Now virtual sex can make your computer sick."
From the living-under-a-rock department?
http://www.esthost.com/
...USA !
based in
yet nobody Police, FBI, SEC or even who they peer with will shut them down, money talks in USA i guess
land of the Outlaws
With translucent windows, you can write or audit source code while jacking off to hentai.
And no, it's not a productivity boost. This is actually one of the reasons Vista took so long, tho it can be a source of inspiration. Obviously Vista's protected mode was inspired by a posh wank.
Who would bait their website with viruses? I mean really, is someone going to click on a link that says "Get your viruses here!" The video content is the bait, the malware is the payload.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Simply put, not likely
1) The installer for these "codecs" is probably what installs the spyware, not the codec itself. So unless you ran the installer on wine I don't really see how you could install the codecs. And if you did install it on wine, there's no gaurantee the spyware would be able to run on wine and it would be rather strange to see an instance of wine running even after the installer is finished.
2) If the codecs are simply in a zip file and the spyware is embedded in the DLL then the spyware part of the codec will make calls that mplayer's environment will not likely provide it.
A person below your post said that this was the dumbest post ever, sadly he was modded down, but then again, he didn't explain why.
Outside of the scope of this article, there are dozens of reasons not to relase your sourcecode, among the most common being the proffit motive. A A lot people look at OSS with are "why by the cow when you get the milk for free" attitude. What about companies that haven't yet copyrighted or patented the algorithims in their software before they go to market? And do you really think companies like Adobe and Autodesk are ashamed of their award winning flagship software packages? Quite honestly, your last argument is utterly rediculous. To bring things a bit closer to home, it's often way simpler, smarter, and faster to distribute codecs in binary form. People just want them to work right away without firing up the windows equivalent of "./configure --with-notrojans". If they have trade-secret compression algorithims, then your company may not want to give them to your competitors. Finally, even if the source code were made public, users have to read thousands of lines of code before knowing if it was "safe" or not. I seriously doubt you'd find any comments that say ""// Computer-destroying virus begins here". And safe is a relative term, because for some machines a segfault is just as bad as a trojan horse.
Yup, the article is right on. ABC won't run unless adblocker is off, Fox's episode viewers not only won't run unless adblocker is off, but installs popup ads.
"The mind works quicker than you think!"
This is news? This matters? Nerds know better.
+0 Meh
The DefilerPak is a minimalist collection of video and audio codecs designed to keep you up to date with the latest developments. http://hellninjacommando.com/defilerpak/ What's included? ffdshow: Rapidly making codec packs obsolete. Plays almost everything. Haali Media filter: Supports the Matroska, MP4, and OGM A/V container formats. VSFilter: Supports a wide variety of subtitle formats. DivX ;-) Audio: Just in case.
AC3 XForm filter: Makes life a little easier for folks with external Dolby Digital decoders.
HDTVPump: Support for HD/ATSC transport streams.
Boobs... uh-huh-uhh-huh-uhh...
Um... sorry, just had a bit of Beavis and Butthead moment there.
A paper from the '70s said it best: Trust has to start somewhere, and nothing is trustworthy.
You can't trust your application source code unless you trust your build and execution environments. This means trusting everything from the chip and motherboard to the firmware to the boot loader to the OS to the compilation environment to the run-time environment. We are already seeing trust issues with virtual machines eating colorful pills when the underlying real machine is compromised.
If there's a trustworthy place to get a PC, OS, build-environment, and run-time libraries, there's probably a trustworthy place to get codecs and other application binaries too.
If you are really paranoid, get a trusted PC with a OS and build- and run-time environments even if it's not one to your liking, then build your own environment, create an install image, install it, then build your codec from source. Very few of us have the time to be that paranoid.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
But naming a codec after the former Soviet Union does not exactly inspire confidence.
Ben Hocking
Need a professional organizer?
Yeah an "if (OS = LINUX)" in a .EXE file would be so dangerous to a linux box, riiiiight.
.EXE' - heres a hint - its not a video, its malware.
How about this - video sites stop trying to serve codecs and special players, they just serve the video DATA, and let the user decide what software to use to play them.
If you see 'click here for the video' and its 'http:// [..] / [..]
You need Quicktime to play stuff, and you have to download it from Apple. That s*** isn't included in Windows. Worse yet, it tries to push iTunes and other crap you don't want. So. Apple sets the standard pretty low for 3rd party codecs that need to be installed. Then, MS for whatever reason can't bundle DivX.
Apple either won't or can't play nice with MPlayer. MPlayer's update mechanism is insufficient.
Together, they create a climate in which it's believable that you need to download and install a 3rd party codec yourself, and that's where the fun begins.
Baghdad Bob is alive and well and living in China!
Media that can be recorded and distributed can be recorded and distributed.
-kfg
I thought my PC was lying when it told me that it burned while defragging...
"Now virtual sex can make your computer sick."
Is the situation now really that different from when people propagated computer viruses by trading infected Apple ][ floppies? Anyone who ever tried to download Leisure Suit Larry from a pirate BBS can tell you "virtual sex" has always carried a risk.
0 1 - just my two bits
Yeah an "if (OS = LINUX)" in a .EXE file would be so dangerous to a linux box, riiiiight.
.exe files are, by default, associated with wine in the GNOME mimetypes. Before you say "Yeah, but anyone bright enough to be running Wine isn't gonna just automatically click on an .EXE", realize that installing and configuring Wine is very easy these days with programs like winetools.
.EXE could easily embed a Linux binary payload and even execute it (or at least cause it to be executed).
It depends on whether or not Wine is on the box. On an Ubuntu or Debian box, for instance,
If Wine is on the box, all bets are off. The
Of course, if you don't run wine apps as root and you have taken reasonable security precautions, the damage that can be done is limited.
My blog
meh...not sure I entirely agree with you here, although I will concede that many Linux users don't know what tools are available and even less use those that are available on a regular basis.
Tools that I use regularly to keep tabs on my boxen:
1) http://www.chkrootkit.org/chkrootkit: can be run from cron to look for suspicious files and rootkit signatures;
2) netstat -ep: to show what processes are using network connections;
3) lsof: to show what files on your system are open, who opened them and with what process they were opened;
4) http://www.tripwire.com/Tripwire or http://www.gecko-ak.org/Sentinel/my own, open-source, much less functional, still really in development Tripwire-like file system auditor: to check for changes in binaries, config files or anything else on your file system that you would like to keep tabs on;
5) http://www.insecure.org/nmap: to remotely scan computers on your network for open ports, and to audit the services using these open ports;
6) http://www.nessus.org/nessus: like nmap, only different;
7) tcpdump/ethereal/wireshark: to monitor packets in or out of your computer;
8) http://www.snort.org/snort: okay, I haven't (yet) used this one, but it's the open-source standard for IDS;
9) http://www.bitdefender.com/bit defender: anti-virus for Linux--we had to use this once at work to remove a Windows virus that had infected our Samba shares (note: the Samba server wasn't infected, but the Windows machines that were mounting shares from the Samba server were--and they kept rewriting infected Windows executables to the server).
So, no most of these aren't automatic, and most of these won't clean your Linux PC's, but there are a host of tools that you can use to detect problems on your Linux computers. And, if you're really paranoid, there are several vendors that provide anti-virus software, just like what you find on your Windows machines.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
I remember seeing this stuff even as far back as '98 when I first starting using high speed internet through school. USENET and the early file trading networks for chock full of propietary encoded formats that would install 1-900 number dialing VFW filters if you tried to get them to work.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
What are the safe, 'all in one' codec packs for windows? Links please! Also, the article doesn't mention the unsafe packages...are there any notorious ones?
I think you missed the point of the article. You attempt to play a file in your favorite media player and the following message pops up:
"Could not find codec for proprietary-spyware-codec; would you like to install the spyware from the website?"
(Obviously not worded so blatently)
- MbM
To be honest, I'm not that worried about the Wine infection vector. It's my experiance that even well behaved programs are a crapshoot in Wine, trying to get something underhanded working in Wine would be a nightmare, especially with all of the different versions out there.
I read the internet for the articles.
Are you that obtuse that you can't read between the lines OR notice what the real issue is here?
.exe but can be a dll or otherwise AND on video sites like TFA is talking about, you go to download the video and are unable to view it and then they suggest you use their codec, not once will you see "http://blah.com/blah/blah.exe" since most is done with ActiveX or the like. The weak link here isn't the computer or operating system. PEBCAM.
The "if(OS=LINUX)" doesn't have to come in a ***Windows*** exe, or did you not think about that? And most of the malware like this doesn't portray itself as an
0x09F911029D74E35BD84156C5635688C0
In the case of the computer, it's PTD's...Pr0n Transmitted Diseases...
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
This is old news; I ran across a video clip about 3 years ago that got WMPlayer to download one of these "codecs" for me. It actually did make the video play, but also dropped a trojan.
Of course, it wasn't a very good attempt, since it was easy to notice / get rid of before the first reboot, but I remember a lot of people complaining about it at the time...
What kind of an idiot would design a computer such that it lets a random codec someone downloads run as an executable and have access to read their e-mail addresses, capture keystrokes, etc., especially in this day of malware.
Are you for real?
Have you ever heard of a buffer overflow? That's pure data - hex bytes, etc. A buffer gets properly crafted with malicious data that can point the Program Counter of the microprocessor into data memory, which is entirely possible with these Von-Neumann architectures that we use. And where does the PC end up pointing? To some machine-code, which does something like launch a shell.
So, because John Von Neumann designed a memory architecture that allows data to be executed as code, do you think he's an idiot too?
And even forgetting for a moment that data will always represent a possible attack vector (unless we change the way RET works, or we switch to Harvard architectures), a codec is essentially a program that uses instructions to operate upon data, changing it from one format to another. The codec author can make these instructions be anything at all, as long as it interfaces properly to DirectShow or whatever the Unix equivalent is.
Besides. You still have to run an installer to put the codec into your system and register it with the appropriate software components.
:(){
No ClamAV on there?
clamscan finds all kinds of crap, Linux included.
I run Sophos AV on linux and it does a pretty decent job at scanning the system.
"Anything tastes good if you deep fry it."
FFDShow is nice, but a pain in the ass to continue dealing with WMP. Kiss WMP goodbye for 90% of your videos. Use RealAlternative and QuicktimeAlternative for the other 9%. (1% still tend to need WMP... especially malformed MPGs.)
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
Use VLC. No codecs to install. Plays just about any video format out there, and plays them well.
Running Linux does not make you invincable.
Very true. Having unprotected connections with unknown providers of active content is risky.
It is risky to open an e-mail and it says use this key to open the attachment. I apply the same caution to any video which requires me to use this provided player to view the content.
If the video says it needs Quicktime, I should be able to go to Apple on my own and install Quicktime from the source (don't follow a provided link).
In Linux I run as a user, not an admin. It is difficult to get a drive by install on my Linux box. Running Linux does not make you invincable, but it goes a long way to putting up barriers to an infection. A condom and Linux put up barriers to infection though neither is 100% effective. Because it is not 100% effective is no reason to not use it unless you prefer abstinence as an alternative.
The truth shall set you free!
Dear Lord! Are you saying that there are actually programs available for download on the internet that might be harmful to your computer, which might also be disguised as something else?! I've never been so outraged in all my life!
People will install anything if it promises naked pictures. How is this news?
For security, the MD5 hash of this message and sig is 09f911029d74e35bd84156c5635688c0.
...it's that easy. if you use an application like windows media player which downloads codecs on it's own, you get what you deserve. honestly, all this "automagically download stuff if needed" bs should be avoided. i use windows sometimes, and i always use decent players like vlc or mpc. i cannot play a video due to a missing codec? a little google and i know which codec i need and i can decide wether it's trustworthy or not. i think at this point there's a real difference between windows and GNU/ Linux (and i mean GNU linux like debian): apt-get does kinda the same thing, downloading and installing dependencies on demand, just like windows does, but the difference: if apt-get would ever try to install spyware or trojans, the community would cry out loud and debians reputation is a thing of the past. no matter how silly the debian folks sometimes behave (iceweasel ftw), i think i can trust them.
On second thought, let's not go to Camelot. It is a silly place.
I just don't bother executing that shit. Fact is, if you're after media, and you're asked to download a program, chances are you're being scammed.
Does this line of thinking apply to iTunes and Vongo? Well, for me it does. They're getting you to pay for DRM'd content. Sounds scammy to me.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
Meanwhile, we're talking about using binary codecs, which MPlayer does without Wine's interference. The codec could easily cause havoc, but it really has no way of knowing it's under Linux, and would most likely fail to do whatever it attempts (the whole device infrastructure is different). Of course, one could be written specifically to be able to operate in linux, grabbing on to /dev/tty*, for example. You know, if it can even do an fopen.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
all the more reason to use mplayer on windows ,but win.media player KEEPS resetting it's self as the defoult player !!!!! agggg!!!!!!!!!
on my dule boot with fedora 6 .However linux is the os i use on the web if i am not at the grad lybrary , and those pesky buges won't run in SeLinux
"I don't pitch OpenSUSE Linux to my friends, i let Microsoft do it for me
On the contrary, getting things to run in Wine is hard, because we cannot see what the code of the program and as such cannot recreate the perfect environment for it to run in easily.
Designing something to work in wine would be much easer, as you know what wine does, at what time, and with what resources.
In a way, writing a virus to exploit wine to plant a different Linux virus on the host, would be easier than using a worm to drop a trojan on a windows box... and that happens all the time.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
The answer here is NO, your Linux box is not in danger.
You know... Windows malware don't count on a stupid user that much, on this case the Linux user is safe simply because MPlayer doesn't go out at the net dowloading and running any codec that a movie tell it to.
Rethinking email
-jl
Having access to the source code is not a solution to this problem. Ken Thompson has demonstrated that in his paper Reflections on Trusting Trust twenty years ago.
To really fix the problem we need to leverage the one thing that all modern operating systems (including Windows) do right at the core level - access control. Why would anybody want to run a codec at the privilege level of the program that's using it? Why not run it under an account where it can't touch anything except its input and output streams? (This doesn't have anything to do with whether you are logged in as admin/root. Even if you are not an admin you don't want the codec to upload your documents somewhere.)
A related issue is installation programs. We need to make these declarative instead of executable. As it is right now, you run installations as an admin/root, and give them the rein to do anything. God knows what goes on in those MSIs and makefiles. If these were declarative then setups would declare at the beginning what kind of access they need (simple installation, shared component installation, mucking with the system, codec, &c) and you would be able to make a finer grade decision on whether you want to let them run.
Dejan
Wouldn't that make people less likely to download and install it, not more so?
Now, disguising a nuisance program as a legit codec, OTOH, might be pretty brilliant; suppose anyone has thought to try that?
1. MPlayer makes use of Windows codecs through the use of Winelib.
2. If you read TFA, you'd know that some of the malware came in the codec, while others came in the installer (i.e., a secondary program installed at the same time as the codec)
3. Yes, the codec does have a way of knowing it's running under Linux if the writer of the codec designed it.
4. Grabbing on to
My blog
My 'favorite media player' isnt designed so stupidly as to ever display such a message. If it doesnt understand a given media file, it just produces a meaningful message to that effect, and exits. Then, I can go look at sites I trust to see if what it identified as needed is a real codec, and where to get it.
OMG, the Metaverse is going to core dump and we're all going to be taken over by a bunch of religious zombies... Save us, Uncle Enzo!
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
To have a right to do a thing is not at all the same as to be right in doing it
To have a right to do a thing is not at all the same as to be right in doing it
(Don't tell me that's not the proper way to append files and VLC is just obeying the standards. Sometimes strictly obeying standards is bad. For example, I wrote a script that generates an HTML page containing every image in the folder -- for local viewing, no webserver. I do img href=c:\whatever.jpg. Worked for FIVE YERAS. Along comes firefox, and its strict standards interpretation gives me a page of "X"s -- it wants file://c|/whatever.jpg. Ugh. I'm not touching my script and writing in urlencode stuff. If href is a valid filename, just show it to me! I'm sticking with IE for those situations.) But I digress.
I've also found certain WMVs play in VLC, but the keyframes only register in WMP. Which makes more sense because it is *windows* media video (shudder).
Also, pretty often VLC wont show it in the right aspect ratio, but WMP will. I'm aware that VLC has it's own aspect ratio controls, but sometimes it just isn't right unless you play it in WMP...
I've probably tested more files of different formats on more players than 99% of people on slashdot, so I've run into a lot of uncommon thigns. Like FLVs that play with green verticle lines in VLC, but play fine with FLVPlayer (which I hate because it wont do fullscreen).
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
1. Please read the MPlayer documentation, or, at the very least build it for yourself at least once. It doesn't use winelib. Feel free to correct me if you can find it anywhere on
2. The dangerous part is the codec. No self-respecting linux user would run a random windows program as root, but they may not think twice about the codec (figuring that it's properly sandboxed by mplayer - which it is).
3. It may, but try, just once, to have an exe link to an elf library. Even if it found out, the codec couldn't even know how to link into libc6, at least not by any method I can think of.
4. True. But it's also not the only way to capture the keyboard. I was giving an example of a way to spy.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1