Viral Videos That Really Are Viral

davidwr writes to mention a BBC article looking at booby-trapped Windows codecs. While some codecs required for online videos actually let you watch your content, others are just excuses to infect your system with spyware or adware. As davidwr says: "Now virtual sex can make your computer sick." From the article: "Mr Robinson said many security firms were now logging instances in which spyware and adware firms are turning out software bundles that claim to roll together many popular codecs or just have the one needed to play a particular clip. Some of the codecs do help to play clips, but others are disguised as a variety of nuisance or malicious programs. Some rogue codecs plague users with pop-up adverts, while others invisibly install keyloggers that try to grab confidential data. "

Re:One way to know if code is safe to run

Not everyone can read source code you elitist asshole. Not to mention, I don't feel like stopping in mid wank to read the source of a codec I need to watch a pr0n clip.

Re:serves yah right

[pegr]

I have to agree. This has been going on for quite some time, at least a couple of years. That's why I simply don't use codecs that come from questionable sources. You wouldn't run just any arbitrary program, would you?

But wait, if there's porn involved... :)

Re:And if you use those codecs with MPlayer on Lin

[$RANDOMLUSER]

Running Linux does not make you invincable. It would be an easy thing to include some "if (OS == LINUX)" code. A captive Linux box is a worthier target than an XP box, and there are no "automatic" tools to sweep it clean. Many Linux users don't know all the things running on their box, nor pay much attention to it. Do YOU know what all the processes from "ps -ef" do? Are you sure that the process named is really that process?

Combined Community Codec Pack

[TheSHAD0W]

I'm going to personally recommend a codec pack called CCCP, or the Combined Community Codec Pack. It's primarily meant for viewing anime, but I've never come across any video it couldn't play (aside from MOV and RM). It claims to be free of any sort of malware, and there are a lot of good people vouching for it.

If anyone has any information about malware being present in this codec pack, please respond to this post; since I have this installed on my system I'd be very interested in hearing it. :-)

Re:How is this any different?

[99BottlesOfBeerInMyF]

Why do people expect that codecs downloaded from arbitrary untrusted sources would be any less free of viruses, adware, etc... than any other random executables obtained off the net?

The average person assumes data they download will not be able to infect their computer. What kind of an idiot would design a computer such that it lets a random codec someone downloads run as an executable and have access to read their e-mail addresses, capture keystrokes, etc., especially in this day of malware. MS should have fixed this long ago. It looks like Apple has ported MAC from TrustedBSD and will be solving this in OS X 10.5. Maybe t is time you stopped blaming the user for making reasonable assumptions and started looking at just how badly designed most OS's are these days.

Read the Source code? Are you serious?

[runlevel+5]

Outside of the scope of this article, there are dozens of reasons not to relase your sourcecode, among the most common being the proffit motive. A A lot people look at OSS with are "why by the cow when you get the milk for free" attitude. What about companies that haven't yet copyrighted or patented the algorithims in their software before they go to market? And do you really think companies like Adobe and Autodesk are ashamed of their award winning flagship software packages? Quite honestly, your last argument is utterly rediculous. To bring things a bit closer to home, it's often way simpler, smarter, and faster to distribute codecs in binary form. People just want them to work right away without firing up the windows equivalent of "./configure --with-notrojans". If they have trade-secret compression algorithims, then your company may not want to give them to your competitors. Finally, even if the source code were made public, users have to read thousands of lines of code before knowing if it was "safe" or not. I seriously doubt you'd find any comments that say ""// Computer-destroying virus begins here". And safe is a relative term, because for some machines a segfault is just as bad as a trojan horse.

Re:One way to know if code is safe to run

[MightyYar]

But do you only eat cake baked in your own kitchen? Would you give up a piece of cake that everyone is raving about because the recipe is a secret? What if the baker had a solid reputation and thousands of satisfied customers?

I'm not sure why someone would have higher standards for what they run on their stupid computer than for what they allow into their body.

Re:STDs

[spun]

Now your computer can get STDs as well!

Stupidity Transmitted Diseases?

Re:One way to know if code is safe to run

[ehrichweiss]

"If you want me to run something on MY computer, I have a RIGHT to see the source code."

First things first, it is usually less of THEM wanting something run on your computer and more likely YOU wanting to run it. If it's freeware that scenario is lots more likely since they don't make money for every installation, etc. so they couldn't care less.

Next, you don't have a "right", you have a desire. If they publish the source code then you have the right to view it, otherwise you're SOL. You're likely not a king or otherwise powerful enough person to get such things done so put your words in some perspective.

Re:And if you use those codecs with MPlayer on Lin

[element-o.p.]

and there are no "automatic" tools to sweep it clean

meh...not sure I entirely agree with you here, although I will concede that many Linux users don't know what tools are available and even less use those that are available on a regular basis.

Tools that I use regularly to keep tabs on my boxen:
1) http://www.chkrootkit.org/chkrootkit: can be run from cron to look for suspicious files and rootkit signatures;
2) netstat -ep: to show what processes are using network connections;
3) lsof: to show what files on your system are open, who opened them and with what process they were opened;
4) http://www.tripwire.com/Tripwire or http://www.gecko-ak.org/Sentinel/my own, open-source, much less functional, still really in development Tripwire-like file system auditor: to check for changes in binaries, config files or anything else on your file system that you would like to keep tabs on;
5) http://www.insecure.org/nmap: to remotely scan computers on your network for open ports, and to audit the services using these open ports;
6) http://www.nessus.org/nessus: like nmap, only different;
7) tcpdump/ethereal/wireshark: to monitor packets in or out of your computer;
8) http://www.snort.org/snort: okay, I haven't (yet) used this one, but it's the open-source standard for IDS;
9) http://www.bitdefender.com/bit defender: anti-virus for Linux--we had to use this once at work to remove a Windows virus that had infected our Samba shares (note: the Samba server wasn't infected, but the Windows machines that were mounting shares from the Samba server were--and they kept rewriting infected Windows executables to the server).

So, no most of these aren't automatic, and most of these won't clean your Linux PC's, but there are a host of tools that you can use to detect problems on your Linux computers. And, if you're really paranoid, there are several vendors that provide anti-virus software, just like what you find on your Windows machines.