MP3 files can be booby-trapped

Forum Moderators: phranque

Message Too Old, No Replies

MP3 files can be booby-trapped

Real Player and Windows Media Player used to exploit IE

tedster

2:00 pm on Mar 28, 2002 (gmt 0)

It looks like this applies only to Internet Explorer, but it's one more problem that we don't need, but apparently we've got it!

A quirk in media players from Microsoft and RealNetworks could enable attackers to hijack Web browsers and run scripts on the computers of some MP3 music fans. The trick has apparently been discovered by pornography sites and spammers, which have been seeding some music file trading services with bogus MP3 music files.
One such MP3 file, ostensibly containing the music of the Los Angeles-based rock group Lifehouse, launched a pornographic video and generated a "massive" amount of pop-up ads when played back on the Windows Media Player from Microsoft, according to one newsgroup report.

Full article at securityfocus.com [online.securityfocus.com]

cfel2000

2:07 pm on Mar 28, 2002 (gmt 0)

I've come across this. I downloaded the theme music to the Ali G movie and although I can play the movie it constantly opens new IE windows and when they are closed more open. It's hell!

I had to force a restart and then they automatically opened on boot. I clear the registry, *.ini files, start menu everything and they still came. I had to format the disk a start from scratch. I was using Win2000 Server (sp2 with all the updates) and IE6 (with all the updates).

Chris.

wasmith

10:53 pm on Mar 29, 2002 (gmt 0)

You can clean then by converting to a format that does not have scripts and then back again IE .wav

cfel2000 i did not know that the styles allowed included color :)

wasmith

11:03 pm on Mar 29, 2002 (gmt 0)

Oops wait a moment (read the artical) those files are not MP3 to begin with they are other types of media files that have been renamed back to mp3 the information at the begining of the file is often used instead of the ext in windows IE ranaming exe to com does not change how it loads into memory (EXEs have a sig at the begining of the file MS uses that sig not the extension). So they will not convert with a regular converter you will need to use a mixer so you can rerecord the music into a new file while being offline, what a pain.

Does anybody know if this is just limited to those players and not a few of the other brands? I know people who download music though a network i am responsible for.

papabaer

4:49 am on Mar 30, 2002 (gmt 0)

Wasmith, it would appear that it is contained to the Windows Media and Real One players, since both companies have their own propriety format that is capable of containing URLS or script. From the article, the method use is to create a "stealth version" of a Windows or Real media file that contains malicious code. The "wolf in sheep's clothing" part is when these files are renamed with .mp3 extentions. Normally (you would hope!) if a file is given a new extention, it would no longer play as its original format; this is not the case with Real One and Windows Media players according to the article.

It sounds like in addition to another IE security hole, their is a pretty wide breach in the mentioned players.

If you attempted to play the errant file with another player, such as Winamp of Musicmatch, the file would not execute.

This one is going to be talked about loudly, I am certain.