Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Viral Videos That Really Are Viral

Posted by Zonk on Tue Oct 31, 2006 11:36 AM
from the click-wisely dept.
Security The Internet
davidwr writes to mention a BBC article looking at booby-trapped Windows codecs. While some codecs required for online videos actually let you watch your content, others are just excuses to infect your system with spyware or adware. As davidwr says: "Now virtual sex can make your computer sick." From the article: "Mr Robinson said many security firms were now logging instances in which spyware and adware firms are turning out software bundles that claim to roll together many popular codecs or just have the one needed to play a particular clip. Some of the codecs do help to play clips, but others are disguised as a variety of nuisance or malicious programs. Some rogue codecs plague users with pop-up adverts, while others invisibly install keyloggers that try to grab confidential data. "
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Viral Videos That Really Are Viral 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

    • Re:And if you use those codecs with MPlayer on Lin (Score:5, Interesting)

      by $RANDOMLUSER (804576) on Tuesday October 31 2006, @11:45AM (#16659517)
      Running Linux does not make you invincable. It would be an easy thing to include some "if (OS == LINUX)" code. A captive Linux box is a worthier target than an XP box, and there are no "automatic" tools to sweep it clean. Many Linux users don't know all the things running on their box, nor pay much attention to it. Do YOU know what all the processes from "ps -ef" do? Are you sure that the process named is really that process?
      • Yeah an "if (OS = LINUX)" in a .EXE file would be so dangerous to a linux box, riiiiight.

        How about this - video sites stop trying to serve codecs and special players, they just serve the video DATA, and let the user decide what software to use to play them.

        If you see 'click here for the video' and its 'http:// [..] / [..] .EXE' - heres a hint - its not a video, its malware.
        • Yeah an "if (OS = LINUX)" in a .EXE file would be so dangerous to a linux box, riiiiight.

          It depends on whether or not Wine is on the box. On an Ubuntu or Debian box, for instance, .exe files are, by default, associated with wine in the GNOME mimetypes. Before you say "Yeah, but anyone bright enough to be running Wine isn't gonna just automatically click on an .EXE", realize that installing and configuring Wine is very easy these days with programs like winetools [von-thadden.de].

          If Wine is on the box, all bets are off. T
        • I think you missed the point of the article. You attempt to play a file in your favorite media player and the following message pops up:

          "Could not find codec for proprietary-spyware-codec; would you like to install the spyware from the website?"

          (Obviously not worded so blatently)
      • and there are no "automatic" tools to sweep it clean

        meh...not sure I entirely agree with you here, although I will concede that many Linux users don't know what tools are available and even less use those that are available on a regular basis.

        Tools that I use regularly to keep tabs on my boxen:
        1) http://www.chkrootkit.org/ [chkrootkit.org]chkrootkit: can be run from cron to look for suspicious files and rootkit signatures;
        2) netstat -ep: to show what processes are using network connections;
        3) lsof: to show what files on your system are open, who opened them and with what process they were opened;
        4) http://www.tripwire.com/ [tripwire.com]Tripwire or http://www.gecko-ak.org/Sentinel/ [gecko-ak.org]my own, open-source, much less functional, still really in development Tripwire-like file system auditor: to check for changes in binaries, config files or anything else on your file system that you would like to keep tabs on;
        5) http://www.insecure.org/ [insecure.org]nmap: to remotely scan computers on your network for open ports, and to audit the services using these open ports;
        6) http://www.nessus.org/ [nessus.org]nessus: like nmap, only different;
        7) tcpdump/ethereal/wireshark: to monitor packets in or out of your computer;
        8) http://www.snort.org/ [snort.org]snort: okay, I haven't (yet) used this one, but it's the open-source standard for IDS;
        9) http://www.bitdefender.com/ [bitdefender.com]bit defender: anti-virus for Linux--we had to use this once at work to remove a Windows virus that had infected our Samba shares (note: the Samba server wasn't infected, but the Windows machines that were mounting shares from the Samba server were--and they kept rewriting infected Windows executables to the server).

        So, no most of these aren't automatic, and most of these won't clean your Linux PC's, but there are a host of tools that you can use to detect problems on your Linux computers. And, if you're really paranoid, there are several vendors that provide anti-virus software, just like what you find on your Windows machines.
    • Simply put, not likely

      1) The installer for these "codecs" is probably what installs the spyware, not the codec itself. So unless you ran the installer on wine I don't really see how you could install the codecs. And if you did install it on wine, there's no gaurantee the spyware would be able to run on wine and it would be rather strange to see an instance of wine running even after the installer is finished.

      2) If the codecs are simply in a zip file and the spyware is embedded in the DLL then the spyware pa

  • At first glance I thought the article was talking about security flaws in trusted codecs that allowed malformed content (i.e. videos) to install virii, etc... That's a little scary - much akin to the libjpeg flaw from a year back or so.

    However, this article is talking about something much more inane. Why do people expect that codecs downloaded from arbitrary untrusted sources would be any less free of viruses, adware, etc... than any other random executables obtained off the net?

    • Re: (Score:3, Interesting)

      by DragonWriter (970822)

      Why do people expect that codecs downloaded from arbitrary untrusted sources would be any less free of viruses, adware, etc... than any other random executables obtained off the net?

      Probably because only a minority of users realize that a "codec" is a kind of "executable" or "program", rather than a some kind of electronic "key" or "description" that enables a media player to decode a particular kind of media file. Its not like the boundaries between safe (or at least, safer) "data" and dangerous "code" are

    • Re:How is this any different? (Score:4, Funny)

      by 99BottlesOfBeerInMyF (813746) on Tuesday October 31 2006, @11:48AM (#16659605)

      Why do people expect that codecs downloaded from arbitrary untrusted sources would be any less free of viruses, adware, etc... than any other random executables obtained off the net?

      The average person assumes data they download will not be able to infect their computer. What kind of an idiot would design a computer such that it lets a random codec someone downloads run as an executable and have access to read their e-mail addresses, capture keystrokes, etc., especially in this day of malware. MS should have fixed this long ago. It looks like Apple has ported MAC from TrustedBSD and will be solving this in OS X 10.5. Maybe t is time you stopped blaming the user for making reasonable assumptions and started looking at just how badly designed most OS's are these days.

      • s/most OS's/a certain mainstream OS (but very few others)/
      • If an application you want to have access to that data can access it, an application running under the same or higher credentials that you don't want to have access to that data can access it. OS X and Linux/UNIX might be a little better designed then Windows, but they do not magically know what should and should not be happening.

        Most of virus and spyware infections are the users fault. Computers are meant to do what the user tells them to do, most users tell computers to do stupid things so they do them.

      • The average person assumes data they download will not be able to infect their computer.

        And how did this get modded as insightful? Codecs aren't data, they are programs. What's your first clue? CODEC stands for Compressor/Decompressor (Here's a linky [wikipedia.org] for you). I actually worked on a wavelet codec almost 10 years ago, before anybody had heard about them in relation to JPEG2K.

        If you want to argue that operating systems should secure users from malevolent programs that is an entirely different ball of wax.

  • Moo (Score:2, Funny)

    by Chacham (981)
    Videos infected with viruses, video at 11.
  • Install FFDShow [free-codecs.com], Flash and Quicktime. If it don't play then it ain't woth playing.
    • What about ogg theora and x264 ? Without those, you are missing a) the most popular Free codec, and b) probably the best "Free" codec available today.
      • I believe both are currently supported.
      • Not sure about x264 but I'm pretty sure that ffdshow does support theora with their latest release.

        Related links:
        Wikipedia [wikipedia.org]
        afterdawn.com [afterdawn.com]

      • Well, if you want to play x264, you can just use quicktime, which is one of the things your parent mentioned. If you want to play Ogg Theora, then you can install that, although I don't think it's really that popular. I can count on one hand the number of videos i've downloaded that were encoded using Ogg Theora. And they weren't anything that was really worth seeing.
      • The latest version of ffdshow supports both Theora and X.264 (AVC1). X.264 needs to be manually enabled, but it is there, and it works great.

  • Combined Community Codec Pack (Score:5, Informative)

    by TheSHAD0W (258774) on Tuesday October 31 2006, @11:48AM (#16659597) Homepage
    I'm going to personally recommend a codec pack called CCCP [softpedia.com], or the Combined Community Codec Pack. It's primarily meant for viewing anime, but I've never come across any video it couldn't play (aside from MOV [free-codecs.com] and RM [free-codecs.com]). It claims to be free of any sort of malware, and there are a lot of good people vouching for it.

    If anyone has any information about malware being present in this codec pack, please respond to this post; since I have this installed on my system I'd be very interested in hearing it. :-)
    • But naming a codec after the former Soviet Union [wikipedia.org] does not exactly inspire confidence.

    • Re: (Score:3, Informative)

      by thelost (808451)
      I will second that recommendation and state that in my personal experience there has never been any spyware or viri in CCCP.

      The obvious alternative is of course VLC - however a lot of people will be turned off by VLCs apparent lack of spit and polish compared to other video players for windows, mainly because it is not always simple to use & it's seek bar sucks ass; devs flatly refuse to do anything about that (although it's my understanding that the way it's currently written it is actually impossible
    • The CCCP is a great project, and i've dropped into their IRC channel before with bug reports / problems / questions. CCCP works on Vista and lets you get softsubs, mkv support, etc under Media Center on both XP and Vista.

      I've only found a small sampling of content that doesn't "just work" with CCCP, in which case, VLC usually suffices. To be fair, to get CCCP playing how i want in MCE i usally set Haali to always load VSFilter, and i set ffdaudio to SPDIF passthrough for ac3/dts, which means i can only mu
  • Codec packs are for suckers, I think most people should know that by now. Even when everything in them is legit, you end up with a dozen codecs for a given format, which you don't need, and are bound to create problems. Besides which, you want to be sure you're using the best codecs for a given format, which is harder when you have a dozen to chose from. You should always install individual codecs for a specific format. Go to this page [inmatrix.com] for a list of all common formats and specific codecs to use for each

  • Some of the codecs do help to play clips, but others are disguised as a variety of nuisance or malicious programs.

    I know when I want people to use my codec, I disguise it as malware.

    The upcoming Halloween holiday is already being exploited by malicious hackers who are baiting websites with viruses and trojans.

    Who would bait their website with viruses? I mean really, is someone going to click on a link that says "Get your viruses here!" The video content is the bait, the malware is the payload.

  • Yup, the article is right on. ABC won't run unless adblocker is off, Fox's episode viewers not only won't run unless adblocker is off, but installs popup ads.
  • The DefilerPak is a minimalist collection of video and audio codecs designed to keep you up to date with the latest developments. http://hellninjacommando.com/defilerpak/ [hellninjacommando.com] What's included? ffdshow: Rapidly making codec packs obsolete. Plays almost everything. Haali Media filter: Supports the Matroska, MP4, and OGM A/V container formats. VSFilter: Supports a wide variety of subtitle formats. DivX ;-) Audio: Just in case. AC3 XForm filter: Makes life a little easier for folks with external Dolby Digital dec

  • Booby-trapped sex-video codecs (Score:3, Funny)

    by ettlz (639203) on Tuesday October 31 2006, @12:05PM (#16659905) Homepage Journal

    Boobs... uh-huh-uhh-huh-uhh...

    Um... sorry, just had a bit of Beavis and Butthead moment there.

  • Baghdad Bob [wikipedia.org] is alive and well and living in China!

  • I remember seeing this stuff even as far back as '98 when I first starting using high speed internet through school. USENET and the early file trading networks for chock full of propietary encoded formats that would install 1-900 number dialing VFW filters if you tried to get them to work.

    • Re: (Score:3, Funny)

      by Anonymous Coward
      Not everyone can read source code you elitist asshole. Not to mention, I don't feel like stopping in mid wank to read the source of a codec I need to watch a pr0n clip.

      • This is 2006 - get with the times (Score:2, Funny)

        by Anonymous Coward
        With translucent windows, you can write or audit source code while jacking off to hentai.

        And no, it's not a productivity boost. This is actually one of the reasons Vista took so long, tho it can be a source of inspiration. Obviously Vista's protected mode was inspired by a posh wank.
    • You don't need to be ashamed of your code not to want other people to read it. It just might be that you don't feel like giving away your life's work. Or that keeping the source closed is the only way not to be sued for patent infringement.

        • Re:One way to know if code is safe to run (Score:4, Insightful)

          by MightyYar (622222) on Tuesday October 31 2006, @12:09PM (#16659987)

          But do you only eat cake baked in your own kitchen? Would you give up a piece of cake that everyone is raving about because the recipe is a secret? What if the baker had a solid reputation and thousands of satisfied customers?

          I'm not sure why someone would have higher standards for what they run on their stupid computer than for what they allow into their body.

        • Re:One way to know if code is safe to run (Score:4, Insightful)

          by ehrichweiss (706417) on Tuesday October 31 2006, @12:34PM (#16660505)
          "If you want me to run something on MY computer, I have a RIGHT to see the source code."

          First things first, it is usually less of THEM wanting something run on your computer and more likely YOU wanting to run it. If it's freeware that scenario is lots more likely since they don't make money for every installation, etc. so they couldn't care less.

          Next, you don't have a "right", you have a desire. If they publish the source code then you have the right to view it, otherwise you're SOL. You're likely not a king or otherwise powerful enough person to get such things done so put your words in some perspective.

    • Re: (Score:3, Insightful)

      by CastrTroy (595695)
      Although that's a little bit extreme, you can't possibly read and understand the source code for every single program you run, it makes a lot of sense. If they are willing to put the source code out there, then they are most likely not going to try and fool you. If they do, then you have the evidence of what they are doing. This is why the first place I go to look for software is Sourceforge. Because everything there is open source, I can be pretty sure that there's no adware, spyware, or other malicious
    • Some of us have a wife and kids, a full time job, working on a masters/Ph. D, other commitments outside the daily grind. We don't have time to sit down and scrutinize every bit that enters our computers (I could - I'm a compotent programmer. That's not the point.). If I choose to download something I trust the developer. I have a level enough head on my shoulder to figure out what looks fishy and what doesn't. And if, for some reason, something bad does happen? Takes but 10 minutes to reimage a drive. Big d
    • Outside of the scope of this article, there are dozens of reasons not to relase your sourcecode, among the most common being the proffit motive. A A lot people look at OSS with are "why by the cow when you get the milk for free" attitude. What about companies that haven't yet copyrighted or patented the algorithims in their software before they go to market? And do you really think companies like Adobe and Autodesk are ashamed of their award winning flagship software packages? Quite honestly, your last argu
      • Trade Secret -- sure, that's a reason.

        But, I still prefer "open source". Profit is not the issue. If someone I trust has a look, its good enough. And I don't trust most vendors.

        I personally don't read all the code; not enough time, but I do prefer if it is possible, and if I can get a proxy to do it. I don't run "binary only" software, unless it is in a sandbox (and not directly connected to the internet or internal network).

        FYI: Anything published is pretty much under copyright.

        Sure, distribute the codecs
    • Have you ever seen the sourcecode of your BIOS EEPROM?
      • Far out reading disc E:

        (T)urn on, T(u)ne in, (D)rop out?
      • No, source code alone is not enough; but it's a bloody good start all the same. Even if you don't understand it yourself, you can always show it to someone who does.

        The reason source code is not a sufficient condition for security is that the compiler (which you have to run as a binary) may produce binaries that do something other than the source code fed into it would suggest. If you use it to compile the source code for a compiler, it might produce a "dirty" compiler which similarly mungs any source

    • Re:serves yah right (Score:4, Insightful)

      by pegr (46683) on Tuesday October 31 2006, @11:43AM (#16659489) Homepage Journal
      I have to agree. This has been going on for quite some time, at least a couple of years. That's why I simply don't use codecs that come from questionable sources. You wouldn't run just any arbitrary program, would you?

      But wait, if there's porn involved... :)
    • Probably, but this technique would work on Mac or Linux, too. Actually, the Linux crowd might be a little skeptical of an "installer"... what the hell is that??? You mean make install?
      • Probably, but this technique would work on Mac or Linux, too. Actually, the Linux crowd might be a little skeptical of an "installer"... what the hell is that??? You mean make install?

        Good point. And how many Linux users download some source code and run sudo make install without any code review first?
         

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.