this post was submitted on 14 Aug 2023
59 points (98.4% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54500 readers
343 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

when downloading movies, series and anime they mostly come in those formats. Can they contain virus? if yes, do they get detected with antivirus?

all 27 comments
sorted by: hot top controversial new old
[–] Decipher0771@lemmy.ca 46 points 1 year ago

Sure. Whether they’re effective and actually able to execute is another question.

A simple way might simply be to put an actual executable in the file instead, and when a user double clicks to open it it’ll run instead. Or there’s stuff to hide in metadata that could exploit particular players, or even some OS preview systems, and get execution that way.

But…..really pretty unlikely. Possible definitely, but you’d have to go through a lot of effort to get hit by something.

[–] heartlessevil@lemmy.one 40 points 1 year ago (2 children)

Hypothetically yes. But consider that much like a virus growing in a petri dish, it needs an appropriate environment. A mp4/mkv/whatever file sitting on your hard drive that you never access is not going to be problematic. Even when you do access it, it is probably is not going to do anything unless you also open it in the viewer that the malware author intended the payload for. There is no general purpose video decoding malware. They target the players.

[–] Wilker@lemmy.blahaj.zone 17 points 1 year ago (1 children)

as a reminder: in systems on Linux, remember to check the permissions of non executable files if you're extracting them from a zip folder or similar, since those tends to preserve file permissions before you double-click them.

[–] LiveLM@lemmy.zip 3 points 1 year ago

Also for Linux: If you're paranoid about getting hit by a video-player exploit, I think you could thwart most attempts by throwing your player into firejail (maybe a properly configured flatpak could also do the trick?)

[–] EddyBot@feddit.de 1 points 1 year ago (1 children)

oh there is a way without the user accessing it espcially on Windows: Anti virus scanner
since most of them scan all downloaded files a zero day exploit for these software might be automatically executed
bonus points: Anti virus software typically has system permissions too

(likelyhood is still hilariously low)

[–] ReversalHatchery@beehaw.org 2 points 1 year ago

You made me think about it a little more, and there's one more thing, for the GUI based filemanagers of any operating system: thumbnail generation might also be able to be targeted

[–] hinterlufer@lemmy.world 27 points 1 year ago (1 children)

There are a bunch of vulnerabilities for VLC for example. Some of them are based on modified .avi or .mkv files.

Note that those are all known and already patched but there are certainly some vulnerabilities out there that are unknown and/or unpatched. You're quite unlikely to get one of those though.

The biggest security issue probably is an unpatched system so don't forget to keep your software up to date.

[–] user224@lemmy.sdf.org 25 points 1 year ago

don’t forget to keep your software up to date.

Our (internet-connected) Windows XP school computers:

[–] veloute@lemmy.dbzer0.com 27 points 1 year ago (1 children)

for the most part, you're safe; because media files aren't executable (like exe, appimage, etc) including a virus in the file wouldn't do much. there could be a zero-day (e.g buffer overflow in the media file that exploits a flaw in the player/decoder, but that isn't anywhere near as common as including malware in executable files.

[–] CrawX@discuss.tchncs.de 6 points 1 year ago

As long as you're using updated software (OS included).

[–] DoisBigo@lemmy.eco.br 16 points 1 year ago (1 children)

Yes.

Depends on the virus, but unlikely.

The thing about viruses is that it is an arms race. It's almost impossible to get a virus from playing media on your computer. Why? Well, let me explain in a 3 easy steps:

  1. Viruses have specific goals. They want to spy on you, encrypt your files, use your computer on a botnet, access ads with your computer, etc. In order to do that, they must gain access within your system to do those things.

  2. Since they need access, the easiest way to get access is just by simply asking you. Which is why executables (software and games) are the riskiest stuff to pirate. But it's possible to get viruses from other sources, they do that by exploring flaws in the software. For example, a while ago they managed to insert viruses through VLC media player subtitles.

  3. However, simply exploiting a flaw isn't enough because flaws get fixed. Following the VLC Media player example, few days after the virus was distributed, VLC launched a new version that corrected the flaw, making the virus useless. Therefore, it's necessary that the virus either explores a 0-day (a flaw that hasn't been widely discovered - this kind of information is sold for a lot of money on the deep web and is usually used to hack governments and bit corporations) or targets people using old software on their machines.

In conclusion: you can catch Aids having sex with condoms, maybe it had a tear, maybe you had a small bleeding on your mouth, etc, but you aren't getting aids using condoms unless you're extremely unlucky. In the same vein, it's possible to catch viruses from media files, but if your software is updated, it's extremely unlikely.

[–] Diminish4036@noworriesto.day 3 points 1 year ago

Nobody can catch AIDS

[–] Potatos_are_not_friends@lemmy.world 11 points 1 year ago (1 children)

Every time questions like this get asked, I get interested in seeing if it's possible and try to get a proof of concept out. I wonder how many people are like me.

[–] WarmSoda@lemm.ee 6 points 1 year ago* (last edited 1 year ago)

OP left out thier real question at the end:
And how do I make them?

[–] RalphWiggum@artemis.camp 6 points 1 year ago (1 children)

Oh this takes me back to the old Limewire says, downloading a digital STD along with a cam’d version of Old School, and it taking a whole
night.

[–] glowie@infosec.pub 6 points 1 year ago

Download .rar file of movie and uncompress:

Grandmas_Boy_[Virus-Free].exe

Nuffin' sus

[–] HurlingDurling@lemm.ee 3 points 1 year ago* (last edited 1 year ago) (1 children)

Absolutely. Hell, hackers have managed to hide complete documents into image files so when you open the file you see only a vacation foto, but using special software, they can remove the secret document.

[–] PupBiru@kbin.social 15 points 1 year ago

kinda different there though… it’s trivial to add whatever data you like to images etc (and that’s without even resorting to steganography), but that data is only accessible with an application. i believe the question was intended as whether you could get a virus from downloading/playing media files… the content of that “hidden data” isn’t executable, so whilst it’s reasonable to say it’s possible to transport a virus via hidden data in media, it’s not reasonable to say that you can “get” a virus using that same method alone

[–] wildbus8979@sh.itjust.works 3 points 1 year ago

Yes they can, exploits in codecs are not unheard-of. Antivirus detect known malware, regardless of file type