Viral Videos That Really Are Viral 157
davidwr writes to mention a BBC article looking at booby-trapped Windows codecs. While some codecs required for online videos actually let you watch your content, others are just excuses to infect your system with spyware or adware. As davidwr says: "Now virtual sex can make your computer sick." From the article: "Mr Robinson said many security firms were now logging instances in which spyware and adware firms are turning out software bundles that claim to roll together many popular codecs or just have the one needed to play a particular clip. Some of the codecs do help to play clips, but others are disguised as a variety of nuisance or malicious programs. Some rogue codecs plague users with pop-up adverts, while others invisibly install keyloggers that try to grab confidential data. "
One way to know if code is safe to run (Score:1, Troll)
READ THE SOURCE CODE.
If they won't let you read the source code, it's because there's something in there they don't want you to see. If they don't want you to see it, that means they're ashamed of it. Avoid it.
Re: (Score:3, Funny)
This is 2006 - get with the times (Score:2, Funny)
And no, it's not a productivity boost. This is actually one of the reasons Vista took so long, tho it can be a source of inspiration. Obviously Vista's protected mode was inspired by a posh wank.
Re: (Score:2)
Why yes! I can see why they modded you informative. Perhaps a bit too informative...
Re: (Score:2)
Re: (Score:1, Troll)
By the way, evaluating Source Code with which you can show you have no association to determine its suitability for use (or otherwise) is a Service which may be considered to have Value.
Re:One way to know if code is safe to run (Score:4, Insightful)
But do you only eat cake baked in your own kitchen? Would you give up a piece of cake that everyone is raving about because the recipe is a secret? What if the baker had a solid reputation and thousands of satisfied customers?
I'm not sure why someone would have higher standards for what they run on their stupid computer than for what they allow into their body.
Re: (Score:2)
Re: (Score:2)
I'm fairly certain that you've eaten something without first looking at the ingredients.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I don't agree that he has the right to look at the source code to everything installed on his computer. He does have the right to only install stuff that he can view the source code of but that's just called freedom of choice.
Re: (Score:2)
Re:One way to know if code is safe to run (Score:4, Insightful)
First things first, it is usually less of THEM wanting something run on your computer and more likely YOU wanting to run it. If it's freeware that scenario is lots more likely since they don't make money for every installation, etc. so they couldn't care less.
Next, you don't have a "right", you have a desire. If they publish the source code then you have the right to view it, otherwise you're SOL. You're likely not a king or otherwise powerful enough person to get such things done so put your words in some perspective.
Re: (Score:3, Insightful)
Re: (Score:2)
Some of us have a life (Score:3, Insightful)
Re: (Score:1, Funny)
Re: (Score:2)
Too much work to do to give a damn about spelling, did you read my post?
Read the Source code? Are you serious? (Score:3, Insightful)
Re: (Score:2)
But, I still prefer "open source". Profit is not the issue. If someone I trust has a look, its good enough. And I don't trust most vendors.
I personally don't read all the code; not enough time, but I do prefer if it is possible, and if I can get a proxy to do it. I don't run "binary only" software, unless it is in a sandbox (and not directly connected to the internet or internal network).
FYI: Anything published is pretty much under copyright.
Sure, distribute the codecs
Re: (Score:2)
I personally don't read all the code; not enough time, but I do prefer if it is possible, and if I can get a proxy to do it. I don't run "binary only" software, unless it is in a sandbox (and not directly connected to the internet or internal network).
What hardware devices are you using which all have open source firmware ?
Again, FYI: As long as this is the custom, you will see malware of various sorts.
You will see malware so long as ignorant people can run arbitrary code on their machines.
Re: (Score:2)
Examples: x86 instruction set. Interfaces to BIOS, monitor, network switch. Interface to keyboard.
As long as I am reasonably happy that the possibility of malware vector is low, I'll use it.
YMMV
Ratboy
Source code is NOT enough (Score:1)
You can't trust your application source code unless you trust your build and execution environments. This means trusting everything from the chip and motherboard to the firmware to the boot loader to the OS to the compilation environment to the run-time environment. We are already seeing trust issues with virtual machines eating colorful pills when the underlying real machine is compromised.
If there's a trustwort
Re: (Score:2)
Re: (Score:2)
The reason source code is not a sufficient condition for security is that the compiler (which you have to run as a binary) may produce binaries that do something other than the source code fed into it would suggest. If you use it to compile the source code for a compiler, it might produce a "dirty" compiler which similarly mungs any source
Re: (Score:2)
Re: (Score:2)
If they won't let you read the source code, it's because there's something in there they don't want you to see. If they don't want you to see it, that means they're ashamed of it. Avoid it.
Your logic is broken.
And if you use those codecs with MPlayer on Linux? (Score:2)
Re:And if you use those codecs with MPlayer on Lin (Score:5, Interesting)
Re: (Score:2)
How about this - video sites stop trying to serve codecs and special players, they just serve the video DATA, and let the user decide what software to use to play them.
If you see 'click here for the video' and its 'http:// [..] / [..]
Re: (Score:2)
It depends on whether or not Wine is on the box. On an Ubuntu or Debian box, for instance,
If Wine is on the box, all bets are off. T
Re: (Score:2)
Re: (Score:2)
Designing something to work in wine would be much easer, as you know what wine does, at what time, and with what resources.
In a way, writing a virus to exploit wine to plant a different Linux virus on the host, would be easier than using a worm to drop a trojan on a windows box... and that happens all the time.
Re: (Score:2)
Re: (Score:2)
1. MPlayer makes use of Windows codecs through the use of Winelib. /dev/tty* is of limited use in a syste
2. If you read TFA, you'd know that some of the malware came in the codec, while others came in the installer (i.e., a secondary program installed at the same time as the codec)
3. Yes, the codec does have a way of knowing it's running under Linux if the writer of the codec designed it.
4. Grabbing on to
Re: (Score:2)
Re: (Score:2)
"Could not find codec for proprietary-spyware-codec; would you like to install the spyware from the website?"
(Obviously not worded so blatently)
Re: (Score:2)
Re: (Score:2)
The "if(OS=LINUX)" doesn't have to come in a ***Windows*** exe, or did you not think about that? And most of the malware like this doesn't portray itself as an
Re: (Score:2)
Does this line of thinking apply to iTunes and Vongo? Well, for me it does. They're getting you to pay for DRM'd content. Sounds scammy to me.
Re:And if you use those codecs with MPlayer on Lin (Score:4, Informative)
meh...not sure I entirely agree with you here, although I will concede that many Linux users don't know what tools are available and even less use those that are available on a regular basis.
Tools that I use regularly to keep tabs on my boxen:
1) http://www.chkrootkit.org/ [chkrootkit.org]chkrootkit: can be run from cron to look for suspicious files and rootkit signatures;
2) netstat -ep: to show what processes are using network connections;
3) lsof: to show what files on your system are open, who opened them and with what process they were opened;
4) http://www.tripwire.com/ [tripwire.com]Tripwire or http://www.gecko-ak.org/Sentinel/ [gecko-ak.org]my own, open-source, much less functional, still really in development Tripwire-like file system auditor: to check for changes in binaries, config files or anything else on your file system that you would like to keep tabs on;
5) http://www.insecure.org/ [insecure.org]nmap: to remotely scan computers on your network for open ports, and to audit the services using these open ports;
6) http://www.nessus.org/ [nessus.org]nessus: like nmap, only different;
7) tcpdump/ethereal/wireshark: to monitor packets in or out of your computer;
8) http://www.snort.org/ [snort.org]snort: okay, I haven't (yet) used this one, but it's the open-source standard for IDS;
9) http://www.bitdefender.com/ [bitdefender.com]bit defender: anti-virus for Linux--we had to use this once at work to remove a Windows virus that had infected our Samba shares (note: the Samba server wasn't infected, but the Windows machines that were mounting shares from the Samba server were--and they kept rewriting infected Windows executables to the server).
So, no most of these aren't automatic, and most of these won't clean your Linux PC's, but there are a host of tools that you can use to detect problems on your Linux computers. And, if you're really paranoid, there are several vendors that provide anti-virus software, just like what you find on your Windows machines.
Re: (Score:2)
Very true. Having unprotected connections with unknown providers of active content is risky.
It is risky to open an e-mail and it says use this key to open the attachment. I apply the same caution to any video which requires me to use this provided player to view the content.
If the video says it needs Quicktime, I should be able to go to Apple on my own and install Quicktime from the source (don't follow a provided link).
In Linux I run as a user, not an admin. It
Re: (Score:2)
The answer here is NO, your Linux box is not in danger.
You know... Windows malware don't count on a stupid user that much, on this case the Linux user is safe simply because MPlayer doesn't go out at the net dowloading and running any codec that a movie tell it to.
Re:And if you use those codecs with MPlayer on Lin (Score:2)
1) The installer for these "codecs" is probably what installs the spyware, not the codec itself. So unless you ran the installer on wine I don't really see how you could install the codecs. And if you did install it on wine, there's no gaurantee the spyware would be able to run on wine and it would be rather strange to see an instance of wine running even after the installer is finished.
2) If the codecs are simply in a zip file and the spyware is embedded in the DLL then the spyware pa
serves yah right (Score:1)
Re:serves yah right (Score:4, Insightful)
But wait, if there's porn involved...
STDs (Score:1, Funny)
Re:STDs (Score:4, Funny)
Stupidity Transmitted Diseases?
Naaah... (Score:2)
How is this any different? (Score:2)
At first glance I thought the article was talking about security flaws in trusted codecs that allowed malformed content (i.e. videos) to install virii, etc... That's a little scary - much akin to the libjpeg flaw from a year back or so.
However, this article is talking about something much more inane. Why do people expect that codecs downloaded from arbitrary untrusted sources would be any less free of viruses, adware, etc... than any other random executables obtained off the net?
Re: (Score:3, Interesting)
Probably because only a minority of users realize that a "codec" is a kind of "executable" or "program", rather than a some kind of electronic "key" or "description" that enables a media player to decode a particular kind of media file. Its not like the boundaries between safe (or at least, safer) "data" and dangerous "code" are
Re:How is this any different? (Score:4, Funny)
Why do people expect that codecs downloaded from arbitrary untrusted sources would be any less free of viruses, adware, etc... than any other random executables obtained off the net?
The average person assumes data they download will not be able to infect their computer. What kind of an idiot would design a computer such that it lets a random codec someone downloads run as an executable and have access to read their e-mail addresses, capture keystrokes, etc., especially in this day of malware. MS should have fixed this long ago. It looks like Apple has ported MAC from TrustedBSD and will be solving this in OS X 10.5. Maybe t is time you stopped blaming the user for making reasonable assumptions and started looking at just how badly designed most OS's are these days.
Re: (Score:2)
Re: (Score:2)
Most of virus and spyware infections are the users fault. Computers are meant to do what the user tells them to do, most users tell computers to do stupid things so they do them.
Re: (Score:2)
If an application you want to have access to that data can access it, an application running under the same or higher credentials that you don't want to have access to that data can access it. OS X and Linux/UNIX might be a little better designed then Windows, but they do not magically know what should and should not be happening.
Ever run SELinux? It isn't a matter of higher or lower credentials, but of mandatory access control lists that specify exactly what an application/process can access. In this ca
Re: (Score:2)
Is that so? Ask the average person how a computer works. I doubt you'll get any sort of coherent answer. To the average user, a computer is a magical white box that they don't understand. The
Re: (Score:2)
Until people learn that computers are not a toy and to use it properly you do have to learn something about it, users are the largest problem.
Thank you for that wonderful example of why computer security sucks so badly. If you ignore the human component and write it off as "someday maybe people will learn" you are sure to fail to design a secure system. Ignoring that half of the problem does not fix it. It requires education, but before that it requires a system that can be operated securely without year
Re: (Score:2)
And how did this get modded as insightful? Codecs aren't data, they are programs. What's your first clue? CODEC stands for Compressor/Decompressor (Here's a linky [wikipedia.org] for you). I actually worked on a wavelet codec almost 10 years ago, before anybody had heard about them in relation to JPEG2K.
If you want to argue that operating systems should secure users from malevolent programs that is an entirely different ball of wax.
Re: (Score:2)
And how did this get modded as insightful? Codecs aren't data, they are programs.
So? Data is the extreme case, which on Windows is not often differentiated from executables in the UI. To the end user, a codec is simply a decoder ring and there is no reason it should be able to adversely effect the computer.
If you want to argue that operating systems should secure users from malevolent programs that is an entirely different ball of wax. That's a hard problem, and it's what Sun and Microsoft have been t
Re: (Score:2)
The big question is who gets to decide what operations are allowed?
That's easy. Ultimately it is up to the user, but pre-installed software can have an ACL based upon what it is likely to need. Signed software can default to an ACL included with that software. Unsigned software is heavily restricted by default, depending upon the code type/location. For example, code in your codecs directory and unsigned can only take data from the host program and return it to the host program. The user can open it up
Re: (Score:2)
Signing an application doesn't in any way demonstrate that it is not malware!
That depends upon the service. Many simply verify that a certain binary or whatever is from a certain domain, but others verify that the domain is owned by the company who has the associated trademarks or who is doing legitimate business. There is a lot of room for levels of trust here to correspond to levels of ACL restriction. Better yet, power users will be able to customize this to their own level of paranoia.
How do you w
Do you have ANY idea how this works? (Score:2)
Are you for real?
Have you ever heard of a buffer overflow? That's pure data - hex bytes, etc. A buffer gets properly crafted with malicious data that can point the Program Counter of the microprocessor into data memory, which is entirely possible with these Von-Neumann architectures [wikipedia.org]
Re: (Score:2)
Are you for real?
Yes.
Have you ever heard of a buffer overflow?
Yes, it is the result of a bug. Proper input validation when coding fixes most of these. For the rest, a MAC system like I described mitigates their effects. So data overflows a buffer and executes as the thread it overflowed. With a jail, ACL, or container and new chipsets, that thread is still limited to the functions of the thread it has overflowed. That means while your video codec may be executing random code instead, it still can't d
Re: (Score:2)
Re: (Score:2)
WTF? Even assuming you could design a codec that didn't run as an executable, this wouldn't help against this kind of social engineering.
The point is not to make non executable codecs, but to restrict executables in general. I think you are failing to understand what Mandatory Access Controls are.
The malware author could just create a setup.exe that claims to install a codec and J. Random Newbie would run it and still get owned.
No, because different programs are trusted different amounts. An installe
Re: (Score:2)
Because as soon as they do, fresh porn is waiting for them! Or so they've been told.
Re: (Score:2)
I know better than to answer random emails, and download executables off of websites I never heard of. I know that the "free" software that allows me to search the web or shows me the temperature offered by many websites contains all sorts of malware. I know not to "verify" my financial information on the whim of some email saying my PayPal account needs it. I even know that President Mazutu or whoever he is from Nigeria is not wanting to deposit a couple of million dollars into my bank account. I am
Moo (Score:2, Funny)
Install FFDShow (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Related links:
Wikipedia [wikipedia.org]
afterdawn.com [afterdawn.com]
Re: (Score:2)
Re: (Score:2)
hmmm... (Score:1)
Spyware Through Download
Combined Community Codec Pack (Score:5, Informative)
If anyone has any information about malware being present in this codec pack, please respond to this post; since I have this installed on my system I'd be very interested in hearing it.
Re: (Score:1)
I haven't seen a file yet they won't work on, and they're efficient enough to allow my underpowered laptop to have full-screen video.
I've got nothing against Russia... (Score:2)
Re: (Score:3, Informative)
The obvious alternative is of course VLC - however a lot of people will be turned off by VLCs apparent lack of spit and polish compared to other video players for windows, mainly because it is not always simple to use & it's seek bar sucks ass; devs flatly refuse to do anything about that (although it's my understanding that the way it's currently written it is actually impossible
Re: (Score:2)
I've only found a small sampling of content that doesn't "just work" with CCCP, in which case, VLC usually suffices. To be fair, to get CCCP playing how i want in MCE i usally set Haali to always load VSFilter, and i set ffdaudio to SPDIF passthrough for ac3/dts, which means i can only mu
Re: (Score:2)
Verzeihung. Viederholst, bitte.
sumimasen, wakarimasen.
all i can figure is that you are making some pun/joke about setting language preferences, in which case, i'll elaborte.
Haali Media Splitter lets you set audio/subtitle language sets in a prioritized list, so soft subbed content in MKV or OGM containers can display the right streams according to your preferences.
If i can get it, i like japanese audio with english subtitles, but if i cant, i like english audio with no subtitles. Haali contain
Re: (Score:2)
Codec packs are for morons (Score:2)
oy, that was obvious (and painful to read) (Score:2)
I know when I want people to use my codec, I disguise it as malware.
Who would bait their website with viruses? I mean really, is someone going to click on a link that says "Get your viruses here!" The video content is the bait, the malware is the payload.
Fox and ABC episode viewers (Score:2)
Welcome to 15 years ago. (Score:1)
this is the best I've found.. (Score:2)
Booby-trapped sex-video codecs (Score:3, Funny)
Boobs... uh-huh-uhh-huh-uhh...
Um... sorry, just had a bit of Beavis and Butthead moment there.
Baghdad Bob Has a New Job! (Score:2)
Baghdad Bob [wikipedia.org] is alive and well and living in China!
Re: (Score:2)
BBC: Welcome to the internet, circa late 90s (Score:2)
OMG! Viruses! (Score:2)
People will install anything if it promises naked pictures. How is this news?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Good point. And how many Linux users download some source code and run sudo make install without any code review first?
Re: (Score:2)
Re: (Score:2)
http://sunbeltblog.blogspot.com/2005/12/beware-vco dec.html [blogspot.com]
http://sunbeltblog.blogspot.com/2006/09/another-fa ke-codec-site_20.html [blogspot.com]
http://sunbeltblog.blogspot.com/2006/09/seen-in-wi ld-another-fake-codec.html [blogspot.com]
http://sunbeltblog.blogspot.com/2006/09/another-fa ke-codec-site.html [blogspot.com]
http://sunbeltblog.blogspot.com/2006/10/some-more- fake-codec-sites-for-ya.html [blogspot.com]
I suspect codecs themselves are immune as infection vectors as they are not executables.
And what do you think does the coding and decoding?
Re: (Score:2)
Re: (Score:2)
For those out there with their apish gruntary about who knows what: well, the average person doesn't know what a codec is and has absolutely no clue about how their computer works. Most don't know how to use most of the software on their computer and have problems understanding directories vs. partitions.
So, come down to reality here and realize that it is MS's issue and it needs to be addressed. Listen, it's a computer. What computers do are