2 min read

Watch your Torrents: Video Files Can Get You Infected, Advisory Claims

Bogdan BOTEZATU

October 22, 2012

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Watch your Torrents: Video Files Can Get You Infected, Advisory Claims

Multimedia files are one category of content that has been somewhat shielded from malicious attacks. Until now.

Audio and video files are a significant chunk of content available on the web and, except for some families of malware such as Wimad, they were out of the reach of malware creators. However, a bug in FFMPEG ” an open-source library that powers a wide range of media players, video converters and video rippers, can get you infected if you open the wrong file.

FFMPEG Logo. Image courtesy of ~barrymieny

According to two separate advisories issued by Secunia and Microsoft, respectively, the flaw affects all versions of FFMPEG up to and including 0.11.2. More to the point, the bug resides in the libavcodec.dll library responsible for encoding, decoding and transcoding files from and to various formats. When a user tries to play a specially-crafted ASF, QuickTime (QT) or Windows Media Video (WMV) file, the local memory gets corrupted, which may allow execution of arbitrary code – a.k.a. “having malware installed on the fly.”

The good thing is that ASF, QT and WMV files are not quite so popular that you stumble upon them while browsing the Internet, but they are extremely popular in the dark corners of the web, such as torrent sites, piracy resources or even the old-fashioned Direct Connect / E-Mule file-sharing services, where they impersonate blockbuster movies soon-to-be-released on Blu-Ray.

This is not the first attempt at planting malware on users` PCs via multimedia files, as they look relatively inconspicuous, are rarely scanned by AV solutions since they are not executable and are found in abundance. Since 2008, many families of malware such as the Trojan.Wimad have tried to fool Windows Media Player users into opening the file and installing the recommended codecs ” which turned to be adware and rogue video file players.

However, the FFMPEG incident is much broader, as it`s a core component that powers a wide range of codec packs or video and audio players such as MPlayer, GOMPlayer, KMPlayer and VLC, but is also being used in Google Chrome for various rendering purposes required by HTML5.

The new version of FFMPEG (1.0), released in September, is not vulnerable anymore. But simply replacing the DLL file of your favorite vulnerable media-player won`t do the trick, as these libraries are rarely compatible with newer versions. So, until a security fix becomes available for your player, keep a close eye on where you`re downloading your videos from and try to stay away from the mentioned formats.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet
Silviu STAHIE

February 08, 2023

2 min read
Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns
Silviu STAHIE

February 06, 2023

1 min read
U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine
Silviu STAHIE

February 03, 2023

1 min read