Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Can .jpg/.txt/.mp3's contain malware?

  1. #1
    Join Date
    Mar 2012
    Beans
    143

    Can .jpg/.txt/.mp3's contain malware?

    I don't think they can, but I need to know for sure. Thanks.

  2. #2
    Join Date
    Mar 2007
    Location
    Portsmouth, UK
    Beans
    Hidden!
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: Can .jpg/.txt/.mp3's contain malware?

    Technically yes, but they wouldn't be executable ender any remotely normal conditions. If they were, you'd already have big problems.

    Short answer, no.

  3. #3
    Join Date
    Nov 2010
    Location
    India
    Beans
    Hidden!

    Re: Can .jpg/.txt/.mp3's contain malware?

    Dont miss anything even it is small. one small pin is enough to bring down a man.


  4. #4
    Join Date
    Oct 2005
    Location
    Lab, Slovakia
    Beans
    10,434

    Re: Can .jpg/.txt/.mp3's contain malware?

    $ mv maliciousprogram maliciousprogram.mp3
    $ chmod 755 maliciousprogram.mp3
    $ ./maliciousprogram.mp3

  5. #5
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    15,615
    Distro
    Kubuntu Development Release

    Re: Can .jpg/.txt/.mp3's contain malware?

    Quote Originally Posted by HermanAB View Post
    $ mv maliciousprogram maliciousprogram.mp3
    $ chmod 755 maliciousprogram.mp3
    $ ./maliciousprogram.mp3
    See that line with "chmod"? Don't do that!

    Linux will only execute things that have the execute bit enabled, as Herman did there by using 755 as the permissions. If your text, graphics, and media files are not marked executable, then you can't be infected because the program or script won't be run. The most permissive permissions files like these should have is 644, which makes them readable by everyone and writable by their owners.

    Also I'll point out that Herman is running the mp3 file from the command prompt. If you were using a player, like Clementine, you'd be running the player, not the mp3 like this "clementine /path/to/file.mp3". If the .mp3 file contained malware, it probably won't play at all. Even if it did play, it would have to trick clementine into doing something dastardly. That's not very likely either, especially since the malware author has no control over which of the many different players you might be using.
    Last edited by SeijiSensei; July 4th, 2012 at 04:55 PM.

  6. #6
    Join Date
    Sep 2011
    Beans
    3

    Re: Can .jpg/.txt/.mp3's contain malware?

    Read an update on VLC a few years ago saying that there was loop hole allowing code to be executed from subtitle files and it had been patched. Would this not be the case for any of these file types? depending on what you are using to "view" them.

  7. #7
    Join Date
    Mar 2012
    Beans
    143

    Re: Can .jpg/.txt/.mp3's contain malware?

    But in all reality, if I open a jpg from a compromised computer, would I be alright? I mean I scanned it with ClamTK and it came back fine.

  8. #8
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    15,615
    Distro
    Kubuntu Development Release

    Re: Can .jpg/.txt/.mp3's contain malware?

    Quote Originally Posted by spareproject View Post
    Read an update on VLC a few years ago saying that there was loop hole allowing code to be executed from subtitle files and it had been patched. Would this not be the case for any of these file types? depending on what you are using to "view" them.
    For reference, the vulnerability report is here.

    Subtitle streams wouldn't be in any of the formats the OP mentioned, but yes, it's possible to find "holes" in existing software and craft an exploit to take advantage of them. In this particular case, though, the software would only have the same permissions as the user watching the video. Assuming the person is smart enough not to watch videos as the root user, the security model in Linux severely constrains what a user-level exploit can do. There are certainly nasty things that can be crafted to run as an ordinary user (keystroke loggers come immediately to mind), but my reading of the VLC report above suggests a more likely result is that the player would have crashed.
    Quote Originally Posted by aligator12 View Post
    But in all reality, if I open a jpg from a compromised computer, would I be alright? I mean I scanned it with ClamTK and it came back fine.
    Nothing is ever certain in life (except death and taxes, of course), but yes, I think you shouldn't worry about looking at a jpeg from a compromised computer.
    Last edited by SeijiSensei; July 5th, 2012 at 02:19 AM.

  9. #9
    Join Date
    Mar 2011
    Beans
    701

    Re: Can .jpg/.txt/.mp3's contain malware?

    Short answer, yes.

    Long answer, I'm too lazy to explain in detail. You can use images or any file to exploit vulnerabilities in programs. It's not super common but it can happen.

    There's also stenography where payloads are held in images to avoid AV detection.
    sig

  10. #10
    Join Date
    Jan 2009
    Beans
    Hidden!

    Re: Can .jpg/.txt/.mp3's contain malware?

    it is too simple to have any kind of program and rename it so it looks like some picture or so.

    Abt 8 years ago, we had the case in our company, that one man got some picts from a customer, opened it, well on windows and ACDsee picture viewer and in the next moment all pictures from his computer were wiped by a malware being in one of the received jpg files.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •