Exacfly which version of Mplayer were you running? On 6/27/06, Mike Carney <mc-al34luc@xxxxxxxxxxxxx> wrote:
FYI: I'm running 32bit FC5... I hadn't updated my version of Mplayer in quite a while, and today I think I got burned when I viewed the following video: <Don't view this link!> DONTCLICKONTHIShttp://clip.break.com/dnet/media/content/modelb52.wmv <Don't view this link!/> After loading the video, the image of the Mplayer skin on the screen started to "rot" to solid black. I immediately SIGKILLed it, Nuked my home directory completely, and restored it from backup tapes. I nuked my version of mplayer as well. I googled "Mplayer virus" and saw that gentoo.org (and others) have numerous reports of Mplayer heap overflow vulnerabilities, and obviously someone has gone and created a media file that takes advantage of them. The later versions of Mplayer have fixes for them. I suppose I should be glad that this virus visually showed me something was amiss. It's entirely possible that there are versions out there that silently do much worse things. Perhaps I've already been burned and don't know it. Anyway, I wanted to warn folks about this problem and encourage them to get/build the latest Mplayer with the fixes. You'll find that at http://www.mplayerhq.hu/design7/news.html. I also snagged a copy of this wmv file and I'd like to do some forensics on it to figure out exactly what it caused my Mplayer to do, above and beyond trashing the on screen Mplayer skin. Any suggestions on what tools would be useful for this? od(1) comes to mind. Also rerunning the old mplayer under a sacrificial user account using Electric Fence or under a debugger also comes to mind.
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ L. Friedman netllama@xxxxxxxxx LlamaLand http://netllama.linux-sxs.org
