On 07/15/2010 07:46 AM, Marko Vojinovic wrote: > On Thursday, July 15, 2010 15:18:58 Alan Cox wrote: >> On Thu, 15 Jul 2010 14:57:16 +0100 Marko Vojinovic<vvmarko@xxxxxxxxx> >> wrote: >>> It's a hoax, coupled with propaganda. The very same thing happens even if >>> you actually use Windows Media Player to play the file, on a Windows >>> machine. > [snip] >>> I didn't try to scan it for viruses/trojans/worms/malware/etc., because I >>> believe you cannot get infected by playing a movie in mplayer (unless >>> mplayer has some serious security exploit that nobody is aware of). So >>> just drop that file and go find a genuine one. >> There have been numerous exploits against video codecs, and fuzz testing >> codecs is .. interesting. The players may well have the odd bug but the >> codecs tend to parse extremely complex compressed data streams from an >> untrusted source, have to do it at high speed and seem to be the main >> source of holes. >> >> Whether a Windows exploit would work on a non Windows box who knows. It >> may well be the message is because it contains a trojan that *only* works >> in a specific player/codec combination. > Right, so this is not propaganda, but rather instructions which player/codec > combination is vulnerable to the trojan attack. The user sees the message, > tries to play the file in the appropriate player with appropriate codec, and > --- sees the same message yet again, but gets infected in the process. Nifty > stuff! :-) > > So, as long as one *doesn't* follow the instructions on the screen, everything > is ok. :-) Linux players like mplayer, vlc, and others are most probably > immune to this, so no problem there. > > Luckily, the Windows machine I tried it on is a virtual one (ie. disposable). > > Best, :-) > Marko > On a similar windows machine, I tried it with windows media player. Well the eplayer immediately popped up a banner saying that the avi file does not conform to something (forgot what) and warned me of a possible attack. So I chose to cancel. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
