Is it possible for a .mp3 file to have a virus/trojan/worm?

I can't find any information to prove either side.

 

I'm NOT talking about an .exe file "cleverly" named as "song.mp3.exe".  I'm NOT talking a Virus that modifies or targets .mp3 files to converte them into other files.

 

I'm talking about a .mp3 file, plain, and simple.

 

Is it possible for a virus to be contained in a .mp3 file, and if yes or no- please provide a creditable source, or definitive proof to your point.

 

I'm not looking for opinions, looking for facts.

 

(Aso I know mp3's may be able to have a URL that windows media recognizes, which it then redirects you to, that's not really a virus.)

 

Thanks,

 

-Greg

Yes, it can contain viruses. But these are really tricky viruses, and I think they are rare like a bigfoot.
Like the fake wmv files on open torrent sites mp3 files can contain viruses inside them too. But these are mostly songs, you can't play, as the header has been rewritten by the virus.
An other way is when the virus is renamed eg. from exe to mp3. But it must be under 100KByte!!!!

I can't find any information to prove either side.

 

I'm NOT talking about an .exe file "cleverly" named as "song.mp3.exe".  I'm NOT talking a Virus that modifies or targets .mp3 files to converte them into other files.

 

I'm talking about a .mp3 file, plain, and simple.

 

Is it possible for a virus to be contained in a .mp3 file, and if yes or no- please provide a creditable source, or definitive proof to your point.

 

I'm not looking for opinions, looking for facts.

 

(Aso I know mp3's may be able to have a URL that windows media recognizes, which it then redirects you to, that's not really a virus.)

 

Thanks,

 

-Greg

Got any specific examples of virus's capable of this, or any documentation of such?

 

-Greg

WarTowels:

 

Since this is a user to user help forum, there may not be an answer to your questions due to the technical nature.  You might be better to ask them in a malware removal forum, where they may have had more contact with this type of malware.

“an mp3 file can ONLY contain SOUND, a virus is data”   ??

just as some have discerned mathematically-derived patterns in the great works of art from the Renaissance, scanners may find matching viral signatures of the linear data (binary, octal, hexadecimal) from the digitized sound.  but as stated, the data would be processed as musical info, not program codes and parameters.

if the mp3 file is the viral payload masquerading as a musical file, its codes and parameters waiting to be activated by a second file, that’s a scenario different from the one you asked about.

The question stems from a friend of mine getting what I believe is a false positive with Norton Antivirus (not sure what year 2009, perhaps 2010') on an .mp3 file he download.

 

I submit that he must have erronously downloaded a .exe as the reality of a virus/trojan being on an .mp3 is beyond unlikely.

 

-Greg

 

 

there was a printed report of researcher(s) able to “convert” codes into normal english words to mask malware to bypass stringent security.  new scientist, within the last three months.

who’s to say malware can’t be “converted” into musical data?

If it's converted to musical data, then it's not malware it's music.

 

I'd love more fact and less theory, but apparently there isn't much around.

 

Do Symantic developers puruse these forums?

 

-Greg

Windows hide commonly use extensions and Windows hide the (real) extensions of the file.  Therefore, the file could actually have a .exe extension (like test.mp3.exe) and an mp3 icon.  That's way the virus can fool the user into thinking the file is an mp3 download and the virus is launched.

Hi WarTowels

 

Symantec employees do read these threads and sometimes make posts also. Symantec employees will have their names in Red.

 

 


WarTowels wrote:

The question stems from a friend of mine getting what I believe is a false positive with Norton Antivirus (not sure what year 2009, perhaps 2010') on an .mp3 file he download.

 

I submit that he must have erronously downloaded a .exe as the reality of a virus/trojan being on an .mp3 is beyond unlikely.

 

-Greg

 

 


 
Music files downloaded via file sharing like Limewire can be infected with like "Brisv.A" that once run can infect more of your music files.
 
Quads 

 

Hi

 

It can also happen if he uses a download manager that has a flaky reputation. It may not be the mp3 file that is being flagged, but the means by which he gets the file.

Firstly, I'm mostly a network guy so disk based viruses are not my forte. When computer viruses and worms were first introduced many years ago, the common thought was you were safe so long as you didn't 'execute' anything because these worms and viruses just added themselves to other code when executed. As vulnerabilities (aka bugs) were found in various programs, it was discovered that certain classes of vulnerabilities could be exploited to 'execute' data. Once the malware writers figured out how turn that data into malicious code, the old thinking was completely invalid. There currently are exploits for pictures -- simply viewing a picture under the right circumstance can infect you. I could only find one MP3 vulnerability. I don't believe that this vulnerability has anything to do with an actual MP3 file though. If some other vulnerability is found in some MP3 player, though, you can bet that somebody will exploit it with malware.

 

As others have pointed out, just because the file ends in .mp3 doesn't necessary mean that it is an mp3 file. Windows frequently tries to determine the 'real' file type and 'run' the file directly or using the appropriate viewer.

Edit: changed the incorrect word 'file time' to 'file type'
Message Edited by reese_anschultz on 12-29-2009 01:53 PM

Hi Reese:

 

Good explanation. Thanks.