As in title. What’s your experience with it? If something isn’t executable, then it has to exploit vulnerability in order to run anything malicious. But does it happen often with mp4, mkv and other files like mp3 or epub?
I assume that if I use updated linux, then I’m mostly safe?
I don’t think I’ve seen malware associated with video content since the Limewire days. I think the closest I’m aware of in recent memory was some talk of malware coming out of some of the “fake” Pirate Bay proxies, but even then I’m not sure it was associated with video.
Any halfway respectable tracker public or private you should be fine.
But does it happen often with mp4, mkv and other files like mp3 or epub?
Typically is not possible. Those media files are basically just data files (e.g. like a .txt text file) so media players normally do not look for anything to execute inside them. And frankly people should avoid any media player attempting to execute random code found in media files.
Case in point, the old Windows Media Player + old .wmv files used to be able to direct people to random websites to download/execute malware. Leave it to Microsoft to somehow turn a movie file into malware https://security.stackexchange.com/questions/106188/can-a-rogue-wmv-file-hijack-windows-media-player
It’s not about a media player ‘attempting to execute random code’ - an exploit is found which lets it run a command that it shouldn’t. You used to be able to jailbreak phones by loading a .pdf file that used an exploit to gain root privileges and execute code. It wasn’t a feature of the PDF reader. It was a bug that could be exploited when a specific string of characters was entered to effectively crash the pdf reader and let it run its own code instead.
A txt could easily contain malware - any file could.
it’s almost impossible that some state sponsored attacker will waste a 0day to attack random people downloading the latest movie from torrent. And when it happens all the news will talk about it
State sponsored hackers are a very small percentage of the threat actors out there. Also - they don’t need to exploit a zero day if you are willingly launching something on your machine.
I assume that if I use updated linux, then I’m mostly safe?
I don’t know why Linux users think they’re completely immune to malware. Yes it’s very unlikely that something gains root access if you run it without super-user privileges, but that program can still access your home folder and look at all your private data.
Probably because the vast majority of the pirate software available is for Windows, and there’s no way that program will run natively on Linux.
I mean, if I download a movie from freevirus(dot)com it is most likely that the movie will be a .mp4.exe and not a .mp4.sh.
And even if it is a .sh file, you’d still have to change it’s permissions before it could do anything
If wine installed, there is a big chance that the exe can be started by simply doubleckicking on it. A lot of windows programs can run in wine without any specific setup, e.g. a basic crypto miner.
Its mostly harmless. Here is a paper from 2019
Curious if those percentages are still true, Windows compatability has improved a lot in the past 4 years.
As far as anyone knows there is no way to put malicious code in a video file. What you should be worrying about is how you get those files.
If you’re torrenting then you have to worry about copyright trolls contacting your ISP. If you’re using file-hosting websites just vet your downloads and make sure you don’t run any sketchy executable files. And it should go without saying, but don’t escalate privileges for unknown programs.
Not entirely true as you can put malicious code in anything. The bigger question is whether or not your video player is susceptible to that type of attack. I would say the likelihood is low but not impossible. The best defense would be to make sure whatever video player you do use is fully up to date.
So real player is out then?
Very unlikely but not impossible. Always check the comments when downloading torrents to make sure they are legit.
