Gnutella Forums  

Go Back   Gnutella Forums > Gnutella News and Gnutelliums Forums > General P2P Network Discussion
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Today's Posts

General P2P Network Discussion For general discussion about peer-to-peer networks.


Reply
 
LinkBack Thread Tools Display Modes
  #21 (permalink)  
Old September 19th, 2004
Disciple
 
Join Date: September 12th, 2004
Posts: 18
Disconnecting is flying high
Default

KathW beat me to it:

Quote:
http://www.sophos.com/virusinfo/articles/perrun.html The virus, known as W32/Perrun-A, It spreads in the form of a traditional Win32 executable virus (usually called proof.exe), making changes to the Registry to mean that JPEG graphic files are examined by an extractor (called EXTRK.EXE) before they can be viewed. If the extractor finds viral code inside the graphic file it is executed.

As for a virus/spyware infecting your computer through an .mp3 thats just a hoax http://www.f-secure.com/hoaxes/mp3vir.shtml


If you did get spyware from anything related to mcdonalds it would be from there website wich im betting wasnt the case but I think this thread was just supposed to be a reminder to check for corrupted data and keep the networks clean.
Reply With Quote
  #22 (permalink)  
Old September 19th, 2004
Gnutella Jewel
 
Join Date: August 24th, 2004
Location: stasis field
Posts: 77
mstfyd is flying high
Default

Quote:
Originally posted by stupididiot69er
I don't know how it works. i guess they can put a program in it and it's a mix between exe and mp3. there might be some type of program that lets you do that/ or some way to do that.
As is pretty apparent by anything I've posted, I'm not the most tech savy person, but could what you are talking about be similar to when spyware is disguised like this:
email.doc _______________.exe (w/out the line of course)
where the "exe" exceeds the space alloted for listing the email so is not visable as an exe?
Reply With Quote
  #23 (permalink)  
Old September 19th, 2004
Morgwen's Avatar
lazy dragon - retired mod
 
Join Date: October 14th, 2001
Location: Germany
Posts: 2,927
Morgwen is flying high
Default

Quote:
Originally posted by Disconnecting
As for a virus/spyware infecting your computer through an .mp3 thats just a hoax http://www.f-secure.com/hoaxes/mp3vir.shtml
I think this proofes my point.

Quote:
There are no viruses to infect MP3 audio files. There is one widespread fake warning on such virus in circulation. It looks like this:
Morgwen

Last edited by Morgwen; September 20th, 2004 at 12:20 AM.
Reply With Quote
  #24 (permalink)  
Old September 21st, 2004
stupididiot69er's Avatar
Connoisseur
 
Join Date: July 31st, 2004
Location: Canada
Posts: 479
stupididiot69er is flying high
Default

well than I guess you proved me wrong before I could prove myself right. but I still stand by the believe of this happening. so even if you may think it is not possible, lets still be carefull about what we downlaod and what is shared on the network. all p2p networks are at risk because the riaa is pushing the limits of technology to stop us.
by the way maybe if we share these files it wouldn't matter but if we download them, we all know that it is easy to brake in someones computer, and as mentioned before when you download things you need to give your ip. maybe that's what they use and they hack in to monitor us or drop a file in our computer whixh gives them all the information they need. maybe they also search for files on the network and download them to get our ip's. contradict me if you want but what is here I know can not be contradicted as one can do this from his home computer.

Last edited by stupididiot69er; December 30th, 2004 at 08:13 PM.
Reply With Quote
  #25 (permalink)  
Old December 18th, 2005
Gnutella Jewel
 
Join Date: August 24th, 2004
Location: stasis field
Posts: 77
mstfyd is flying high
Default

After reading the article re: Sony's depositing a rootkit on its cd's,

http://www.sysinternals.com/blog/200...al-rights.html

http://lists.webjunction.org/wjlists...er/039005.html



doesn't it make paranoia & limiting the scope of transgressions to your own experience just a little naive? They were caught and eventually had to recall the cd's (b4 the recall, the Dave Matthews Band was posting inf on how to find it), but what happens should the next one go unfound?

*applause & appreciation to Mark Russovich* . It is a blessing to have a talent which can be used to help others.
Reply With Quote
  #26 (permalink)  
Old December 23rd, 2005
Devotee
 
Join Date: November 10th, 2005
Location: East Coast Oz
Posts: 23
agnew is flying high
Default

Wow,,, makes me glad I suport my local fish & chip shop!
Reply With Quote
  #27 (permalink)  
Old December 23rd, 2005
flame-retardant
 
Join Date: November 22nd, 2005
Posts: 196
Hyper-kun is a great assister to others; your light through the dark tunnel
Default

You can of course infect your computer through any kind of file. Executable files are just the most blatant obvious way. Nonetheless the same is very often possible through pictures, audio files, videos etc. This is especially true on Microsoft Windows because it is the most widely deployed software and there are countless well-known exploits for this platform and its standard applications.

Also multimedia software like audio and video players for Linux and other operating systems has frequently serious bugs - actually they are just discovered, they exist all the time - that would allow compromise of your account - and thus likely your complete computer - just by playing an infected audio or video file.

Even worse, you can get your system infected by checking a file for viruses because after all the people who program this software are not really any more intelligent than any other programmer.

If people only talked about things they had a clue of, this place would be very silent.
Reply With Quote
  #28 (permalink)  
Old January 17th, 2006
verdyp's Avatar
LimeWire is International
 
Join Date: January 13th, 2002
Location: Nantes, FR; Rennes, FR
Posts: 306
verdyp is flying high
Default McDonald offers = download through Sony software

I've seen these McDonald offers in France too. It was clearly stated that this was a free offer to promote the Sony's online music shop. So what you won was a ticket number, with which you coulddownloadthe music fromthe Sony's online music store. But to activate this number, you first needed to accept the EULA for the Sony's downloader kit, and register it with your email address and true name (verified by sending back a confirmation number through your email) which was needed to validate your number. The kit also permanently assigns you a UUID alsoassociated to a personal cookie used in your browser.

So, you could download free MP3's, but these MP3s contain watermarked fingerprints with your personal registration number or Sony transaction number encrypted in it. If you later share these MP3s on the net, your digital fingerprint is visible in it.Sony assumes that such a file present on the net is a proof that you have violated their EULA, because such fingerprint uses a strong enough cryptographic algorithm which should be impossible to generate randomly by someone else. But Sony ignores the fact that fingerprinted files may be stolen on user's harddisks by hidden softwares using the same technics that Sony used to install their rootkits.

Until it is proven that Windows is reliable for its storage, I don't think that any DRM fingerprint found in a downloaded MP3 file can be used as proof of any EULA violation by users. It can only be used within investigations to detect which users may beviolating EULA, but then the act of counterfeighting still requires other proofs, notably the correlation of other fingerprints and Internet access logs collected by ISPs.

But the bad thing is that fingerprints are also inserted within all the legitimate MP3 you create yourself with addons implemented in your player (WMP, RealOne Player, QuickTime/iTunes, WinAmp), and as well in your photos and video made by your camera, or documents created with your favorite office application. These fingerprints, are also correlated externally within undeclared databases each time you send orshare these files legally.

Today, third party databases are so powerful things that they can really spy on your whole life: just ask yourself why you start receiving personal adds in your snailmail letterbox just afewdaysafter you have moved to a new location, from merchants you evendid not know before, and you'll seethat new database recordsadded by your bank or post office or phone company or travel agency or cable TV provider (or even public services like health care, tax services) are sold to advertizers.

With so much information about you, it's not difficult to correlate many things about new contents on the net. But the dangerous way is now to use these data,often collected without your knowledge or control (whichmay contain errors or incorrect correlations) as evidences for alleged illegal activities. Media companies consider that this type of proof is insufficidently strong to create proofs, sothey want to justify this with even more spying on your daily activities, as if we were not already too much spied often illegally.
__________________
LimeWire is international. Help translate LimeWire to your own language.
Visit: http://www.limewire.org/translate.shtml
Reply With Quote
  #29 (permalink)  
Old February 12th, 2006
ultracross's Avatar
FrostWire Developer
 
Join Date: February 7th, 2005
Posts: 815
ultracross is flying high
Default

Quote:
Originally posted by Disconnecting
Hell you can even get virus from pictures.
No you can't. You are reffering to a Microsoft Windows flaw in the JPEG engine that is used to render JPEG images. The only thing that this flaw can present a problem is that a specially crafted JPEG image could create a buffer over flow and execute remote code. It cannot install a virus. And the code that can be attached to it is limited to 1028 bytes. (1KB)... for this code to present any REAL problems, it would have be larger than 1KB in size. That said, never open attachments unless you specifically requested it or knew it was being sent from a known contact prior to opening it. Most people just randomly open attachments because there name was in the email. (can i say dumbass??)
Reply With Quote
  #30 (permalink)  
Old February 12th, 2006
verdyp's Avatar
LimeWire is International
 
Join Date: January 13th, 2002
Location: Nantes, FR; Rennes, FR
Posts: 306
verdyp is flying high
Default

Quote:
Originally posted by ultracross
No you can't. You are reffering to a Microsoft Windows flaw in the JPEG engine that is used to render JPEG images. The only thing that this flaw can present a problem is that a specially crafted JPEG image could create a buffer over flow and execute remote code. It cannot install a virus. And the code that can be attached to it is limited to 1028 bytes. (1KB)... for this code to present any REAL problems, it would have be larger than 1KB in size. That said, never open attachments unless you specifically requested it or knew it was being sent from a known contact prior to opening it. Most people just randomly open attachments because there name was in the email. (can i say dumbass??)
1KB is much enough to call a Windows API that will download a virus from an URL available on an IRC site, and then run and install it. Don't forget that the needed DLLs toperform these calls are already linked into the JPEG renderer which is itself running in the context of the Internet Explorer process, so it has lots of capability. I'd say that danger starts only at 128 bytes of binary payload, or about 200 bytes if there are byte restrictions. But there has been exploits using even less bytes.

Don't forget that this code may also use data or code embedded within valid image file fragments (even if this part produces some "garbage" on screen if that part of the image was effectively rendered).

In addition, you can put this image on amaliciouswebsite whereit is downloaded along with multiple images containing other parts of the exploit code. This code could also be used to remove security restriction settings, that will be used immediately after by an active viral component downloaded from the same malicious page (this active viral component beingnormally blocked by security restrictions).

One common target you could perform within 1KB would be to set a domain into the "safe" security zone instead of the internet zone.

You can also control the sequencing order for these downloaded component, for example by using delayed HTTP redirects or delayed javascript redirects. With thosetypesofredirect, you have a content bodyto downloadthe first component, and later you'll goto the next page that performs the following action.

In all modern attacks, the first steps to viral infection is first to disable the security restrictions that will allow a virus or rootkit to be "trusted" by the host and then install itself without notice.
__________________
LimeWire is international. Help translate LimeWire to your own language.
Visit: http://www.limewire.org/translate.shtml

Last edited by verdyp; February 12th, 2006 at 05:16 AM.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
download music but rather than the song, a link to other "free" dl programs came up dibennett Download/Upload Problems 4 June 13th, 2006 08:55 AM
Free 16 song sampler not syncing to iPod thefoodguy Open Discussion topics 1 February 16th, 2005 03:41 PM
free amazon gift certificate and free desktop pc from gratis (the free ipod people) ehd Open Discussion topics 1 September 2nd, 2004 01:21 PM
Kernel Trap Lennie Download/Upload Problems 0 December 20th, 2003 09:15 AM
Is this a trap? J Hayes Open Discussion topics 1 March 17th, 2003 12:28 PM


All times are GMT -7. The time now is 05:52 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.