Actually, if you remember the "Love Letter" virus, one of the things it did was to "hide" (yeah, right) your mp3s and create copies of itself with the same file name as the mp3 but add a .vbs to the end... (eg xxx-xxxxx.mp3.vbs) anyway, The files themselves usually are NOT embedded in mp3s, but look like mp3s to the untrained eye.
Hope that helps.
That which Man does not understand, he fears.
That which Man fears, he destroys
Just a word of precaution, although as far as most of us are concerned, virii are only found in the common file types like .vbs and .com. However, I've read somewhere that it may soon be possible that .jpg files can contain virii/worms.
I don't see this happening in the near future, but who knows???
Just be careful of what you are doing and make sure you're not opening files (like lojow mentioned) that end xxxxx.mp3.vbs or anything like that.
Originally posted by GoNz0 its microsofts fault this kinda thing happens, reason is windows is set to hide known file extension. so the user see's talk.mps as the real filename of talk.mp3.vbs auto hides the vbs extension
I'm not taking sides on this, but it seems that it's all down to human error at the end of the day. How can you be 101% sure you're opening a mp3 file if that 'one' particular file is showing its 'extension' when all the others are hidden??
Your expanding the issue now, I was really referring to the majority of double-file named viruses that are in the wild, they are going to be covered.
I was talking in general about ITW threats that use this kind of desception, users are fooled yes but only because they dont exercise due care because of that they will rely on there AV. I was not suggesting its the only line of defence for the savvy.
In answer to your statements (doube-file name or not, it makes no odds)
I don't agree with this. Someone can just modify the trojans
It's very easy for mp3's to contain malicious code. This was an issue probably about a year ago. It all relates to the tagging scheme used in mp3's. Most common are ID3v1 and ID3v2 tags. v1 tags are actually headers and must be of finite length. v2 tags are added at the end of the file and therefore can be of infinite lenght and allow you add cover art (and virii, amongst other things) to the tags. This become an issue where there was some code that opened winamps browser and redirected users or something like that.
[offtoptic] I just realized that i surpassed 1000 posts. Yay for me!!!. Let's have a party![/offtopic]
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS