this post was submitted on 07 Jun 2024
71 points (92.8% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54698 readers
496 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

Stupid question but is it possible to get a virus from an MKV file that is less than 24 hours old. I was streamed using VLC version 3.0.20 form the repose on Linux.

all 41 comments
sorted by: hot top controversial new old
[–] redcalcium@lemmy.institute 62 points 5 months ago (2 children)

Every once in a while security researchers would discover sophisticated exploits that would allow malwares to take over your computer via multimedia files, but those are actually rarely exploited in the wild by run off the mill malwares.

Unless you're an important person being targeted by hackers and three letter agencies, your biggest source of threat is running infected programs from untrusted sources, e.g. cracks downloaded from random torrents or warez sites, shady sites serving ads that trick you to run some executables, etc.

[–] EveryMuffinIsNowEncrypted@lemmy.blahaj.zone 41 points 5 months ago* (last edited 5 months ago) (3 children)

I really hate to be "that person", but..........it's "run of the mill", not "run off the mill", friend.

It's a term from the late 1800s that refers to "manufactured goods not graded or sorted for quality—that is, a mill's products before they've been separated according to what will sell for how much." (Source for quote: https://www.merriam-webster.com/wordplay/where-does-run-of-the-mill-come-from)

Seriously, I'm not trying to be a grammar nazi here. Unless of course that was just autocorrect being a dick, in which case I'll go walk off a cliff now... :/

[–] redcalcium@lemmy.institute 12 points 5 months ago (1 children)

Thank you for the correction!

Of course. :) I love learning about etymology and stuff, but I understand language is an evolving phenomenon so I try not to be a dick. Lol, hopefully, I succeeded.

[–] Midnight1938@reddthat.com 4 points 5 months ago

I thought I was wrong about the phrase for a minute

[–] Churbleyimyam@lemm.ee 4 points 5 months ago (1 children)

That's really interesting. Thanks :)

[–] Rai@lemmy.dbzer0.com 11 points 5 months ago* (last edited 5 months ago) (1 children)

Wild that people have ESCAPED VMs… but yeah that’s not happening on my boring ass’s computer

[–] Sethayy@sh.itjust.works 1 points 5 months ago

Me with SELinux hardened podman in a VM, running an offline Minecraft server😳

[–] RvTV95XBeo@sh.itjust.works 51 points 5 months ago* (last edited 5 months ago) (2 children)

Definitely no, viruses need 48-72 hours of incubation before the .mkv host becomes contagious. If the file is <24 hours old, I'd look for another source.

If you're worried your computer might be infected, you should consider swapping your case LEDs with UV lights to purify your system.

[–] jjlinux@lemmy.ml 7 points 5 months ago

Fucking genius 🤣🤣

[–] lemmy_nightmare@sh.itjust.works 2 points 5 months ago

This made my day 😁

[–] brettvitaz@programming.dev 25 points 5 months ago* (last edited 5 months ago) (1 children)

someone please correct me if I’m wrong but I believe that for it to be possible, the application that plays the mkv file would have to have a remote execution exploit and the code for the virus would be executed through the player. the player would be required to have elevated privileges. I think this is exceptionally unlikely for vlc

[–] ReversalHatchery@beehaw.org 14 points 5 months ago

The player does not have to be elevated. With an unelevated player the file exploiting such a vuln would be able to execute code with the privileges and access of the player

[–] xnx@slrpnk.net 20 points 5 months ago (1 children)

You’re probably fine it’s extremely unlikely. Dont trust emails that say they recorded you wanking its a scam

[–] B1naryB0t@lemmy.dbzer0.com 19 points 5 months ago

Send them back a clip of you wanking to their email.

[–] Walking_coffin@lemmy.dbzer0.com 19 points 5 months ago (1 children)

Like someone else said, it's unlikely. However it is possible but it would need to exploit your media player (VLC) and/or your OS. As long as your source is trustworthy you shouldn't have to worry, that's why the megathread is there.

[–] Thebay@lemmings.world 4 points 5 months ago (1 children)

The mkv file wasn't form a trustworthy source.

[–] finley@lemm.ee 13 points 5 months ago

As others have said, it’s technically possible, but it would extremely difficult and would require coordinating a lot of different variables which is extremely unlikely. I’m not sure there’s actually ever been an example of this type of attack outside of a lab.

[–] Imgonnatrythis@sh.itjust.works 18 points 5 months ago

Your wife is not going to believe it bud.

[–] ShortN0te@lemmy.ml 15 points 5 months ago

Absolutely yes. Even if it is not disguised executable.

It could contain an exploit which targets the video player you are opening it with.

[–] Sims@lemmy.ml 11 points 5 months ago

There's imho no stupid questions regarding personal cyber-security. There are only things we don't know yet.

[–] cor@slrpnk.net 11 points 5 months ago

theoretically… but no.

[–] Kazumara@discuss.tchncs.de 10 points 5 months ago (1 children)

In general media files can be formed in a way to trigger some bug in the media player, sometimes in ways that allow to overflow buffers and start ROP chaining.

About 8 years ago there was this media file going around crashing any iPhones that tried to play it with the integrated player.

Of course crashing is way easier than code execution. So overall your scenario is unlikely. VLC also does not yet know of any issues with 3.0.20: https://www.videolan.org/security/

[–] Coasting0942@reddthat.com -2 points 5 months ago (2 children)

When was the last time VLC paid $50K USD for a proper security audit?

[–] Sethayy@sh.itjust.works 5 points 5 months ago

Probably never?

Next you're gonna be judging cars on their ability to float.

Open source follows an entirely different risk model (and arguably much more effective than throwing money at greedy companies)

[–] TheKMAP@lemmynsfw.com 10 points 5 months ago

The 3DS got rooted by playing a music file. Anything can happen homie.

[–] Artyom@lemm.ee 10 points 5 months ago (1 children)

Not really, but you can get a virus from movie.mkv.exe, which will probably show up in windows as "movie.mkv" but will actually run a program.

That being said, I've never actually seen this in the wild and it was mainly talked about in the mp3 era.

[–] ArcaneSlime@lemmy.dbzer0.com 1 points 5 months ago

I've seen many a ROM be SuperMarioBros3.exe just straight up, but never .nes.exe so idk if that counts.

[–] Kolanaki@yiffit.net 10 points 5 months ago* (last edited 5 months ago)

Afaik, it's possible for any file to be infected with a virus. Videos themselves can be, and .MKV is a container of other files (video, audio, subtitles). The video source, audio source or even .txt containing the subtitles could be a malicious virus inside the container.

[–] Charadon@lemmy.sdf.org 9 points 5 months ago* (last edited 5 months ago)

In theory, you could make a fake executable with the mkv file extension on a unix system, by making it a shell script with a bunch of garbage data at the end, marking it executable, and distributing it with a tarball. But the chances someone will do that is insanely low.

Also it has caveats:

  1. It'd rely on your double clicking it, and having your file manager not warning you about it.
  2. Video players wouldn't run the shell script code, if it'd run the file at all.
[–] hondacivic@lem.sabross.xyz 8 points 5 months ago* (last edited 5 months ago) (1 children)

You're on linux? The odds of you getting a virus on linux are not 0 but very slim, since the userbase is very small.

Plus, viruses prey on people's ignorance. The usual "movie file viruses" are .exe files and can only be run on windows. Most people don't enable the option to show file extensions on windows, so a filed named "movie.mkv.exe" would show up as "movie.mkv" instead.

IMO, the odds of you accidentally running a virus by playing a .mkv file on linux are as high as the odds of you winning the lottery 3 times in a row.

[–] Thebay@lemmings.world 6 points 5 months ago* (last edited 5 months ago) (1 children)

Thanks for the reassurance. I won't worry about it. After some thought, I also believe it's unlikely some one have embed zero-day exploits into a movie torrent from LimeTorrent.

[–] lud@lemm.ee 1 points 5 months ago

Yeah, zero-days are usually expensive because attackers like to keep them pre zero-days once they are discovered their value diminishes significantly. So they are usually used for high value targets and not on random people downloading movies.

[–] Julian_1_2_3_4_5@slrpnk.net 7 points 5 months ago (1 children)

if you really only played it and it didn't abuse some zero day in vlc (extremely unlikely), the there's basically zero chance you could have activated a virus.

[–] Julian_1_2_3_4_5@slrpnk.net 3 points 5 months ago

But it's definitely possible to ship a virus embedded in a playable mkv file, but something else would have to extract it first, for it to do anything

[–] cmnybo@discuss.tchncs.de 6 points 5 months ago

Just make sure the file doesn't have a double extension. That can trick people into running a .exe when the file extension is hidden. That's really only a problem on windows though.

[–] BakedCatboy@lemmy.ml 4 points 5 months ago

I'm gonna go with unlikely.

[–] Coasting0942@reddthat.com 4 points 5 months ago

It’s possible to get a virus from any data that enters your computer full stop.

Likelyhood wise: that virus on the MKV will have to attack the operating system preview system (which means you fucked all the way up to personal nation state attention), or attack the video player (which is a lot more likelier, they discover theoretical exploits all the time).

You’re talking about streaming with VLC? Was it a trusted source? Cause otherwise the FBI or script kiddie has probably fucked you up.

[–] ultratiem@lemmy.ca 2 points 5 months ago

Depends what you play it through TBH. If a program has access to your memory, then yes. Naturally it's a nuanced answer and unless you are a security expert that knows exactly how memory is allocated and how elevated privileges work, not to mention all the little bugs, etc. in your system, then the answer is yes. You aren't really safe from anything that hits your hard drive.