security - Can a virus or malware be bundled with a non executable download?
2014-07
Jet Blue
This question already has an answer here:
- Can AVI files contain a virus? 15 answers
- Can mp3 file contain a virus? [duplicate] 2 answers
Short answer - YES a virus can be contained within another file type.
Files like JPG, MP3 etc all have to be opened and "read" by an executable. By "mal-forming" or injecting special code or data into these files, it can cause programs to fault or to execute code contained within the files - which can in turn cause other problems and give a gateway for a full on viral attack.
This example is a link to the sophos website which discusses just such a virus which can be embedded and hidden in a picture file.
Getting back to the rest of your question, by simply "downloaidng an MP3" all you will normally get is the MP3 - but that doesn't mean its not infected. Also, if you download items such as using the "save webpage" features in browsers, you will find the sitesa images etc will also be downloaded - which may in turn contain viruses.
grawity
In a way, PDF documents are executable, due to the ability to embed JavaScript into the document. Microsoft Office documents are similar – they allow VBScript macros, which has allowed many "macro viruses" in the past.
In theory, such JavaScript or similar code should be "sandboxed", but in practice people find ways to escape it, sometimes by calling functions that were meant to be limited but aren't, sometimes by finding ways to overwrite the JavaScript interpreter's code.
Another possibility is a malformed file that tricks the reader into executing part of the document as code (this was a particularly huge problem with Adobe Reader just last year).
drk.com.ar
If a browser opens an HTTP connection to a web server and the response headers include the field Content-Type: audio/mpeg or Content-Type: application/pdf (for instance). The browser is going to interpret this content as an audio or PDF file. Is going to show downloaded content according to its configuration. If the user saves the files "as...", the browser is going to create a file con disk with that content. The browser won't download any other file than that. Which is one of the questions here.
In the other hand, of course, a virus is nothing but a bunch of bytes. Like any other piece of software expressed in machine code. Then any kind of file could have a virus inside. But under normal circumstances a computer isn't going to execute bytes from an MP3 or PDF file. Even if the virus code is inside that file, it's meaningless.
Finally, if an inexpert user reaches an HTML file, which in turn plays an MP3 file. He could think that using Save as... is going to save the MP3 file. But in fact it's going to save the HTML file. During that process the browser is going to save more than just one file.
Questioner
is there any type of viruses can execute by itself after download then on the HDD without clicking on it??
if there is ..... can you refer me to any sites about them?
pavium
I think it's more accurate to say 'a virus can't execute itself, unless it has the cooperation of the Operating System and/or software bugs and/or the user.
If the OS allows files to be executed automatically because of their name or location (for example an email attachment) then a virus can masquerade as a legitimate file and be executed by the OS without user intervention. This used to be the default behaviour in early email clients.
Also, if the OS or specific software has errors that a virus can exploit to run its code, then a virus can start itself.
But users are most often the means for a file to be executed. I was surprised recently when a work-colleage told me she thought her computer had a virus after she opened an attachment in an email from a complete stranger. I thought she would have known better.
harrymc
Yes, in the context of the browser, since unintentionally you're executing the page without clicking on anything. Such viruses are capable of downloading themselves to your hard disk without your cooperation.
The propagation vector here can be JavaScript, Java, ActiveX, Flash and other plugins. Many such attacks are carried out through cross-site scripting.
You can find lots of information about Web attacks on the site of the popular Firefox extension NoScript.
Bryan
The closest example I can think of was the W32.Nimda virus.
One of its prorogation methods was via open windows file shares. From memory, it copied itself as an .eml file to open network shares.
I can't remember the exact details, (and can't find a link in the time I have), but from memory, the file needed very little interaction via Windows Explorer for the code to be executed on the target computer. (I seem to recall just having the file displayed in Windows Explorer was enough for the code to execute).
Dave Rook
Yes there is something called Silent Java drive by (SJDB) that can download and install a virus when you just visit a web page !
You can protect your self from this attack by not installing Java environment or by running the browser sand-boxed.
Dmatig
I'm unsure ofwhat definitions are standards, but from my limited school level training - no, they cannot by definition. Viruses specifically require the user to run them.
Worms, however, can and do run on their own. And they can do whatever the hacker has managed to do. Whether or not thy can corrupt OS files depends on what vulnerabilities the hacker finds.
Any antivirus maker should have information about them, here are a few (if you think you are infected, please scan your computer)
http://www.eset.com/onlinescan/
http://free.avg.com/gb-en/homepage
http://www.avira.com/en/pages/index.php
http://www.kaspersky.co.uk/kaspersky%5Fanti-virus
..amongst many, many others.
Make sure your O/S is up-to-date, and then you are more or less as protected as you will reliably be without taking extreme measures.