sry, but that’s just straight up wrong. You can hide malware in video files (both mp4 and mkv are great containers!) and you can disguise your virus as a video.
But malware wrapped as video (or any other doc or media format) still needs to be executed, right? So if you don’t give that file execute permission (which Linux doesn’t give by default) and open it through media player or something, could said potential malware still run? I thought it couldn’t unless the player itself is vulnerable
no, these things would try to exploit the program that read them.
it’s not a likely attack vector, you need both a malware file, and the right program trying to read it. it might not also be transferrable across different os.
sry, but that’s just straight up wrong. You can hide malware in video files (both mp4 and mkv are great containers!) and you can disguise your virus as a video.
That’s like encoding malware in a picture and calling it dangerous
yes? opening a picture with malware could infect your computer.
It would be a combination attack, so the virus would either target the correct media player or several of em.
here is a older vulnurability with vlc and avi file https://nvd.nist.gov/vuln/detail/CVE-2021-25801
it is absolutely far less risky than downloading programs that run code, but it’s not without any risk
edit: windows programs also lets files call home. Script Command in windows media player f.ex 🤷
Like I said, no one’s wasting a 0-day on a lemming like you or me
But malware wrapped as video (or any other doc or media format) still needs to be executed, right? So if you don’t give that file execute permission (which Linux doesn’t give by default) and open it through media player or something, could said potential malware still run? I thought it couldn’t unless the player itself is vulnerable
no, these things would try to exploit the program that read them.
it’s not a likely attack vector, you need both a malware file, and the right program trying to read it. it might not also be transferrable across different os.
so yes, it needs a media player to attack. https://nvd.nist.gov/vuln/detail/CVE-2021-25801 this one f.ex
kern.exe.mp4 LOL
and the rest are 0days that sell for millions