D V L # 2

Вирусы в Mpeg Audio (c) by Duke/SMF
В октябре 1998 года по FIDO (а еще раньше - по Internet) поползли слухи о вирусах, живущих в MP3 файлах. Они, якобы, в качестве спецэффекта могут повесить компьютер при воспроизведении музыки. Вариантов сообщений об этих вирусах - множество. Приведу лишь пару из них. ===== Cut here ===== IWA Discovers Mpeg Audio Virus SANTA CLARA, Calif. Virus security researchers at Internet Western Associates (Nasdaq: IWAS - news) today announced the discovery of the first successful multi-application media-file virus capable of infecting most media player software. Affected are Layer 3 audio compatible players, commonly called Mp3 players. The virus, called Bloat, has been discovered to imbed itself into the executable portion of every player in every condition tested so far, including Winamp, NAD, Jet Audio, and Unreal Player Max; running under Windows 3.x, 9x, and NT operating systems. Macintosh and Unix systems do not appear to be affected. 'Bloat' spreads in a manner similar to the recent Word-Macro virus family. Virus code is conveyed and spread within *.mp3 audio files upon being opened by player software. The program inserts a single string of virus code immediately following the title/artist tag of an Mp3 file. Bloat only targets files having an MP3 or EXE extension. Similar audio formats such as VQF (Twin-VQ), WAV, Mp4 (under development), RA (Real Audio), and AAC (Advanced Audio Coding) cannot carry the virus. The new Layer-3 'Bloat' virus is the first working virus of its type found in the wild. Bloat does not cause data loss. As the name sugguests, its effect is the opposite; the virus causes extra nonsense data to be written to the hard disk during most writes. Files written to the hard disk will occupy as much as five times the amount of space they appear to be using, and should be using. As a result, free hard disk space grows smaller and smaller. Once the virus has spread to other programs in the system, affected users will experience difficulty opening, reading or modifying documents in most of their applications, as well as an increased overall sluggishness in system performance. Considerable storage space is also lost. Bloat uses the Mp3 audio files as carriers between players. Once the virus is read by a player, it is loaded into system memory, where it spreads back down into system applications. This successful travelling method was first documented by researchers at the Internet Western Associates AVERT (Anti-Virus Emergency Response Team) center in Braintree, MA. Detailed information on Bloat Layer 3 and detection/cleanup software will be available shortly. With headquarters in Tacoma, Washington., Internet Western Associates, Inc. is dedicated to providing leading enterprise network security and management solutions. McAfee Labs, the anti-virus research affiliate of IWA, currently employs more than 85 virus researchers and maintains labs on five continents worldwide. In addition to studying new and existing security threats, McAfee Labs serves as a global resource for virus information and provides rapid, follow-the-sun support for virus emergencies worldwide. SOURCE: Internet Western Associates, Inc. ===== Cut here ===== На сайте http://www.dmusic.com/ лежит сообщение следующего содержания: ===== Cut here ===== The First MP3 Virus by Spyed on October 16, 1998 You knew it had to happen sooner or later. It appears that someone has taken the time to create a wonderful virus for us MP3ers to juggle around with. It's called Bloat, and if you have it.. it's basically eating up lots and lots of your hard drive space by creating garbage in your executables. It's a big, nasty, ugly virus.. and the way you get it is sorta like, well, aids! It sticks to an mp3 file, and it transferrs itself from mp3 player to player. So you might not be doing your buds a favor by sharing your music with them. Hmm.. seems like a nice, convenient virus for the RIAA doesn't it? It really wouldn't surprise me.. in fact the more I think about it the more I'm willing to put money on it. What do you think? Take the poll! (voting booth, further down) ===== Cut here ===== А теперь попробуем разобраться в проблеме. Случайное подвешивание компа при прослушивании музыки лишь подогревает слухи о существовании MP3 вируса. Почему может произойти "подвисание" ? 1) Ошибка в самом плеере, связанная с некорректностью алгоритма распаковки звука. Это вина производителей player'а и в новых версиях программы как правило fix'ится. 2) Ошибка при доступе к памяти. Такая муть возникает постоянно при работе с многозадачными системами семейства Windows, когда в памяти сидит более 10 программ и всем чего-то надо. Это ошибка фирмы Microsoft, которая никогда (судя по всему) исправлена не будет. 3) Ошибка в самом Mpeg-файле. Поскольку это компрессированный файл, то изменение одного байта может привести к непредсказуемым последствиям (в пределах разумного, естественно). Эта ошибка возможна: a) при сжатии файла некорректно работающим MPEG-компрессором (например, морально устаревшим); b) при сбоях в файловой системе (если это так, то советую просканировать ваш винт NDD); c) если файл откуда-то скачивался и возник разрыв связи. Таким образом проблема зависания компьютера нашла логическое объяснение. А теперь объясним, почему в этом не может быть виноват MP3-вирус. Потому что MP3-вирусов не существует - это HOAX, JOKE, FAKE !!! Не существует по причине того, что в MP3 отсутствует исполнимый код и макросы. MP3 - это файл данных (архив), куски которого распаковываются и выводятся на Sound Blaster.

Back Вернуться на страницу оглавления