Can MP3 files contain a virus?

[Swans]

Hey. Im no expert on these things so i thought id ask you guys. Im a musician and i got pmd by a guy who wanted me to master a song for him. But it felt pretty shady. But i did for him. I recived 2 mp3 files of an instrumental and a vocal track. I just need to know if they could contain any virus of some sort? I read that if its a virus it cant be played by a normal media player. I have scanned a full scan with Avast and Malwarebytes. Should it be all good then?

[David H. Lipman]

The first thing to realize is that "viruses" are a small minority of malware.

Viruses are malicious code that has the ability to self replicate.  That is the malicious code is able to autonomously spread from file to computer, computer to computer or computer to file ( and other means as well ).

All viruses are malware but not all malware are viruses.

Malware is short for MALicious softWARE.  There are three major types of malware: Viruses, Trojans and Exploits.  There are many sub-types to them that make up malware taxonomy.

So the question is, "Can MP3 files contain malware ?"

The answer is not simple.  There are many qualifications of malware and "media" files.  The simple, but incomplete, answer is yes. But not in a format that readily "infects" a computer unless there are certain underlying criteria that are met.

MP3, WMV, MOV, etc are all media files.  They can be created with Exploit Code.  Thus the files are malicious.  For example, let's say there is a Vulnerability in Windows Media Player with MP3 files.  A MP3 file could be created with the intent of exploiting that vulnerability and if it is successful, attempt to infect the host with some payload.

Another case may be to exploit the Windows Digital Rights Management ( DRM ).  In that case the explit is not a software vulnerability, it is a Human Exploit.  Exploiting the frailties of Humans is called Social Engineering.  A MP3 or WMV or some other media file can be created to use Social Engineering and DRM to get you, the person who plays the media file to download something.  That which is downloaded could be malicious.  These are most called Wimad trojans.  When it comes to MP3 files, The Wimad is most common.  It works on the need to obtain music for free.  So that desire to pirate music is the Social Engineering ploy used.  In fact I ran into an employee who allowed the pirating of AutoDesk software.  He was giving the software, and its keycode, to many people.  That same person decided to connect a USB External Hard Disk his employer owned computer which was running Kaspersky anti virus software.  His computer was subsequently flagged with 44 Wimad trojans o that hard disk.

Example:

Trojan-Downloader.WMA.FakeDRM.bj - E:\Music 1\cymande(unreleasedliverecord).mp3

There is another concept called steganography.  That is where the data file is manipulated is such a way that malware can be embedded within the media file.  However, one needs an external utility to extract the malware that was embedded.  While this is possible, it is so impracticable it just isn't used. Steganography is used more often in trade-craft in the exfiltration of data where stolen information is embedded in a media file.  That media file hides in plain site and the malicious actor can then extract the stolen data thus making the data exfiltration less detectable.  That too has limitations when trying to exfiltrate large quantities of data.

So the answer is yes, media files can be malicious.  However they can not infect a system by themselves.  They need to exploit a vulnerability or an external extraction utility is needed.

References:

https://en.wikipedia.org/wiki/Digital_rights_management

https://en.wikipedia.org/wiki/Steganography

https://en.wikipedia.org/wiki/Social_engineering_(security)

https://www.symantec.com/security_response/writeup.jsp?docid=2005-011213-2709-99

http://malware.wikia.com/wiki/TrojanDownloader:ASX/Wimad.BD

https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=TrojanDownloader:ASX/Wimad

[pondus]

Upload and test suspicious file(s) at one or all of these places  www.virustotal.com /  www.metadefender.com  /  www.jotti.org

If you see file as tested before, always click rescan for a fresh result

 

[Swans]

Thank you for explaining Davin H. Lipman. Im not that great with computers and this kind of stuff. But as i understand i cant really be sure if its a some sort of malware or not? Would i notice if it was malware or would everything just keep going on as normal. Sorry if im stupid but i just want to get some info on the topic. Thanks

 

[David H. Lipman]

Follow pondus suggestion.  Submit it to a service such as Virus Total.  If it is malicious, it will have detections and you can discard it. 

If it is a really large file, question its source.  If it is not a reputable source for MP3 files, discard it.

[Swans]

Alright, but @David H. Lipman it says that '' By clicking Scan It, you censent to our ToS and allow VirusTotal to share this file with the security community.
Im not really sure what that means? Does random members get accses to it? This is not my song to share befor its actually released.

Edited September 26, 2016 by Swans

[David H. Lipman]

It means very little.  You are anonymously submitting a file for an anti malware scan to see what the participating vendors may or may not detect.

The service is not a music sharing service.  It is ONLY there to check the sample against participating vendor's anti malware products.

IFF the file is malicious, then the participating vendors have access to the file for further analysis and/or validation.

 

[Swans]

Thank alot!

[David H. Lipman]

[Swans]

@David H. Lipman The site said the files where alright so i guess its all good

[nithin604]

Hi,

 

I'm  not late,I hope. There is an infection called Brisv, or Trojan Brisv where the infection modifies the meta data of the mp3 file.

[David H. Lipman]

You are late.  This thread is almost 2.5 yrs old.

If you have questions, please start a new thread and fully describe the problem or situation.