Can MP4 files have viruses?

429    Asked by AndreaBailey in Cyber Security , Asked on Mar 9, 2022

I am not that familiar with security and malware analysis, but I know it is theoretically possible to embed malware into files like video, audio ...

Say that someone managed to embed malware into an mp4 file and send it via gmail. I have the following questions. Is it easy to bypass the google security that is implemented in gmail so that it will not be detected as virus/malware by gmail? Once, downloaded the video, how to check whether it contains a malware/virus or not (other methods than using virustotal...)?

Is it possible that the malware can infect multiple OS (Windows and Linux: mainly Ubuntu)?

To answer your questions - Can mp4 files have viruses, we have to understand what malware in an mp4 file actually means. An mp4 file isn't an executable, so it will not run any (malicious) code directly. Therefore, if a mp4 file contains malware that wants to execute instructions, it has to exploit a vulnerability (e.g. a buffer overflow) in the program that plays the file. This can either be a known vulnerability that hasn't been patched or a 0-day.

I will answer your questions inline below:

Is it easy to bypass the google security that is implemented in gmail so that it will not be detected as virus/malware by gmail?Depends on the malware. If it has a known signature or is easily detectable with heuristic methods, it is very likely that it is caught by a malware detection system at gmail. But if you are dealing with a 0-day, chances drop dramatically. Once, downloaded the video, how to check whether it contains a malware/virus or not (other methods than using virustotal...)? If you are not an expert in reverse engineering, your best bet actually are established malware detection systems like virustotal. In case you REALLY need to play the file and are afraid of infection, use a throw-away OS (e.g. in a hardened virtual machine) to play it and wipe the system afterwards. Is it possible that the malware can infect multiple OS (Windows and Linux: mainly Ubuntu)? Very unlikely, because the exploit probably uses a memory corruption bug, which is usually platform specific.



Your Answer

Interviews

Parent Categories