Author Topic: Hackers Can Hide Malicious Software In Subtitle Files  (Read 543 times)

anunitu

  • Member
  • ****
  • Posts: 897
Hackers Can Hide Malicious Software In Subtitle Files
« on: May 25, 2017, 08:33:54 PM »
Researchers Discover Hackers Can Hide Malicious Software In Subtitle Files

http://www.ibtimes.com/researchers-discover-hackers-can-hide-malicious-software-subtitle-files-2543510

“By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim’s machine,” Check Point researchers said. “The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more.”

Although this newly discovered vulnerability could affect millions of users worldwide, some media players have updated their software to defend against this kind of attack. Popcorn Time, Kodi, VLC and Stremio have all officially released software updates that fixes this issue.

This kinda makes me not want to view media files,but you know I still will.

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 4813
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Hackers Can Hide Malicious Software In Subtitle Files
« Reply #1 on: May 25, 2017, 09:07:22 PM »
One can only wonder if the Russian hackers learnt this skill from the NSA with their recently divulged dirty tricks for hacking computers.  :P
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

anunitu

  • Member
  • ****
  • Posts: 897
Re: Hackers Can Hide Malicious Software In Subtitle Files
« Reply #2 on: May 25, 2017, 09:31:13 PM »
Trust no one,war is peace,love is hate,laughter is tears....And they are making a remake of 1984 I read..

http://www.hollywoodreporter.com/heat-vision/orwells-1984-film-adaptation-imagine-303003


jj2007

  • Member
  • *****
  • Posts: 7551
  • Assembler is fun ;-)
    • MasmBasic
Re: Hackers Can Hide Malicious Software In Subtitle Files
« Reply #3 on: May 25, 2017, 10:59:09 PM »
Incredible. Subtitle files are no executables, they are DATA that can be used by an executable, e.g. Media Player or VLC. How is it possible that they "awake" and cause damage? Or, in other words, how dumb must be the programmers of media players to make that happen? ::)

anunitu

  • Member
  • ****
  • Posts: 897
Re: Hackers Can Hide Malicious Software In Subtitle Files
« Reply #4 on: May 25, 2017, 11:14:36 PM »
One never imagined that PDF files could be used in that way before,or MS word files,now blocked from reading older word files. What is next,malicious GIF files..and I really do not care how it is pronounced.

http://howtoreallypronouncegif.com/


jj2007

  • Member
  • *****
  • Posts: 7551
  • Assembler is fun ;-)
    • MasmBasic
Re: Hackers Can Hide Malicious Software In Subtitle Files
« Reply #5 on: May 25, 2017, 11:26:25 PM »
http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ has more info.

I can understand that MS Word docs execute code: There is an explicit option to let macros execute automatically when the document is being opened. Nice feature, can be very handy, but it's obviously dangerous.

Pdf? Adobe has the dumbest programmers in the world, of course. But a pdf should be passive, really, it should not run anything.

Same for GIF files: You move pixels to their proper locations. Why the hell should these poor pixels transform themselves into instructions??? Reminds me of Gremlins.

nidud

  • Member
  • *****
  • Posts: 1370
    • https://github.com/nidud/asmc
Re: Hackers Can Hide Malicious Software In Subtitle Files
« Reply #6 on: May 25, 2017, 11:46:36 PM »
Subtitle files are no executables, they are DATA that can be used by an executable, e.g. Media Player or VLC. How is it possible that they "awake" and cause damage?

Obs, my fault :lol:

http://masm32.com/board/index.php?topic=3396.msg35859#msg35859

jj2007

  • Member
  • *****
  • Posts: 7551
  • Assembler is fun ;-)
    • MasmBasic
Re: Hackers Can Hide Malicious Software In Subtitle Files
« Reply #7 on: May 26, 2017, 12:08:31 AM »
Sure, you can execute code in the data segment, we all know that here. But to do that, you must already be running a malicious process somewhere. And I don't see why subtitle files, plain Ascii it seems, should be particularly suited for that task. Any downloaded file will do. In fact, you can ask your malicious server for a stream, no need to download a file.

So the question is, as always, which d**bf**k allowed a process to start that can access the internet and execute arbitrary code?

To get a buffer overflow, you need a) a buffer and b) an exceptionally dumb programmer. It's as easy as that.

anunitu

  • Member
  • ****
  • Posts: 897
Re: Hackers Can Hide Malicious Software In Subtitle Files
« Reply #8 on: May 26, 2017, 12:12:27 AM »
Same ones that end up hooking up with a "catfish" online.. :badgrin: :eusa_naughty:


hutch--

  • Administrator
  • Member
  • ******
  • Posts: 4813
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Hackers Can Hide Malicious Software In Subtitle Files
« Reply #9 on: May 26, 2017, 01:49:05 AM »
 :biggrin:

> To get a buffer overflow, you need a) a buffer and b) an exceptionally dumb programmer. It's as easy as that.

Not only are there plenty of buffers but plenty of dumb programmers.  :P
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

anunitu

  • Member
  • ****
  • Posts: 897
Re: Hackers Can Hide Malicious Software In Subtitle Files
« Reply #10 on: May 26, 2017, 01:58:36 AM »
I remember when playing a game..8 bit,when the score overflowed and reset,because the programmer did not think anyone would go that high in scoring.

felipe

  • Member
  • ***
  • Posts: 282
  • I love assembly language programming.
Re: Hackers Can Hide Malicious Software In Subtitle Files
« Reply #11 on: May 26, 2017, 12:41:32 PM »
I remember when playing a game..8 bit,when the score overflowed and reset,because the programmer did not think anyone would go that high in scoring.

This reminds me the "year 2000 problem"  :lol:
Felipe.