Is it Impossible to Add a Vius to Media Files?

[AtoZ]

Just debating with a friend.

Is it actually possible to add a virus to say the .avi format? or JPEG etc?

Would the programs that open these format stop any non correct code from executing anyway?

Thanks.

[WingedPanther]

Yes. They are generally activated by a trick called a "buffer overrun" where you break out of the media file to overwrite the player's code.

[QuackWare]

Isn't it buffer overflow?

[WingedPanther]

Yeah, my bad.

[MeTh0Dz]

Of course you _can_.

However it's only going to be worthwhile if you find an exploit in the file type, or the way a specific piece of software handles the file type.

[Red_Shadow]

Just debating with a friend.

Is it actually possible to add a virus to say the .avi format? or JPEG etc?

Would the programs that open these format stop any non correct code from executing anyway?

Thanks.

Well, you could only really target one image viewer app. An exploit is usually pretty specific, and a "general" virus can't spread through image files (as they aren't executeable).

However, many viruses/worms write copies of themselves to files, often image files. They do this by displacing the data already there, and adding the code to, say, the middle of the file. This is more frequently done with executable file formats though, as the code might not be executed otherwise.

This sort of virus/worm is know as a file infecter. Please refer to: spamlaws.com/file-infectors.html