Stratovarius - Possible Trojan In MP3 Files
A statement from Jens Johansson:
"No, we didn't plant MP3s with any malware. Of course, that's what I would say even if we did do it so if you don't believe me.. well what the fuck can I do about it.
Yes, it's very fucking possible for malicious code to hide in MP3 or other non-executable files. If you don't believe this you are very naive. There have been exploits that executed just by hovering the mouse over a file. I wish I was making this stuff up, but I'm not. It could be via a bug in the core operating system, some library thereof, some media player, some popular spyware, anything.
No, I don't at all know if MP3s with Stratovarius music is the actual vector. But it seems quite possible given the described payload.
No, you will probably not be able to find out who did this. I would consider these strange .strato files as lost. But that "challenge-response" shit could mean that there actually might be some way engineered into this thing to get them back using that challenge information and the right algorithm. Good luck..
Yes, I got copies of a file named "strato.exe" from angry people. And I'm not even going to be hovering my mouse over these files, much less run them to see if a picture of mickey mouse comes up or not.
Yes, provided it's not replicating (a pure trojan) the 12-year-old in me thinks this is at least a little bit funny.
Whichever 12-year-old sociopath did this, if those "certain" new MP3s really turn out to be the vector, well.. no pat on the back, but contact me and I'll get you a signed Stratovarius CD, a few years in federal prison, and probably a great paying IT security job when you get out..."
"No, we didn't plant MP3s with any malware. Of course, that's what I would say even if we did do it so if you don't believe me.. well what the fuck can I do about it.
Yes, it's very fucking possible for malicious code to hide in MP3 or other non-executable files. If you don't believe this you are very naive. There have been exploits that executed just by hovering the mouse over a file. I wish I was making this stuff up, but I'm not. It could be via a bug in the core operating system, some library thereof, some media player, some popular spyware, anything.
No, I don't at all know if MP3s with Stratovarius music is the actual vector. But it seems quite possible given the described payload.
No, you will probably not be able to find out who did this. I would consider these strange .strato files as lost. But that "challenge-response" shit could mean that there actually might be some way engineered into this thing to get them back using that challenge information and the right algorithm. Good luck..
Yes, I got copies of a file named "strato.exe" from angry people. And I'm not even going to be hovering my mouse over these files, much less run them to see if a picture of mickey mouse comes up or not.
Yes, provided it's not replicating (a pure trojan) the 12-year-old in me thinks this is at least a little bit funny.
Whichever 12-year-old sociopath did this, if those "certain" new MP3s really turn out to be the vector, well.. no pat on the back, but contact me and I'll get you a signed Stratovarius CD, a few years in federal prison, and probably a great paying IT security job when you get out..."
| Band profile: | Stratovarius |
Hits total: 1091 | This month: 1