Virus disguising as file


Can files be infected with malware and them running as soon as the disk their on is connected/when their opened(Im talking for files like mp4/mov/avi, pngs(images generally) and compressed zip,tar.gz and most of all text files files)

If so is there any reliable way to check if they are infected

Best Answer

The files you're describing are data files and therefore should not be able to carry any infection, no more than you can be harmed by simply reading a book. There are two exceptions to this rule:

  • if the media file allows to pack executable content such as Javascript or any scripting language. Then, the file might not be malignant, but its "sidecar" content might well be. Such content is supplied to "enhance" user experience. Think of a book that's supplied with some phials of essences, so that you can actually smell some scenes. Except that one of those phials is actually filled with nerve agent and kills you.
  • if the reading software has a flaw, e.g. a video file doesn't check that the frames are the proper size and blindly loads them into memory. Then an overlong frame could "spill" into executable memory and its content (not a video image but valid computer instructions, otherwise a simple crash would result) has a chance of being executed. Think of a book that's read by someone with severe arachnophobia. One of the pages gets replaced by a color picture of a hideous spider, and the shock is enough to kill the unwary reader.

Third possibility, the file is not actually a media file at all, but an executable file disguised as a media file. In some circumstances, the sham might not be immediately apparent to the unwary user; e.g. if one were to call an executable file "video scene.avi.exe", trusting in the OS habit of hiding known extensions. By supplying the file with a video icon, one would get something that looks like a video file, but isn't. "Launching" it would actually execute a file, and this file might conceivably then decompress a real video file and replace itself with it, thus hiding all traces.

There is no single "sure-fire" way of detecting an infection (the telltales above work almost always).

To defend against these threats you would have first of all to be always wary of unknown content, scan it with an antivirus, disable all "active content" options. And just in case, keep full and adequate backups.

Related Question