Comments on: Backdooring MP3 Files

By: Mary

Mary — Sun, 06 Apr 2008 15:44:42 +0000

Hi, thanks. but my Kaspersky AV blocks this files :(

By: Info World » Blog Archive » After attacks, Apple fixes QuickTime bug

Info World » Blog Archive » After attacks, Apple fixes QuickTime bug — Fri, 14 Dec 2007 14:14:39 +0000

[...] Media Link (QTL) file format used by the media player. Security researchers have recently been looking at the way QuickTime works with these files as a potential source of new [...]

By: tapasman

tapasman — Tue, 27 Nov 2007 17:14:11 +0000

I get a broken file, when using IE6 and QT 6.0.

By: Ari

Ari — Tue, 20 Nov 2007 22:58:16 +0000

Nice work ! But Kaspersky AV blocks these backdoored mp3 files.

By: IT Security mobile edition

IT Security mobile edition — Sat, 15 Sep 2007 13:37:03 +0000

[...] of concept exploit. The vulnerability itself, however, is apparently not newly discovered: it was first reported almost a full year ago. Unfortunately, the announcement of the proof of concept exploit misuses the term “0 day [...]

By: 0ole

0ole — Fri, 14 Sep 2007 11:13:47 +0000

Doesn’t works on Mac OS X with the latest Quicktime updates.
Might be a Windows Quicktime only problem then.

By: Ryan Naraine’s Zero Day mobile edition

Ryan Naraine’s Zero Day mobile edition — Wed, 12 Sep 2007 17:13:58 +0000

[...] released details on vulnerabilities in Apple’s QuickTime media player to show how movie and .mp3 files can be backdoored to hack into [...]

By: Severe QuickTime vulnerability in Firefox disclosed : Mozilla Links

Severe QuickTime vulnerability in Firefox disclosed : Mozilla Links — Wed, 12 Sep 2007 14:33:46 +0000

[...] is the third time GNUCITIZEN discloses this same vulnerability: it was initially disclosed about a year ago and again some months [...]

By: 0DAY: QuickTime pwns Firefox | GNUCITIZEN

0DAY: QuickTime pwns Firefox | GNUCITIZEN — Wed, 12 Sep 2007 12:06:50 +0000

[...] to say a few things. Last year I disclosed two highly critical QuickTime vulnerabilities here and here. The first vulnerability was fixed but the second one was completely ignored. I tried to bring the [...]

By: yamzzz

yamzzz — Thu, 11 Jan 2007 07:27:41 +0000

nice!!!!!!!!!!

By: GNUCITIZEN » DANGER, DANGER, DANGER

GNUCITIZEN » DANGER, DANGER, DANGER — Wed, 03 Jan 2007 09:03:19 +0000

[...] The WEB has gone crazy. I know that this is not news for some of you but you will be surprised to what extend this craziness has just developed. It seams that the entire WEB is falling apart and someone has to do something otherwise we risk to lose too much. Among the traditional QuickTime Movie, QTL, Flash, Image, HTML and PDF backdoors, there is another one trivially achievable with high degree of impact. [...]

By: Top Web Hacks of 2006 » Hack Report

Top Web Hacks of 2006 » Hack Report — Tue, 02 Jan 2007 03:07:28 +0000

[...] 1. Web Browser Intranet Hacking / Port Scanning - (with JavaScript and with HTML-only and the improved model) 2. Internet Explorer 7 “mhtml:” Redirection Information Disclosure 3. Anti-DNS Pinning and Circumventing Anti-Anti DNS pinning 4. Web Browser History Stealing - (with CSS, evil marketing, JS login-detection, and authenticated images) 5. Backdooring Media Files (QuickTime, Flash, PDF, Images, Word [2], and MP3’s) 6. Forging HTTP request headers with Flash 7. Exponential XSS 8. Encoding Filter Bypass (UTF-7, Variable Width, US-ASCII) 9. Web Worms - (AdultSpace, MySpace, Xanga) 10. Hacking RSS Feeds [...]

By: abcas

abcas — Sat, 23 Dec 2006 11:34:00 +0000

usefull cuzz it happened 2 me every tim i just explore a file with mp3 in it the explorer closes and starts again and when i scanned my comp i found the amount pf viruses = 2 the amount of songs (mp3 files) but i really cant fix it can u help me ????

By: Planeta cPanel » Top 10 Web Hacks of 2006

Planeta cPanel » Top 10 Web Hacks of 2006 — Sat, 16 Dec 2006 02:18:15 +0000

[...] Backdooring Media Files (QuickTime, Flash, PDF, Images, Word, and MP3’s) [...]

By: GNUCITIZEN » Backdooring Images

GNUCITIZEN » Backdooring Images — Fri, 15 Dec 2006 05:02:47 +0000

[...] OK, we�ve covered how to backdoor Flash, QuickTime, QuickTime Link, PDF and simple HTML files, but we haven�t discussed how to backdoor images yet. In this post I am going to outline some of the techniques available for maliciously infecting Image (Picture) files with JavaScript code. I must worn you that what you are about to read is not intended to describe new issues but rather to clarify and provide scenarios where the discussed attack vectors can be implemented. [...]

By: Dinis Cruz Blog » Blog Archive » Firefox Dump

Dinis Cruz Blog » Blog Archive » Firefox Dump — Fri, 15 Dec 2006 01:29:17 +0000

[...] Backdooring MP3 Files [...]

By: Almonaster

Almonaster — Thu, 02 Nov 2006 18:52:53 +0000

Some more data: I gave the links a click using Firefox 1.5 - the backdoors did nothing, the genuine tune played. I use the NoScript extension, so I tried disabling that - same result.

By: pdp

pdp — Mon, 02 Oct 2006 06:07:50 +0000

this issue is also present in Windows Media Player Clasic with QuickTime Alternative. I wasn’t able to execute it from the browser but there was no problem when files were opened from the desktop.

By: Omar Khan’z » Backdooring MP3 Files

Omar Khan’z » Backdooring MP3 Files — Thu, 28 Sep 2006 05:08:49 +0000

[...] http://www.gnucitizen.org/blog.....mp3-files/ ? [...]

By: Da PingMachine.org Website » Archive du blog » Une backdoor dans un MP3

Tue, 26 Sep 2006 13:18:40 +0000

[...] D�cidemment, c’est sans limites… Backdooring MP3 Files [...]