0

I have an old computer that I don't use for anything important or sensitive.

I occasionally download music on this old computer and transfer the mp3 files from a usb onto my primary computer.

These mp3 files come from audio-converter-sites like

download from soundcloud

and

youtube to mp3

You can literally serach for those exact expressions and find countless sites that will provide this service.

Can these mp3 files that I'm getting from these presumably untrustworthy sites be dangerous in any way? If so, how?

user9506231
  • 53
  • 5
  • @Polynomial I didn't think so, as I was also inquiring about the specific source(s) from where the files originate from – user9506231 Jun 08 '18 at 12:30

1 Answers1

1

Just like PDFs, websites, and other complex formats which need to be parsed, there could be parsing bugs. At best, such bugs trigger a warning or crash the program, and at worst (but not uncommonly) they are able to run code on your machine.

Because it has a serious impact, these bugs are taken seriously and solved by the maker as soon as possible (for popular and supported projects at least). Having such a bug, which is widely applicable in case you want to hack someone, is quite valuable. If you use such an exploit on someone, you are basically giving something away which could be worth tens or hundreds of thousands of euros.

The risk of such a website having such an exploit and using it on you, and you having an unpatched instance, is probably negligible.

It's more likely that they send you a file that is called something like music.mp3.exe which Windows sees as an executable .exe format and runs. Or some other bug that it not a bug in your mp3 player itself.

Luc
  • 31,973
  • 8
  • 71
  • 135