Is it possible to trigger an antivirus program to alarm by playing a video? I don't want to run malware, I only want the AV to do something. Can I put EICAR in the metadata?
The video file shoudn't be corrupted.
Is it possible to trigger an antivirus program to alarm by playing a video? I don't want to run malware, I only want the AV to do something. Can I put EICAR in the metadata?
The video file shoudn't be corrupted.
It is possible for malware to be embedded in or disguised as a video file, but the effect of doing this depends on how the media player interprets the content.
Embedding hyperlinks in a video file is a type of possible attack.
A practical how-to example: ASF (Microsoft's Advanced System Format) allows for a simple script commands to be executed - "URLANDEXIT" is placed at address 0x1329-133B and following any URL. When this code executes, the user can be directed to download a dangerous file that can be masked as a plugin,update or codec and require the user to execute it in order for the media file to play. At that point, the user gets compromised.
So to get an AV to trigger all you have to do is point that URL to a file (like EICAR) that is detected as a virus by your AV.
Examples of some video format known cases:
.asf - W32/GetCodec.worm - Infects .asf files to embed links to malicious files
.mov - crafted - Executes arbitrary code on the target user's system
.mov - crafted - Launches embedded hyperlinks to pornographic sites
.rm/.rmvb - crafted - Launches malicious web pages without prompting
.rmvb - W32/Realor.worm - Infects Real Media files to embed link to malicious sites
.swf - Exploit-SWF.c - Vulnerability in AVM2 "new function" opcode
.swf - Exploit-CVE-2007-0071 - Vulnerability in DefineSceneAndFrameLabelData
.swf - Exploit-CVE-2010-2885 - Vulnerability in ActionScript Virtual Machine
.swf - Exploit-CVE2010-3654 - Vulnerability in AVM2 MultiName button class
.wma/.wmv - Downloader-UA.b - Exploits flaw in Digital Rights Management