Is it possible to transmit viruses through .wav files?
One of my friends is convinced it is, but I have seen no evidence for this being the case…
No. Wavs are read; they do not execute. Anything added to them will only add gibberish or static to the playback.
Theoretically, it is possible, though I’ve never heard of one. However, you would need an exploit (like a buffer overrun) in the code of the program that plays the wav file. There are a lot of different players for wav files, so it is unlikely to occur.
That’s kind of what I was thinking: you’d need some sort of internal routine that somehow triggers a self-decompressing routine regardless of what method is used to play the wav.
Which sounds like way more work than most virus programmers are willing to go through, I’d guess…
But I’d guess it’d be easier with a RIFF-Wav than a PCM-Wav.
It is possible to “hide” files within sound files or graphics files. There’s a name for this practice Stegonography maybe? So you could hide a virus there, but as mentioned above, you’d need to have the user, or victim execute some code beforehand in order to extract the virus for it to work.
In MS Windows, the filename extention (.wav, .txt, etc.) generally determines how the system handles the file.
However, there’s nothing that dictates what the contents of a file with a particular extension will actually be; .wav files are sounds by convention, but there’s no enforcement.
Also, it’s possible to change the standard setup for how the OS handles a file. You can tell Windows to try to run .wav files as programs, if you’re so inclined.
The way the system is usually set up, .wav files are used strictly as sound data for a sound player program of some kind. Since the computer won’t attempt to execute the .wav file as if it were code, control remains firmly in the hands of the OS and the approved apps running on the machine.
However, there’s no reason someone couldn’t write a virus, send it around with the .wav extension, then later try to trick users or their computers into running the .wav file as code. They could trick a person into doing it with a scary e-mail, or they could use some other trojan program to get the computer to do it.
The ILOVEYOU worm doesn’t quite work that way, but it sort of illustrates the concept. The lethal attatchment in the e-mail is just an ordinary text file. But the .vbs extension tells the OS to run the text file as code, and then the havoc starts. If you save the attatchment with a .txt extension, you can examine the code in Windows Notepad quite safely. As a .txt file, it’s harmless. Similarly, files with .wav extension, as long as there are no other changes to your system, should be harmless.
In short, although it’s technically possible for a .wav file to contain malicious code, it’s very unlikely to actually happen, because there are much easier ways to get your computer to execute malicious code. So there’s little incentive for the author of a malicious program to try to do this. I wouldn’t worry about .wav files.
Virii ?
What language is that? The plural of the English word virus is viruses. The plural of the Latin word virus is vira. There is a Latin word virii. It means greening’s.
it’s imagination language!
virii looks way cooler than viruses, which just looks dumb.
Sorry for messing up the Latin.
-Alex
Oh, “virus” is neuter? I never knew that. Of course, you can see the cause for confusion… So much for Latin being logical grumble grumble.