true
btw, DaKidd, who came up with the idea also thought it could be adapted to exploit mp3's through iTunes with no/minimal user intervention.
Quote:
|
To the nay-sayers who are claiming that the payload isn't in the ID3 tags - In *THIS* version, that may be true, but I can see absolutely no reason why that couldn't be the case. If one doesn't care about the possibilty of "audio garbage" at the start of the playable MP3 data (and who hasn't downloaded (or even created) at least one MP3 file that has a "glitch" in it somewhere?) it's trivial to set things up so that the first MP3 block is actually a minimal PEF container that does nothing but jump to a predetermined byte-offset within the file - A byte-ofset that is the start of executable code stored in one (or more) of the ID3 tags that can be present. (My original proposal was to store the executable in the ID3 tag normally earmarked for album-cover images - Imagine that - a tag that's designed to hold an arbitrary-length chunk of binary data holding binary data that's malware...)
|
http://www.gnutellaforums.com/showth...threadid=24956