Cybercrooks have begun using booby-trapped QuickTime files to infect internet pirates' computers. Malicious files posing as the recent Angelina Jolie film Salt are now available on file sharing networks. When users attempt to view these poisoned downloads a prompt is generated offering to download "update codecs" - actually fake …
Who the hell...
...downloads movies in QuickTime format?
The average Joe Public BT user doesn't care about the format, he simply wants the movie. He will attempt to sort out the problems playing it, later on.
If I saw any video file on BT in anything other than DivX or MKV, I'd be suspicious that it held what it says it does!
Mac users... Maybe?
But as this only affects quicktime for windows, it will probably only hit the one or two really odd windows users, who actually use quicktime.
Unfortunately, the insistence on requiring iTunes and quicktime for an ipod/iphone, means that a much larger number of people will be vulnerable to it than would ever install it if they had a choice.
They can be sent
They can be sent, by bands (and alternatively fake bands as per the exploit) who want them broadcast, aired. Quicktime Data disks are a perfect format for replacing miniDV (both are usually mailed for example), meanwhile, it keeps your camera heads cleaner. etc. It also avoids strong magnetic fields which tend to glitch up audio and video. Also if there's no way to mail it, it can be downloaded in an emergency. ;o)
Been done before
This is nothing new, dodgey QT files have been used for years on file sharing networks. I remeber seeing them back when LOTR 2 towers came out
Maybe less common for Apple?
A few years ago, this was a well-known attack vector on Windows machines. There are a lot of different video players, and the codec situation was more fluid, so a new codec was a plausible requirement.
I've experienced this with Windows Media Player and AVI files quite a lot of years ago (7 or 8 if memory serves). It's not all that new an approach.
I agree with AC
Who uses Quicktime ?
See above for a simple answer.
I posted a simple answer, check it out.
By the way I voted everyone UP not down... ;o)
RE: I agree with AC
"Who uses Quicktime ?"
My guess is this:
1, Apple users
2, People with an iPod/iPhone
3, People who have realised that Windows Media Centre is shit and have looked for an alternative...
(yes there are probably better alternatives)
btw. Quicktime movies were playable on my AMIGA - at least 13 years ago...
Who in the hell believes anything Apple has to say?
Oh yeah, stupid Fanbois! (Not that a non-stupid Fanbois exists, anyhoo.)
Since the article clearly says "The flaw poses a crucial code injection attack threat for users of QuickTime version 7.6.6 for Windows, security notification firm Secunia warns."
Then it's WINDOWS fanbois...
@The REAL AC
So how are you enjoying the school holidays?
This is why using the more trustworthy codec packs (K-Lite for instance) is a good idea, nothing should need to download a codec and any its pretty obvious there's a scam if it does happen.
It's a pity so many self appointed 'experts' like to tell everyone that all codec packs are evil.
@ Paul Shirley
Who needs a codec pack? If it isn't an .avi or .mp4 (DivX or H.264), it isn't worth the time getting it...
I'm fairly certain
this one isn't worth the time getting it even in .avi or .mp4.
As for who still uses quicktime... that's the only way to find pr0n videos that belong in /b/....
You raise a pretty good argument.
can you imagine being on dialup? You would NEVER SEE SALT
if your lucky you'll wank at the first static frame--hope it isn't blank! ;o)
You can rename a Quicktime file to .mkv and it will still play usually since most players read the header information.
Apple denies the flaw
The users are just playing it wrong.
And if it was a flaw it exists in many other players.
Press conference to follow.
The target of this
If you remove the "piracy" stigma, and think, how much longer until free specially crafted .mov are out there.
The only people this is going to screw up is people who produce video, especially if they work with .mov files, especially if they work in Sony Vegas or Avid with .mov files. Since Sony Vegas users can not update quicktime without breaking .mov support on the timeline. Avid ditto.
The good news is that if your smart enough to even be working with quicktime and vegas, any nonsense about updating codecs is already going to be a non-starter. How much damage the scripts telling you to update do.... now there's the unanswered question.
Actually the unanswered question is what did apple do which breaks vegas?
Apple needs to get their heads out of their asses. They used to kick ass, so who keeps making these crappy decisions for them now? If they keep on this path I give em 10 years to drain the company.
RE: The target of this
"Apple needs to get their heads out of their asses."
If you'd read the article, you'd know that it's social engineering trickery... affecting WINDOWS users... They could have claimed the file was an AVI, WMV or anthing they liked.
Salt's crap anyway
Saw it at the cinema with the gf... it's not even that good. Wouldn't waste my time downloading it. "Predictable" doesn't even begin to cover it. Not even AJ being the star makes it worthwhile.
Grenade, for the scene on the barge when she kills everyone with 3 grenades and doesn't get a scratch on her.
I thought you meant a video of Angelina herself being poisoned. I'd have watched that.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Game Theory The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Worstall on Wednesday Wall Street woes: Oh noes, tech titans aren't using bankers
- Kate Bush: Don't make me HAVE CONTACT with your iPHONE