F-Secure: Be Sure
Main
F-Secure Logo - Be Sure
Select local site


Privacy Policy
Legal Notices
Contact Us

Hoax Warnings

Alphabetical Index
NAME:MP3 virus
ALIAS:Bloat

There are no viruses to infect MP3 audio files.

There is one widespread fake warning on such virus in circulation. It looks like this: 

 Virus Update: IWA Discovers Mpeg Audio Virus
 SANTA CLARA, Calif.,


 Virus security researchers at Internet Western Associates (Nasdaq:
 IWAS - news) today announced the discovery of the first successful
 multi-application media-file virus capable of infecting most media
 player software. Affected are Layer 3 audio compatible players,
 commonly called Mp3 players. The virus, called Bloat, has been
 discovered to imbed itself into the executable portion of every player
 in every condition tested so far, including Winamp, NAD, Jet Audio,
 and Unreal Player Max; running under Windows 3.x, 9x, and NT operating
 systems. Macintosh and Unix systems do not appear to be affected.


 'Bloat' spreads in a manner similar to the recent Word-Macro virus
 family. Virus code is conveyed and spread within *.mp3 audio files
 upon being opened by player software. The program inserts a single
 string of virus code immediately following the title/artist tag of an
 Mp3 file. Bloat only targets files having an MP3 or EXE extension.
 Similar audio formats such as VQF (Twin-VQ), WAV, Mp4 (under
 development), RA (Real Audio), and AAC (Advanced Audio Coding) cannot
 carry the virus.


 The new Layer-3 'Bloat' virus is the first working virus of its type
 found in the wild. Bloat does not cause data loss. As the name
 sugguests, its effect is the opposite; the virus causes extra nonsense
 data to be written to the hard disk during most writes. Files written
 to the hard disk will occupy as much as five times the amount of space
 they appear to be using, and should be using. As a result, free hard
 disk space grows smaller and smaller. Once the virus has spread to
 other programs in the system, affected users will experience
 difficulty opening, reading or modifying documents in most of their
 applications, as well as an increased overall sluggishness in system
 performance. Considerable storage space is also lost.


 Bloat uses the Mp3 audio files as carriers between players. Once the
 virus is read by a player, it is loaded into system memory, where it
 spreads back down into system applications. This successful travelling
 method was first documented by researchers at the Internet Western
 Associates AVERT (Anti-Virus Emergency Response Team) center in
 Braintree, MA.


 Detailed information on Bloat Layer 3 and detection/cleanup software
 will be available shortly. With headquarters in Tacoma, Washington.,
 Internet Western Associates, Inc. is dedicated to providing leading
 enterprise network security and management solutions. McAfee Labs, the
 anti-virus research affiliate of IWA, currently employs more than 85
 virus researchers and maintains labs on five continents worldwide. In
 addition to studying new and existing security threats, McAfee Labs
 serves as a global resource for virus information and provides rapid,
 follow-the-sun support for virus emergencies worldwide.


 SOURCE: Internet Western Associates, Inc.


 1998 BetaNews.Com. All Rights Reserved

Again, do not distribute this hoax message.