Decided to dip my toes in so I followed the guide to a website where I can download some content via google drive. Like an idiot, I didn’t research the risks of direct downloads before and so I’m now a bit paranoid. I understand the chances are low and my media player needs to be exploited but is there a way to be certain? A post on reddit said to use mkvtoolnix to check all the elements but I honestly don’t know what to look for. Any help?

  • drwankingstein@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    is there a way to be certain? not absolutely however simply being up to date will make the risk pretty much negligible. you probably have a higher risk of catching an STD from eating food after a day of wearing gloves and other protective gear

    • jlow (he/him)@beehaw.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Yeah, I think if videofiles where a common (or even feasable, I’ve never heard of it) way to distribute malware we’d know about it (and phishers would not need to rely on MS Word macros so much 👌).

      • drwankingstein@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        it’s not unheard of, multimedia is actually a pretty decent target, however this is due to a lot of media libraries being ancient even in deployment (see the libwebp stuff recently in chrome). However with stuff like mkv which is something that gets updated often, the risk is significantly lower so long as one is up to date. There are lots of people running outdated software which could be susceptible to these attacks.

      • andrew@radiation.party
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        It’s feasible and has been used in various 0day exploits in the last few years. It’s getting significantly rarer nowadays but media player exploits leading to RCE has been a staple of malware distribution for a long while.

        It’s just much easier to make a malicious word macro and hope the user isn’t careful than to research/identify an exploitable bug in a media player.