I understand that sharing video, photos, documents etc. is relatively safe because the data is not executed in the processor as instructions. How come people are willing to download and install pirated software though? How can one be confident that it does not contain malicious addons? Are people just don’t know the risks? Or are there protection mechanisms that I am missing? I mean since the software is usually cracked there is not much use in comparing checksums with the originals, is it?
Your assumption is wrong mail can contain executables. Picture can hold executable instructions and so do videos. For example videos and pictures in mail can contain virus. You are not safe just because you download movies and pictures
Can you explain how can a picture holds a executable in it? Also you have to make the file executable to run it. Something like
chmod +x random.mp4One of the techniques is called buffer overflow. Where you target a flaw in some software. Computers are logic, they will do EXACTLY what you tell them. Imagine if an image viewer uses an dll to process jpg. That dll expects a very specific header. If this is not handled correctly and a malicious attacker crafts the header to be slightly larger and the larger part contains executable code. This code spills over in the adjacent memory area. The OS then reads this as code to run… and boom you are in.
This is oversimplified and proberly not explained correctly, but its something like that; and that kids, is why its important to update your OS and software.
Sometimes they find bugs like this, that have existed for many years before being discovered.