Video becomes a tool of malicious code

On November 14, security firm McAfee announced that it had discovered the W32 / Realor computer worm specializing in infection and hiding in standard video files of Real Media format. By embedding or linking malicious code into video files, hackers have a new tool to attack users.

This worm does not directly contain malicious code that attacks security flaws in RealOne or Real Player and instead contains a link to a malicious website containing malicious code that attacks a security error in the Internet browser. Explorer. If users open this file, they will immediately be directed to that site. If the user's PC has not been installed, their system patches will fall into the hands of hackers.

Craig Schmugar - Senior security researcher for McAfee - said using video files to spread malicious code is relatively difficult, but the success rate is much higher. " Most users view video files as safe ."

More and more attention

Video becomes a tool of malicious code Picture 1 The W32 / Realor worm is not yet widely available, but the event happened on the same day as Microsoft released a patch of Adobe Flash Player application - a software commonly used to watch online videos.

A week earlier, social networking users MySpace faced an attack with a video file. In it, hackers also use an embedded link in the video file to install an adware on the user's system.

This makes attention to this issue increase even more. Security researchers have begun to pay attention to video files over time. This year, there were a total of 19 average and extremely dangerous security bugs in Apple QuickTime Player, 2 bugs in RealOne and Real Player, 2 errors in Windows Media Player and 3 errors in Adobe Flash Player discovered.

In addition, there have been many attacks that take advantage of video files. However, most of them video files only act as a lead bait. For example, the computer worm Kama Sutra or Blackmal used tricks to trick victims into opening a fake file as a video file. Or as Apple has unconsciously sold iPods that contain a Windows virus.

Meanwhile, the popularity of online video streaming or streaming sites like YouTube has increasingly attracted the attention of hackers for this new type of attack.

" I think the main goal of malware is the large number of users ," said Val Smith, co-founder of OffensiveComputing.net. " So YouTube will probably be the target of hackers once the malware-making tools that attach video files become simpler and more popular ."

Limit

The drawback makes the use of video files to distribute malware not yet popularized because the size of such files is sometimes relatively large. For example, a 30-second video file has a large capacity of 2MB to 3MB. This has reduced the attractiveness of the day attack method.

" I think the chances of users opening video files are huge, but spreading such files is quite difficult because their capacity is quite large ," Mr. Smith said. " Meanwhile, the author of malicious software often likes something softer ."

Another cause for attacks by video files has not attracted hackers because there is no standard video file compatible with a variety of software. Hackers can only attack a user object of an independent software type. Of the 40,000 malware included in OffensiveComputing.net's database, there is almost no software to use video to attack.

Not only is it difficult to use the attack, but the video files themselves are also very easy to enhance security, "said Adrian Ludwig, Adobe's software security manager.

Thus, hackers were able to use video to attack users, but surely other types of multimedia files could also be taken advantage of,

Hoang Dung