News

Online Video May Be Virus Writers' Next Target

By Ed Oswald | Published October 2, 2007, 11:30 AM

A new study from Georgia Tech indicates that online videos may be the newest way for attackers to load viruses onto the computers of unsuspecting victims.

The report was released Tuesday ahead of the annual security conference the school holds each year. Some 300 experts and professors are expected to attend, and will discuss new security threats and prevention measures.

What may make online videos an attractive new way to deliver malware is their ever-increasing popularity. Video sites such as YouTube are some of the fastest growing on the Web, and could deliver their payloads to thousands within hours if it is done right.

In fact, some attackers have attempted to lure consumers through fake video links posted to YouTube. However, the number of successful hacks via online video still remains quite small.

In an interview with the Associated Press, IBM chief technology officer and report co-author Chris Rouland said the move towards video is part of an evolution in how hackers are operating. He said these new ways are popping up due to the success in fighting e-mail attacks, forcing hackers to be more creative.

"The next logical step seems to be the media players," he says.

Comments

View comments by with a score of at least

mdotwills
Oct 2, 2007 - 7:44 PM

The worst would be if somebody embedded malicious code into the flash file on the movie i.e. the player file. Big trouble there...

Score: 0

|
Post Reply
mjm01010101
Oct 2, 2007 - 2:23 PM

I think the "fake video links" are links to sites that emulate youtube, but are actually hosted offsite, by using fake url's or other obfuscation techniques.

Score: 0

|
Post Reply
Altman
Oct 2, 2007 - 12:03 PM

If you watch youtube videos then there is no way a virus writer can take advantage of any video exploit. Youtube compresses all video and so the exploit would have to somehow be written to survive the compression.

Score: 0

|
Post Reply
pitdingo
Oct 2, 2007 - 1:02 PM

scratching my head......

Score: 0

|
Post Reply
Altman
Oct 2, 2007 - 1:44 PM

The only way a video can directly infect your system with a virus is if it takes advantage of a known exploit in the video playing software like a buffer overrun. The virus writer can embed this in a video and when the video is played on the player that contains the exploit, then it will infect the machine. Youtube compresses all video that is uploaded, therefore the exploit written in the video will be destroyed through the compression.

Score: 0

|
Post Reply
DZNetworks
Oct 2, 2007 - 4:50 PM

Just never click on a link to an outside source promising you the full length version of whatever and you'll be fine.

Score: 0

|
Post Reply
pitdingo
Oct 2, 2007 - 5:38 PM

Yes i know this. This is why i am scratching my head.

Score: 0

|
Post Reply

Security firm: Windows patches not responsible for 'Black Screen of Death'

On second thought, maybe that access control list thingie with the lockdown something-or-rather didn't trigger an alleged, perhaps non-existent, pandemic.

My Windows 7 confession (and why you should confess, too)

I've held back the real reason for sticking with Windows 7, even as, gulp, iLife calls me to go back to the Mac.

Apple settles with Psystar except for 'circumvention devices'

The fracas with the Florida clone computer maker might have ended today had Apple not have muddled the issue over a cheap piece of Psystar software.

Where did Apple's Black Friday sales go?

According to one analyst, Apple sold nearly four fewer Macs per hour on Black Friday than same day a year ago. Now why is that?

Google begrudgingly adjusts news crawling for paid publishers

If publishers want to make readers pay for news content, and thereby drive down its popularity and Google ranking, the company says, they can just go right on ahead.

Fee or free? Murdoch, Huffington square off over the cost of Internet news

Participants in an FTC workshop yesterday witnessed the two extremes of the Web news publishing debate, still centered on the issue of long-term profitability.

Microsoft denies latest 'Black Screen of Death' claims

After an anti-malware producer announced a fix to what it says is a swarm of recent KSoD problems, evidence of the swarm itself has yet to turn up.

Latest Firefox 3.6 beta fixes 133 bugs, promises faster page load times

A once-sluggish beta testing process has kicked into overdrive, with astonishing success at finding serious bugs. Will Mozilla be able to fix all the others in time?

Confirmed: Office 2010 to ship in June

Two weeks after Microsoft had been expected to draw a clearer roadmap for its principal applications suite, it's finally ready to commit to the end of H1.

New EU antitrust commissioner will oversee Microsoft, Oracle+Sun, Intel issues

As one of Europe's most prominent politicians shifts positions in January, her replacement remains a question mark over technology's biggest issues.

Without its own 'iTablet' yet, is Apple missing the boat?

Steve Jobs is on record as dissing "single-purpose" devices like e-readers. But given their recent popularity, was that a mistake?