Submitted via IRC for SoyCow2718
Most employees have some awareness about malware attacks. Many probably know that you should never open an executable file from a stranger or install a thumb drive found in the parking lot, for example. But videos, or links to videos, can deliver malware just like that executable or thumb drive. Do your employees know this too? And even if they do know it, will they be tricked into chasing malicious videos anyway?
Here's why it's time to start focusing on video malware.
[...] The video habit (or addiction) in our culture has paved the way for video malware — malicious code embedded into video files. Video malware is part of a larger trend toward more effective stealth in the delivery of malware. It's also the latest, and probably the most interesting, example of malicious steganography — the embedding of something secret inside some other medium. When the medium is an executable file, it's called stegware.
Malware has been embedded in still-image file formats, such as JPG, PNG and BMP formats, for years. Now, it appears that video malware is having a moment.
(Score: 2) by Gaaark on Tuesday August 20 2019, @12:23PM (1 child)
"You coming Gracie?"
"Yes...YES...YESSSSS!"
Ah, the good old off-topic.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by DannyB on Tuesday August 20 2019, @03:28PM
Maybe the audio portion of a video exploits some vulnerability in the audio decoder. Maybe smashes the stack, or heap, or something. Part of the audio data just happens to be executable code that gets run because of, say, a smashed stack return address. This is nothing more than a vulnerability in the audio decoder.
Not worth screaming about.
People today are educated enough to repeat what they are taught but not to question what they are taught.