Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday August 20 2019, @02:19AM   Printer-friendly
from the don't-watch-anything dept.

Submitted via IRC for SoyCow2718

Most employees have some awareness about malware attacks. Many probably know that you should never open an executable file from a stranger or install a thumb drive found in the parking lot, for example. But videos, or links to videos, can deliver malware just like that executable or thumb drive. Do your employees know this too? And even if they do know it, will they be tricked into chasing malicious videos anyway?

Here's why it's time to start focusing on video malware.

[...] The video habit (or addiction) in our culture has paved the way for video malware — malicious code embedded into video files. Video malware is part of a larger trend toward more effective stealth in the delivery of malware. It's also the latest, and probably the most interesting, example of malicious steganography — the embedding of something secret inside some other medium. When the medium is an executable file, it's called stegware.

Malware has been embedded in still-image file formats, such as JPG, PNG and BMP formats, for years. Now, it appears that video malware is having a moment.

Source: https://securityintelligence.com/articles/how-video-became-a-dangerous-delivery-vehicle-for-malware-attacks/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by DannyB on Tuesday August 20 2019, @03:28PM

    by DannyB (5839) Subscriber Badge on Tuesday August 20 2019, @03:28PM (#882617) Journal

    Maybe the audio portion of a video exploits some vulnerability in the audio decoder. Maybe smashes the stack, or heap, or something. Part of the audio data just happens to be executable code that gets run because of, say, a smashed stack return address. This is nothing more than a vulnerability in the audio decoder.

    Not worth screaming about.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2