SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow2718
Most employees have some awareness about malware attacks. Many probably know that you should never open an executable file from a stranger or install a thumb drive found in the parking lot, for example. But videos, or links to videos, can deliver malware just like that executable or thumb drive. Do your employees know this too? And even if they do know it, will they be tricked into chasing malicious videos anyway?
Here's why it's time to start focusing on video malware.
[...] The video habit (or addiction) in our culture has paved the way for video malware — malicious code embedded into video files. Video malware is part of a larger trend toward more effective stealth in the delivery of malware. It's also the latest, and probably the most interesting, example of malicious steganography — the embedding of something secret inside some other medium. When the medium is an executable file, it's called stegware.
Malware has been embedded in still-image file formats, such as JPG, PNG and BMP formats, for years. Now, it appears that video malware is having a moment.
(Score: 2) by Pino P on Thursday August 22 2019, @02:40PM
The attacker can easily adapt to that mentality. Imagine finding the following in some HTML document on the web:
So you click the "Watch or download" link, and it produces a file in your Downloads folder called Colony_of_cabbits_found_in_Salloughby_360p.webm. But your Windows PC or Mac didn't ship with a viewer for WebM files, as the major proprietary operating systems tend to ship with decoders for only royalty-bearing codec stacks like MPEG-4 AVC/AAC, not royalty-free codec stacks like WebM. So you click "Download player", expecting a file in .exe or .dmg format, and get a file in .exe or .dmg format. How do you know whether this player is malware?