Malicious videos open dangerous attack vector

Administrators should consider restricting access to sites such as YouTube and MySpace because they have the potential to deliver malware that has been embedded inside video files.

Over the past year, a number of serious vulnerabilities have been discovered in the most popular video players. This has coincided with sites such as YouTube, which was recently acquired by Google for US$1.65 billion, becoming increasingly popular. This is a lethal combination, according to security companies.

Both YouTube and MySpace allow their members to upload video files onto a personal homepage, which can then be shared with the general Internet population.

Patrick Peterson, vice president of technology at security firm IronPort Systems, said that unlike more traditional attacks -- where malicious files are attached, or linked to, from spam e-mail messages -- potentially dangerous media files are being passed around by friends and colleagues

Because the files are from a trusted source, users are more likely to view them. "[The bad guys] can rely on people going to YouTube and rely on people telling their friends to go to MySpace to get that infection.

View: Full Article @ ZDNet Australia

Report a problem with article
Previous Story

Warner CEO Admits His Kids Pirated Music

Next Story

MusikCube 1.0 Released

12 Comments

Probably because these play (execute! ) automatically in most people's browsers? And they can contain extra features (commands! ) to open web pages, or possibly execute javascript or such.

I think it is easy to see how this can be used for malicious purposes. I don't think that YouTube and MySpace are really responsible or anything. It is just a convenient central repositories of these things, and has a lot of young active people bouncing around from page to page like crazy. A perfect environment to spread this sort of junk.

Flash video files (flvs) aren't regular flash files, they don't have any proven vulnerabilities. YouTube is just being victimized because it's so popular. The real sites that infect people are the ones carrying other video formats.

who knows the hacker? They can do what we never expected. Even viewing the malicious website that your harddisk will be formated.

Quote - Croquant said @ #7
This article is pure FUD. ZDnet: the Fox News of the tech news industry.

Sorry to burst your bubble here buddy, but do you even have a myspace or utube account? The owners of Myspace themselves even sent out a warning to it's members a week or so ago stating that if they have fell subject to this, the videos grab your accounts password then sends out many bullitens in your name to everyone on your friends list, to then change your password...

So, then, how is that FUD?

-Tom

Commenting is disabled on this article.