Online Videos May Be Conduits for Viruses

Online videos aren't just for bloopers and rants - some might also be conduits for malicious code that can infect your computer. As anti-spam technology improves, hackers are finding new vehicles to deliver their malicious code. And some could be embedded in online video players, according to a report on Internet threats released Tuesday by the Georgia Tech Information Security Center as it holds its annual summit.

The summit is gathering more than 300 scholars and security experts to discuss emerging threats for 2008 - and their countermeasures. Among their biggest foes are the ever-changing vehicles that hackers use to deliver "malware," which can silently install viruses, probe for confidential info or even hijack a computer.

"Just as we see an evolution in messaging, we also see an evolution in threats," said Chris Rouland, the chief technology officer for IBM Corp.'s Internet Security Systems unit and a member of the group that helped draft the report. "As companies have gotten better blocking e-mails, we see people move to more creative techniques."

With computer users getting wiser to e-mail scams, malicious hackers are looking for sneakier ways to spread the codes. Over the past few years, hackers have moved from sending their spam in text-based messages to more devious means, embedding them in images or disguised as Portable Document Format, or PDF, files.

"The next logical step seems to be the media players," Rouland said.

There have only been a few cases of video-related hacking so far.

One worm discovered in November 2006 launches a corrupt Web site without prompting after a user opens a media file in a player. Another program silently installs spyware when a video file is opened. Attackers have also tried to spread fake video links via postings on YouTube.

That reflects the lowered guard many computer users would have on such popular forums.

"People are accustomed to not clicking on messages from banks, but they all want to see videos from YouTube," Rouland said.

Another soft spot involves social networking sites, blogs and wikis. These community-focused sites, which are driving the next generation of Web applications, are also becoming one of the juiciest targets for malicious hackers.

Computers surfing the sites silently communicate with a Web application in the background, but hackers sometimes secretly embed malicious code when they edit the open sites, and a Web browser will unknowingly execute the code. These chinks in the armor could let hackers steal private data, hijack Web transactions or spy on users.

Tuesday's forum gathers experts from around the globe to "try to get ahead of emerging threats rather than having to chase them," said Mustaque Ahamad, director of the Georgia Tech center.

They are expected to discuss new countermeasures, including tighter validation standards and programs that analyze malicious code. Ahamad also hopes the summit will be a launching pad of sorts for an informal network of security-minded programmers.

News source: Associated Press

Report a problem with article
Previous Story

Asustek Declares Support for 1600MHz Processor Bus

Next Story

Apple Sued Over iPhone Price Cuts

14 Comments

Commenting is disabled on this article.

like i can see the malware side of this springing up in those activex installer video players on porn sites, then again i dont install them cuz anything that needs to be installed is suspicious to me...

like all it takes is one flaw in the bad guys hands before the good guys... its abit scary to think about it really, we can all be sitting here on top of what one day is gonna be a very famous exploit
it wont necessarily be in the form of a video hack of some sort, just that its more likely to be one

For heavens sake, we all know that AV companies are reactive (recent "outbreaks" have proved this)

I have had many more problems with AV software trashing an O/S than any "virus" code. I stopped updating Windows XP after a new slipstreamed install of SP2. I have a WIFI router with simple firewall, I don't run AV software. I use Firefox, and occasionally do a quick scan.

This is FUD, for them to sell the next generation of "cripple-ware"

It's most likely codec specific as well, an .avi file encoded in mpeg2 may be safe execute while an .avi encoded with divx could have an unknown buffer overflow exploit and it's just a matter of when someone finds that hole and exploits it. As far as preemptive security goes in most of the computer world, developers are not aware nor concerned with possible exploits until they have been proven, and sometimes convincing requires more than theory, thus proof of concept code releases which are all too common today.

Although I am not saying that this is not possible, keep in mind that YouTube uses FLV for the actual playing of videos (as opposed to embedding the video into an swf) and the player itself remines in the site (or in your cache). Basically, users cannot upload swf files but only videos, and FLV does not (to my knowledge) support Action Scripting. And keep in mind that YouTube converts videos to FLV, so if a user uploaded an infected quicktime file, the bad data would most likely be stripped out during the transcoding of the video.

Again I am not saying there is no way. Just saying that an FLV itself is unlikely to be able to carry any sort of a virus (especially if the files are converted from another format).

it doesn't suprise me a bit. i was waiting for something like this.....sooner or later it would happen

It is trivial to embed a link in a Flash file; mondominishows did it all the time with their Happy Tree Friends episodes. (I imagine they wanted to track all viewings). Although this speaks of player-imbedded malware (or in the codec?), I'm fairly certain there are PowerPoint and Flash file nasties about.