Online Sharing Videos Could Attract Hackers
Online sharing of videos and music at the heart of today's Internet lifestyle gives hackers dangerous new avenues for attacking computers, security specialists said Thursday.
Malicious code can be hidden in video streamed or downloaded from websites such as YouTube or songs streamed from social-networking websites including MySpace, iSEC researcher David Thiel demonstrated at a Black Hat gathering of computer protection professionals in Las Vegas.
BR> "The potential for attack is pretty severe," Thiel said. "Any MySpace page you go to you can't get it to stop playing music at you. You will probably start seeing malware installs this way just like we see through images."
BR> The kinds of "malware," malicious software, that can be "injected" through video or music files run the gamut from programs meant to simply be annoying to code that takes command of infected machines for "bot armies."
BR> "Stream formats are good for containing exploit code and are quite dangerous because of the widespread use of it with kids online these days," Thiel said.
BR> Applications vulnerable to hackers include those used for MP3 music files; a speech feature in Microsoft's Xbox Live online video game software, and Internet telephony, according to Thiel.
BR> Security specialists at Black Hat say the popularity of "user-generated content" considered a defining characteristic of today's Web 2.0 Internet opens users to betrayal and attack online.
BR> "Web 2.0 is a trust model with users controlling the content," said Websense researcher Stephan Chenette.
BR> "You are building this gigantic network of friends. You have to trust that I am who I say I am and that the content is what I say it is. Trust is sometimes taken advantage of."
BR> Last year it was revealed hackers use RSS (Really Simple Syndication) feeds to distribute malicious code to thousands of people instantly.
BR> Thiel believes music recording labels and movie studios will use flaws in media files to insert stealth coding that tracks or disables pirated songs, shows or movies.
BR> Media software applications vulnerable to hacking are being used in "smart" mobile telephones as well as cars and home multi-media systems, according to Thiel.
BR> "The potential for attack is pretty severe," Thiel said. "Any MySpace page you go to you can't get it to stop playing music at you. You will probably start seeing malware installs this way just like we see through images."
BR> The kinds of "malware," malicious software, that can be "injected" through video or music files run the gamut from programs meant to simply be annoying to code that takes command of infected machines for "bot armies."
BR> "Stream formats are good for containing exploit code and are quite dangerous because of the widespread use of it with kids online these days," Thiel said.
BR> Applications vulnerable to hackers include those used for MP3 music files; a speech feature in Microsoft's Xbox Live online video game software, and Internet telephony, according to Thiel.
BR> Security specialists at Black Hat say the popularity of "user-generated content" considered a defining characteristic of today's Web 2.0 Internet opens users to betrayal and attack online.
BR> "Web 2.0 is a trust model with users controlling the content," said Websense researcher Stephan Chenette.
BR> "You are building this gigantic network of friends. You have to trust that I am who I say I am and that the content is what I say it is. Trust is sometimes taken advantage of."
BR> Last year it was revealed hackers use RSS (Really Simple Syndication) feeds to distribute malicious code to thousands of people instantly.
BR> Thiel believes music recording labels and movie studios will use flaws in media files to insert stealth coding that tracks or disables pirated songs, shows or movies.
BR> Media software applications vulnerable to hacking are being used in "smart" mobile telephones as well as cars and home multi-media systems, according to Thiel.
