What Kind Of Person Uploads A Virus?
Can A Video File Comprise A Virus?
September 17, 2020 | published by Yiyi Miao
Originally Published February 17, 2014.
Video files are non typically idea of every bit potentially malicious or infected file types, but it is possible for malware to be embedded in or disguised as a video file. Due to this common misconception, audio and video files are intriguing threat vectors for malware writers.
Why the Business organisation for Video Files?
- Media players are frequently used software, users tend to use them for an extended period of time leaving them open up during other tasks, and frequently switch media streams.
- Many vulnerabilities are found in media players. NIST [one] shows more than 1,200 vulnerabilities from 2000 to 2014 [2]. In early 2020, NIST recorded a new loftier-severity vulnerability, CVE-2020-0002, in Android Media Framework.
- Bonny video content and loftier-speed internet leads users to download and share without paying attention, and as these files are perceived every bit relatively harmless, users are likely to play files given to them.
- The file formats involved are binary streams and tend to be reasonably complex. Much parsing is required to manipulate them, and playback calculations can easily effect in integer bugs.
- The file is usually large; users are likely to skip scanning solutions to avert functioning impact.
- They are perceived as relatively harmless - users are likely to play files given to them.
- There are a wide diverseness of different audio players and many of different codecs and audio file plugins, all written by generally non-security-focused people.
- Users download videos from many unreliable sources, and the videos run with fairly loftier privilege and priority. For case, in Windows Vista, a low-privileged Internet Explorer instance tin can launch content in a higher-privileged Windows Media Actor.
- Videos are frequently invoked without the user's explicit acknowledgement (i.e. embedded in a spider web page) [3].
Typical Vulnerability Vectors
Fuzzing the media player by a modified video file
Fuzzing is a generic method to force a program to comport unexpectedly past providing invalid, unexpected, or random data to the inputs.
Fuzzing is designed to discover deep bugs and is used by developers to ensure the robustness of code, however, a programmer's best tool can exist used to exploit the user as well. For media players, which are supposedly "format strict," a corrupted real video file tin can betrayal many bugs, most acquired by dereferencing zip pointers. This results in inappropriate memory access, which offers the possibility of writing to memory something that is not intended to be written [four]. Fortunately, fuzzing media players requires in-depth noesis of the file format or else the corrupted file, volition but be ignored by the role player.
Embedding hyperlinks in a video file
A more straight method is obtained by embedding a URL into modern media files.
For example, Microsoft Avant-garde System Format (ASF) allows for unproblematic script commands to be executed. In this instance, "URLANDEXIT" is placed at a specific address and following any URL. When this code executes, the user is directed to download an executable file, often bearded as a codec and prompting the user to download in society to play the media.
MetaDefender Cloud, OPSWAT'southward anti-malware multiscanning tool, has an example of one such file: https://metadefender.opswat.com/results#!/file/c88e9ff9e59341eba97626d5beab7ebd/regular/information.
The threat proper name is "GetCodec." In this example, the media histrion was redirected to a link to download a trojan. See the scanned trojan here.
Examples of File Blazon Exploits
Below is a tabular array list the pop media file formats that have been exploited by routing the user to malicious sites or executing arbitrary codes remotely on target users' systems.
| File Format | Detection | Description |
| Windows .wma/.wmv | Downloader-UA.b | Exploits flaw in Digital Rights Management |
| Existent Media .rmvb | W32/Realor.worm | Infects Real Media files to embed link to malicious sites |
| Real Media .rm/.rmvb | Man crafted | Launches malicious web pages without prompting |
| QucikTime.mov | Human crafted | Launches embedded hyperlinks to pornographic sites |
| Adobe Flash.swf | Exploit-CVE-2007-0071 | Vulnerability in DefineSceneAndFrameLabelData tag |
| Windows.asf | W32/GetCodec.worm | Infects .asf files to embed links to malicious web pages |
| Adobe Flash.swf | Exploit-SWF.c | Vulnerability in AVM2 "new part" opcode |
| QuickTime.mov | Human crafted | Executes capricious code on the target user's system |
| Adobe Wink.swf | Exploit-CVE-2010-2885 | Vulnerability in ActionScript Virtual Machine ii |
| Adobe Flash.swf | Exploit-CVE2010-3654 | Vulnerability in AVM2 MultiName button class |
| Windows .wmv | Exploit CVE-2013-3127 | WMV Video Decoder Remote Code Execution Vulnerability |
| Matroska Video .mkv | Exploit-CVE2019-14438 | Vulnerability in VLC, executes arbitrary code with privileges on the target user's system |
Solutions
Many anti-malware vendors now have added detection by looking for the URL signatures within media type files. OPSWAT MetaDefender Multiscanning technology leverages 35+ anti-malware engines and significantly improves detection of known and unknown threats. Deep CDR as well supports video and audio file formats and can help to prevent Cypher Mean solar day attacks. MetaDefender'south file-based vulnerability assessment technology can detect vulnerabilities in media role player installers before they are installed.
If you don't have OPSWAT Solutions, you need to pay more attention to media files, practice non view untrusted files, never run media players with elevated privileges, and don't accept downloads of unknown codecs or foreign licenses. Always go along your media thespian software up-to-date to avoid vulnerabilities.
References
[ane] National Vulnerability Database.
[2] Killer Music: Hackers Exploit Media Player Vulnerabilities.
[three] David Thiel. "Exposing Vulnerabilities in Media Software".
[4] Colleen Lewis, Barret Rhoden, Cynthia Sturton. "Using Structured Random Data to Precisely Fuzz Media Players".
For more information, please contact i of our cybersecurity experts.
Source: https://www.opswat.com/blog/can-video-file-contain-virus
Posted by: christensenfactiong.blogspot.com
0 Response to "What Kind Of Person Uploads A Virus?"
Post a Comment