Online videos aren’t just for bloopers and rants – some might also be conduits for malicious code that can infect your computer. As anti-spam technology improves, hackers are finding new vehicles to deliver their malicious code. And some could be embedded in online video players, according to a report on Internet threats released Tuesday by the Georgia Tech Information Security Center as it holds its annual summit.

The summit is gathering more than 300 scholars and security experts to discuss emerging threats for 2008 – and their countermeasures. Among their biggest foes are the ever-changing vehicles that hackers use to deliver “malware,” which can silently install viruses, probe for confidential info or even hijack a computer.

With computer users getting wiser to e-mail scams, malicious hackers are looking for sneakier ways to spread the codes. Over the past few years, hackers have moved from sending their spam in text-based messages to more devious means, embedding them in images or disguised as Portable Document Format, or PDF, files.

“The next logical step seems to be the media players,” Rouland said. There have only been a few cases of video-related hacking so far. One worm discovered in November 2006 launches a corrupt Web site without prompting after a user opens a media file in a player. Another program silently installs spyware when a video file is opened. Attackers have also tried to spread fake video links via postings on YouTube.

Hopefully the anti-virus programs keep up with spammer technology.


  1. andrewwi says:

    [Duplicate post. – ed.]

  2. Mac Guy says:

    One more reason I use a Mac these days. Tough to infect C:\WINDOWS\System32 if it doesn’t exist.

  3. andrewwi says:

    Before you know it, Computers will just come with pre-installed malware. Dell practically already does this with all the CRAP they put into their computers.

  4. hhopper says:

    I just bought a Dell and checked the no installed software button. It came without all the crap on it.

  5. GregA says:

    Wow, bad year for computer security… With the release of Vista and all. Also, the two top vectors (so don’t install them) for virus transmission are Quicktime and Firefox.

    Also, so far Vista is unaffected by these issues, even if you are running Quicktime and Firefox.

    So stick with Vista+ie7+wmp11 and you will be perfectly safe. All others need worry.

  6. Jägermeister says:

    #4 – GregA – Also, the two top vectors (so don’t install them) for virus transmission are Quicktime and Firefox.

    It has already been fixed bozo.

  7. Jägermeister says:

    And another thing GregA…

    Firefox 2: 15 Secunia advisories, 40% unpatched
    IE 7: 18 Secunia advisories, 56% unpatched

  8. Milo says:

    Always ask, who benefits?

    Seems to me that ol’ time TV benefits here.

    BTW FF with Ubuntu (all scripts and flash blocked by default, no QT) for me. They can do their worst.

  9. OmarTheAlien says:

    I must be out of the loop, somehow: XP Pro, Firefox, Quicktime and a bunch of other stuff, NO anti-virus (lotsa hype, does more harm than good) and Comodo firewall. Of course, my ISP filters, my router filters, and I use common sense (sometimes) on what I click on. Do I have viruses? Hell, I don’t know, everything works about like it should, and about the expected speed. Am I part of a botnet? I doubt it, as both DSL and router activity lights are in direct line of sight and I think I’d notice any untoward activity. When unattended (bedtime/worktime) the system is shutdown, completely.
    The computer security people are becoming like the drug companies, scaring the hell out of everybody trying to sell all kinds of crap that may or may not be any good. And just like with your health, you can worry yourself to death about whether your going to die, or not.
    Of course, this is my home system, and I’m the only user. At work I walk the true walk, with firewalls and active anti-virus subscriptions. Firefox is the only browser, and I keep the network tied down fairly close.

  10. gquaglia says:

    #5 Way to go you M$ shill.

  11. Major Jizz says:

    The dollar symbol in M$ is soooo 1999…

  12. LBalsam says:

    ZoneAlarm has just come out with the beta of a product to prevent this from happening.

    Since it is a beta it is currently free, it is called ForceFIeld.

    I just installed it on a Vista machine with no problems.

    http://www.zonealarm.com

  13. Uncle Patso says:

    It completely escapes me how a graphic file, whether video or still, can lead to infection by malware. How brain-damaged is it to make a player program that is susceptible to that? What’s next, text viruses? Trojans embedded in UPC bar codes?

  14. Bill Gates says:

    #5
    Your check is in the mail, keep up the good work!
    That is all.

  15. Glenn E says:

    #13 – the trick is that certain sites (mainly porn) announce that you must download THEIR player, in order to view some video clip. As if all the standard video player aren’t good enough. Or implying that whatever you’ve got is one version behind. So the novice downloads and installs the bogus player, with a single click. And if they’re running in Admin level, as M$ seems to encourage all the time, their puter is then infected by the “player”, not the video file itself. Best advice is to never download a player from an untrusted site, that doesn’t tell you what player (or version) it is, or not offer any links to a trusted site to get same. Because most likely it’s a totally bogus player.

  16. mark says:

    15, Anyone that would download ANY executable file from ANY porn site is a moran and deserves exactly what they get.

  17. Lauren the Ghoti says:

    No matter how devious, how clever the scumbags who live to devise ways of getting malware onto your computer are – they’re all pikers and pathetic also-rans next to the genius who concocted the most utterly diabolical method yet for delivery of the most insidious piece of malware ever – unsuspecting users not only install it voluntarily, they actually pay for the privilege! He simply puts it in a fancy box labelled “Windows Vista” and the victims do the rest.

    I tell ya, Lex Luthor ain’t got nothin’ on that boy! 😉

  18. ECA says:

    16,
    Its not just porn sites…
    I sent a letter to MSN, after getting 5 virus and 17 bots on NEW install. Its from adverts, Quicktime, Java, and others… I suggested they start AV and anti bot the Adverts they pull in…1 year later they CUT all adverts(cool) because the adverts were the cause.

    Ever hit a site that says…You cant see this site, you dont have IE, Java, ActiveX, quicktime….
    Its a shame, that ALL this crap comes from EVERYWHERE, and not just porn sites.


0

Bad Behavior has blocked 5647 access attempts in the last 7 days.