Online videos may be conduits for viruses

[kach22i]

What do you computer guys think of this article?

Online videos may be conduits for viruses
http://news.yahoo.com/s/ap/20071002/ap_on_hi_te/cybersecurity;_ylt=AsXBp3Bm.47l.m51w8IAvq6s0NUE
By GREG BLUESTEIN, Associated Press Writer Tue Oct 2, 7:46 AM ET

Quote:

ATLANTA - Online videos aren't just for bloopers and rants — some might also be conduits for malicious code that can infect your computer.

As anti-spam technology improves, hackers are finding new vehicles to deliver their malicious code. And some could be embedded in online video players, according to a report on Internet threats released Tuesday by the Georgia Tech Information Security Center as it holds its annual summit.

The summit is gathering more than 300 scholars and security experts to discuss emerging threats for 2008 — and their countermeasures.

Among their biggest foes are the ever-changing vehicles that hackers use to deliver "malware," which can silently install viruses, probe for confidential info or even hijack a computer.

"Just as we see an evolution in messaging, we also see an evolution in threats," said Chris Rouland, the chief technology officer for IBM Corp.'s Internet Security Systems unit and a member of the group that helped draft the report. "As companies have gotten better blocking e-mails, we see people move to more creative techniques."

With computer users getting wiser to e-mail scams, malicious hackers are looking for sneakier ways to spread the codes. Over the past few years, hackers have moved from sending their spam in text-based messages to more devious means, embedding them in images or disguised as Portable Document Format, or PDF, files.

"The next logical step seems to be the media players," Rouland said.

There have only been a few cases of video-related hacking so far.

One worm discovered in November 2006 launches a corrupt Web site without prompting after a user opens a media file in a player. Another program silently installs spyware when a video file is opened. Attackers have also tried to spread fake video links via postings on YouTube.

That reflects the lowered guard many computer users would have on such popular forums.

"People are accustomed to not clicking on messages from banks, but they all want to see videos from YouTube," Rouland said.

Another soft spot involves social networking sites, blogs and wikis. These community-focused sites, which are driving the next generation of Web applications, are also becoming one of the juiciest targets for malicious hackers.

Computers surfing the sites silently communicate with a Web application in the background, but hackers sometimes secretly embed malicious code when they edit the open sites, and a Web browser will unknowingly execute the code. These chinks in the armor could let hackers steal private data, hijack Web transactions or spy on users.

Tuesday's forum gathers experts from around the globe to "try to get ahead of emerging threats rather than having to chase them," said Mustaque Ahamad, director of the Georgia Tech center.

They are expected to discuss new countermeasures, including tighter validation standards and programs that analyze malicious code. Ahamad also hopes the summit will be a launching pad of sorts for an informal network of security-minded programmers.

[id10t]

Already happened with JPEG images... there was a flaw in how Microsoft handled the files, you could embed an exploit in an image and it would run when IE or an Office product (Word, etc) opened it.

[Kirk911SC]

[masraum]

I can tell you that certain videos will launch your browser and take you to a page. It's not much to expect that page to contain a virus, so in my mind, videos have been suspect for a long time now. I avoid .wmv files often times.

[HardDrive]

Everyone Panic!

[masraum]

I still go to videos.google.com and youtube.com and break.com, etc...

Get a good virus software that updates often.

Just be careful with stuff that comes in your email and stuff that you download from sites that aren't mainstream.

[WolfeMacleod]

Quote:

Originally Posted by HardDrive

Everyone Panic!

Have you ever watched the TV show Monk? The theme song is excellent...and there are people who are out to get you...


It's a jungle out there
Disorder and confusion everywhere
No one seems to care. Well I do.
Hey, who's in charge here?

It's a jungle out there
Poison in the very air we breathe
Do you know what's in the water that you drink?
Well I do, and it's amazing
People think I'm crazy, 'cause I worry all the time
If you paid attention, you'd be worried too
You better pay attention
Or this world we love so much might just kill you

I could be wrong now, but I don't think so.
It's a jungle out there