|
Online sharing of videos and music at the heart of
today's Internet lifestyle gives hackers dangerous new avenues for
attacking computers, security specialists said Thursday.
Malicious code can be hidden in video streamed or downloaded from
websites such as YouTube or songs streamed from social-networking
websites including MySpace, iSEC researcher David Thiel demonstrated
at a Black Hat gathering of computer protection professionals in Las
Vegas.
"The potential for attack is pretty severe," Thiel said.
"Any MySpace page you go to you can't get it to stop playing
music at you. You will probably start seeing malware installs this
way just like we see through images."
The kinds of "malware," malicious software, that can be
"injected" through video or music files run the gamut from
programs meant to simply be annoying to code that takes command of
infected machines for "bot armies."
"Stream formats are good for containing exploit code and are
quite dangerous because of the widespread use of it with kids online
these days," Thiel said.
"It is used so constantly."
Applications vulnerable to hackers include those used for MP3 music
files; a speech feature in Microsoft's Xbox Live online video game
software, and Internet telephony, according to Thiel.
Security specialists at Black Hat say the popularity of
"user-generated content" considered a defining
characteristic of today's Web 2.0 Internet opens users to betrayal
and attack online.
"Web 2.0 is a trust model with users controlling the
content," said Websense researcher Stephan Chenette.
"You are building this gigantic network of friends. You have to
trust that I am who I say I am and that the content is what I say it
is. Trust is sometimes taken advantage of."
Malware-tainted video or audio files uploaded to social-networking
websites can be rapidly sent to members by automated programs, said
SPI Dynamics vice president Erik Peterson.
Last year it was revealed hackers use RSS (Really Simple
Syndication) feeds to distribute malicious code to thousands of
people instantly, Peterson said.
"Some say we are doomed to repeat the past and there is nothing
you can do about it" Peterson told AFP. "Don't trust data
you get from anyone."
Thiel believes music recording labels and movie studios will use
flaws in media files to insert stealth coding that tracks or
disables pirated songs, shows or movies.
Media software applications vulnerable to hacking are being used in
"smart" mobile telephones as well as cars and home
multi-media systems, according to Thiel.
It is imperative computer users educate themselves regarding
protecting software and dangers lurking on the Internet, Chenette
said.
People should bear in mind that websites in certain countries such
as Russia are often lures set up by cyber criminals and that sites
offering content such as sex videos frequently hide computer
viruses, according to Chenette.
"If I'm going to a gambling website or if I'm going to a porn
site it is much more likely to have malicious content on it,"
Chenette said. "Web 2.0 is something to be very wary of."
--AFP
|
