Hiran V Nath

Citation:

Nath, HV, Mehtre BM.  2014.  Video files and multistage attacks: (Im)possible?, 11-13 Dec. 2014 2014 Annual IEEE India Conference (INDICON). :1-5.

Date Presented:

Abstract:

It is a general belief that executable creates more security risk than any other file types. So most of host based as well as network based security systems are not programed to detect threats in non-executable files. These non-executable files includes images, movies and other document files like office or pdf files. Moreover, the non-executable files like movies are of very huge size, which prevents these scanners from scanning these files, since it will take more processing power as well as delays the mission critical process. But these non-executable files are constantly used by all users. These users may be naive or professional users. So it is very much important for us to understand whether these could be a security risk for a mission critical system or not. In recent security breaches, attackers are focusing on the usage of these non-executable files to initiate Advanced Persistent Threats (APTs) or multistage attacks. In this paper, we are analyzing a video file, downloaded from a popular torrent website. Finally, we are extracting the malicious content embedded into it. After analyzing, we have found that the file contains malicious link through which another executable gets downloaded into the host machine. This could be considered as a first stage in multistage attack. This is used for initiating targeted attacks based on victim's interest. Here we are also coming to a conclusion that the multistage attacks are not a totally new method to compromise a system. In this paper we are explaining one of the method followed by the attacker. Here the aim of the attacker was to infect machines with an adware.

Notes:

n/a