Home > Article > Hakin9 article “Attacks On Music and Video Files”

Hakin9 article “Attacks On Music and Video Files”

It was almost a year now when a malicious executable was spotted capable of “Trojanizing” clean music and video media files(WMA, WMV, ASF, MP3). This threat became prevalent and in-the-wild; more and more affected user reports it from Q4 of 2008 until early of 2009. 

When I first handled the infected media file  (ASF) , I’ve reference  Microsoft  ASF specification  and created a summary which I’ve decided to publish here. Soon after, I investigated and reversed the malicious executable and constructed my analysis and I thought, this is interesting to share. 

Thanks to Monika for accommodating my proposed article, as well as to Ewa for the succeeding editorial efforts. The article was included in the latest Hakin9 (4/2009) release – you could find the list of topics here.

Hakin9’s circulation is mostly in USA, and I think, less in some countries like UK, Australia, Netherlands and Singapore. So, if you’ll find one in your local book store or magazine stands, I recommend that you grab a copy. 

hakin9

 

The legitimate feature that attackers’ misused  is designed for DRM, and guess what? An interesting infected media file progressed its social engineering technique by displaying this (as shown below), but unfortunately in background it connects to remote server that serves malicious executable. Because of it’s clever technique and not-so-popular infection vector, this threat may still proliferate.

DRM

  1. August 7, 2009 at 1:13 pm

    Yea, I totally suggest to grab a copy !

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: