VirusTotal detects social engineering in media files

Discussion in 'other anti-malware software' started by ronjor, Jun 4, 2013.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,721
    Location:
    Texas
    http://www.h-online.com/security/ne...ocial-engineering-in-media-files-1876237.html
     
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  3. guest

    guest Guest

    Wow, that's good to know. Once there was a Flash file which was automatically downloaded when I was browsing. It was stopped by Firefox's download prompt. I don't know if it's malicious or not since I didn't download it at all. :eek:
     
  4. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    265
    Location:
    USA
    How does VirusTotal work in this aspect? How do you test the video?
     
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Nice, they have added some interesting features lately: execution report for Android files, automatic analysis of PCAP files, passive DNS api and lots of new vendors for the URL scanner.

    http://blog.virustotal.com/2013/03/virustotal-android-execution-report.html
    http://blog.virustotal.com/2013/04/virustotal-passive-dns-replication.html
    http://blog.virustotal.com/2013/04/virustotal-pcap-analyzer.html

    @nine9s
    Once it's uploaded, click the File Detail tab and under Extended content encryption object it shows the (malicious) URL, more info in the link from 2nd post.
     
  6. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Interesting however a outbound 3rd party firewall will block all outbound connections from your media player when the file is played.
     
  7. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    This at priory does sound like a nice idea however most firewalls first need ip inclusion towards filtering otherwise this type of arbitrary blocking would lead the unpleasant interferences.

    For example for users who wish to have things like album covers and artist errata's displayed or downloaded while playing a movie or song. These activities require bidirectional communications. For example the file integrated auto input search of external music/artist CDDB database. (outbound)

    Arbitrarily blocking these, for example will lead to either disuse or at least to disabling the feature, and/or cause untold user frustration...

    See: https://en.wikipedia.org/wiki/CDDB and http://www.freedb.org/
     
    Last edited: Jun 5, 2013
Loading...
Thread Status:
Not open for further replies.