VirusTotal detects social engineering in media files

Sounds good

Also on their blog:http://blog.virustotal.com/2013/06/social-engineering-attacks-using-drm.html

 

Wow, that's good to know. Once there was a Flash file which was automatically downloaded when I was browsing. It was stopped by Firefox's download prompt. I don't know if it's malicious or not since I didn't download it at all.

 

How does VirusTotal work in this aspect? How do you test the video?

 

Nice, they have added some interesting features lately: execution report for Android files, automatic analysis of PCAP files, passive DNS api and lots of new vendors for the URL scanner.

http://blog.virustotal.com/2013/03/virustotal-android-execution-report.html
http://blog.virustotal.com/2013/04/virustotal-passive-dns-replication.html
http://blog.virustotal.com/2013/04/virustotal-pcap-analyzer.html

@nine9s
Once it's uploaded, click the File Detail tab and under Extended content encryption object it shows the (malicious) URL, more info in the link from 2nd post.

 

Interesting however a outbound 3rd party firewall will block all outbound connections from your media player when the file is played.

 

This at priory does sound like a nice idea however most firewalls first need ip inclusion towards filtering otherwise this type of arbitrary blocking would lead the unpleasant interferences.

For example for users who wish to have things like album covers and artist errata's displayed or downloaded while playing a movie or song. These activities require bidirectional communications. For example the file integrated auto input search of external music/artist CDDB database. (outbound)

Arbitrarily blocking these, for example will lead to either disuse or at least to disabling the feature, and/or cause untold user frustration...

See: https://en.wikipedia.org/wiki/CDDB and http://www.freedb.org/