In association with heise online

04 June 2013, 16:36

VirusTotal detects social engineering in media files

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

VirusTotal tests ASF files
Zoom VirusTotal tests ASF files
Source: VirusTotal

VirusTotal is now able to help detect exploit attempts made using video and music files in ASF format. The ASF format is able to include embedded URLs which are opened automatically when the files are played. The detection service determines the destination of these URLs. This service is not yet offered by local anti-virus software.

ASF files usually contain WMA-, WMV- or MP3-formatted content and enable Microsoft's digital rights management system to check whether songs or videos have been obtained legally. If a user wishes to play such a file, Windows Media Player checks the file's licence. ASF files also contain links to industry web sites used to clarify licensing issues.

Plugin installation
Zoom To view the video, the user is told to install a plugin. The plugin is, however, a virus.
Source: VirusTotal
Fraudsters are now crafting ASF files so that, with no user involvement, users are sent to sites which invite them to download infected files. Downloads are labelled as plugins or similar tools, which users are told they need to install in order to play the video – the downloaded files contain malware. It is also possible to use this technique in such a way that playing a crafted media file will automatically send the user to a web site that uses an exploit kit to probe the browser and plugins for known security vulnerabilities.

Users can upload suspect ASF files of up to 64MB in size to VirusTotal.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit