VirusTotal detects social engineering in media files
VirusTotal is now able to help detect exploit attempts made using video and music files in ASF format. The ASF format is able to include embedded URLs which are opened automatically when the files are played. The detection service determines the destination of these URLs. This service is not yet offered by local anti-virus software.
ASF files usually contain WMA-, WMV- or MP3-formatted content and enable Microsoft's digital rights management system to check whether songs or videos have been obtained legally. If a user wishes to play such a file, Windows Media Player checks the file's licence. ASF files also contain links to industry web sites used to clarify licensing issues.
Source: VirusTotal Fraudsters are now crafting ASF files so that, with no user involvement, users are sent to sites which invite them to download infected files. Downloads are labelled as plugins or similar tools, which users are told they need to install in order to play the video – the downloaded files contain malware. It is also possible to use this technique in such a way that playing a crafted media file will automatically send the user to a web site that uses an exploit kit to probe the browser and plugins for known security vulnerabilities.
Users can upload suspect ASF files of up to 64MB in size to VirusTotal.