« Next-gen video | Main | SWF SEO RIP? »
November 16, 2006
Video malware
Video malware: From The Register: "On Tuesday, anti-virus firm McAfee warned Windows users that the company had discovered a worm, dubbed W32/Realor, actively infecting Real Media files. The infected video files do not contain an exploit for the RealOne or Real players, but a hyperlink that points to a malicious website. When infected files are opened, the victim is referred to the website, which attempts to compromise their computer using a previously patched flaw in Internet Explorer." Sounds like a JavaScript popup window, same user experience... should content not be allowed to open new browser windows and display new websites? The author later says: "While W32/Realor had not spread far, the incident came the same day that Microsoft distributed a patch for five security vulnerabilities in Adobe's Flash Player -- software that is frequently used to play video streamed from popular internet sites." Maybe the author was edited after he wrote this... yesterday Microsoft released six changes in its monthly Windows Update, including one that was an update to the old Macromedia Flash Player 6. (I couldn't explain why Microsoft isn't shipping the current 9.x version -- you can check recent Player security releases here.) The article later goes into the whole sociology of video -- for what it's worth, it's YouTube's SWF shell which contains the interactivity instructions, not the FLV content which YouTube transcodes from members' submissions. The article closes with some good context from Adrian Ludwig of Adobe Security, comparing video files to interactive files. Overall, the threat described in this article seems to be "strange media may expose you to bad ideas", which I think is a regrettable yet inevitable threat with any type of media distribution.
Posted by JohnDowdell at November 16, 2006 07:56 AM
Trackback Pings
TrackBack URL for this entry:
http://weblogs.macromedia.com/mtadmin/mt-tb.cgi/8056