Video Trojan creation and Prevention Measures

Last Friday, a message from the SANS Internet response center and multiple anti-virus vendors found a vulnerability in the Windows version of Real Networks's Media Player software Real Player, attackers can exploit this vulnerability to implant malicious code into users' systems. The vulnerability has been confirmed to affect Real Player 10/10. 5/11 Beta. Malicious Code has been added to videos for a long time. Because Real Player has a wide coverage, hackers use RM and other video formats as the primary attack means.

The idea of malicious code in RM videos is mainly achieved through a component in RealMediaEditor. The general idea is to integrate webpage Trojans into RM videos and pop up a malicious code window during playback, achieve the attack purpose.

The method to prevent RM video Trojans is also very simple: RMRepair is dedicated to dealing with RM video Trojans. Select a suspicious video file and clear it directly. We recommend that you scan RM videos in advance.

In addition, you should also pay attention to other video formats, such as WMV and MOV files. WMV files use Microsoft Windows Media Player's digital permission management to load arbitrary web page vulnerabilities, using WMDRM to insert malicious code into a video gives users the illusion of DRM verification. DRM verification has become a weakness of the Windows Media Player. Many attack methods adopt the DRM verification mechanism. Although DRM promotes copyright protection, its external feature verification is basically zero, this allows many malicious programs to sneak in. The MOV Video Based on QuickTime uses the HREF text track and integrates the Trojan with the Event code.

Handler "style =" BORDER-RIGHT: black 1px solid; BORDER-TOP: black 1px solid; BORDER-LEFT: black 1px solid; BORDER-BOTTOM: black 1px solid "alt =" Multimedia panic: Video Trojan making and prevention means "src =" http://www.bkjia.com/uploads/allimg/131129/091Uab4-2.jpg "align = no>

In fact, no matter what kind of video Trojan, it uses the web Trojan principle to bind the Trojan to a webpage and then call the webpage through some functions of the player itself. Therefore, the most thorough solution is to prohibit the Player from accessing the network. Taking Real Player as an example, the firewall's trust rules are used to prohibit Real Player from accessing the network, or the HIPS software is used to monitor its behavior. In this way, no matter whether the video contains Trojans or not, it will not be attacked.