Top

Information Systems Frontiers

Published in:

01-10-2015

Analysis of a multistage attack embedded in a video file

Authors: Hiran V. Nath, B. M. Mehtre

Published in: Information Systems Frontiers | Issue 5/2015

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In 1990s, burglars used to break into house, while the residents were viewing some interesting television shows. This type of attacks happened mainly in the physical world and it was expected that cyber world is free from such crimes. Unfortunately, this is not true. A skilled hacker could compromise a system, while the user is viewing (an interesting) video file. Quite often computer users, use their machines for viewing (interesting) videos. Such users may be naive users or could even be those who work on mission critical systems, like banking, defence, nuclear power-plant, space agencies etc. So playing a video file can lead to high security risk. In this paper, we have analysed video files, for detecting multistage attacks. We found that some video files contain malicious link through which an exploit gets downloaded into the host machine. The contribution of this paper is the discovery of novel attacks that are hidden (by perpetrator) in innocuous video files with the objective of staging a targeted attack in multiple stages. Finally, we propose a new method for detection of such attacks (carried through video files) using API calls.

previous article Game-theoretic strategies for IDS deployment in peer-to-peer networks

next article Examining the role of three sets of innovation attributes for determining adoption of the interbank mobile payment service

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Alazab, M., Venkataraman, S., & Watters, P. (2010a). Towards understanding malware behaviour by the extraction of API calls. In Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second (pp. 52–59). IEEE.

Alazab, M., Layton, R., Venkataraman, S., & Watters, P. (2010b). Malware detection based on structural and behavioural features of API calls.

Balduzzi, M., Ciangaglini, V., & McArdle, R. (2013). Targeted attacks detection with spunge. In Privacy, Security and Trust (PST), 2013 Eleventh Annual International Conference on (pp. 185–194). IEEE.

Bencsáth, B., Pék, G., Buttyán, L., & Felegyhazi, M. (2012). The cousins of stuxnet: duqu, flame, and gauss. Future Internet, 4(4), 971–1003.CrossRef

GREAT (2013). The Icefog APT: a Tale of Cloak and Three Daggers. Kaspersky Lab Global Research and Analysis Team (GREAT).

Handurukande, S. B., Kermarrec, A. M., Le Fessant, F., Massoulié, L., & Patarin, S. (2006). Peer sharing behaviour in the edonkey network, and implications for the design of server-less file sharing systems. ACM, 40(4), 359–371.

Kurose, J. F. (2005). Computer networking: a top-down approach featuring the internet. Pearson Education India.

Lewis, C., Rhoden, B., & Sturton, C. (2007). Using structured random data to precisely fuzz media players. Project Report.

Li, F., Lai, A., & Ddl, D. (2011). Evidence of advanced persistent threat: a case study of malware for political espionage. In Malicious and Unwanted Software (MALWARE), 2011 6th International Conference on (pp. 102–109). IEEE.

Ma, W., Duan, P., Liu, S., Gu, G., & Liu, J. C. (2012). Shadow attacks: automatically evading system-call-behavior based malware detection. Journal in Computer Virology, 8(1–2), 1–13.CrossRef

McDonald, G., Murchu, L. O., Doherty, S., & Chien, E. (2013). Stuxnet 0.5: the missing link. Symantec Report.

Menn, J. (2012). Key internet operator VeriSign hit by hackers. Reuters (February 2, 2012).

Microsoft (2014) Article ID: 828026 - Last review: 20 - Revision: 13.0 https://support.microsoft.com/kb/828026?wa=wsignin1.0.

Mohandas R., Thomas V., & Prashanth P. R. (2013). U.S. Patent No. 8,510,829. Washington, DC: U.S. Patent and Trademark Office.

Nath, H. V., & Mehtre, B. M. (2014a). Torrent file 1. https://www.dropbox.com/s/d0oep28823aahzh/%5Bmonova.org%5D%20Neelakasham_Pachakadal_Chuvanna_Bhoomi_%282013%29_Malayalam_MOVIE-1CD_MJY-CAM.torrent.

Nath, H. V., & Mehtre, B. M., (2014b). Video file 1. https://www.dropbox.com/s/cftrvega2n2krxk/Neelakasham%20Pachakadal%20Chuvanna%20Bhoomi%20%282012%29%20Malayalam%20MOVIE-1CD%20MJY-CAM.wmv.

Nath, H. V., & Mehtre, B. M., (2014c). RAM file. https://www.dropbox.com/s/jimr7z2dz2wm6mi/RAM1.vmem.

Nath, H. V., & Mehtre, B. M., (2014d). PCAP file. https://www.dropbox.com/s/dwpez63aec6s6u0/Internet%20Communication%20on%20NPCB.pcap.

Nath, H. V., & Mehtre, B. M. (2015a). Torrent file 2. https://www.dropbox.com/s/pu5vb6rdck3jfge/MONOVA.ORG%20100_Degree_Celsius_%282014%29_Malayalam_DVDRip_x264_AAC_5.1_E-Subs-MBRHDRG.torrent.

Nath, H. V., & Mehtre, B. M. (2015b). Video file 2. https://www.dropbox.com/s/wt80iawsr3ooadg/100%20Degree%20Celsius%202014%20DVDRip%20x264%20AAC%205%201%20E%20Subs%20Malayalam%20Movie.avi.

Pouwelse, J., Garbacki, P., Epema, D., & Sips, H. (2005). The bittorrent p2p file-sharing system: measurements and analysis. In Peer-to-Peer Systems IV (pp. 205–216). Springer Berlin Heidelberg.

Prosecutors, P. (2012). Messiah spyware infects Middle East targets.

Raymond, D., Conti, G., Cross, T., & Fanelli, R. (2013). A control measure framework to limit collateral damage and propagation of cyber weapons. In Cyber Conflict (CyCon), 2013 5th International Conference on (pp. 1–16). IEEE.

Sami, A., Yadegari, B., Rahimi, H., Peiravian, N., Hashemi, S., & Hamze, A. (2010). Malware detection based on mining API calls. In Proceedings of the 2010 ACM Symposium on Applied Computing (pp. 1020–1025). ACM.

Shyamasundar, R. K. (2013). Security and protection of SCADA: a bigdata algorithmic approach. In Proceedings of the 6th International Conference on Security of Information and Networks (pp. 20–27). ACM.

Sood, A. K., & Enbody, R. J. (2013). Targeted cyberattacks: a superset of advanced persistent threats. IEEE Security and Privacy, 11(1), 54–61.

Thiel, D. (2008). Exposing vulnerabilities in media software. In Black Hat conference presentation, BlackHat EU.

Wang, C., Pang, J., Zhao, R., & Liu, X. (2009). Using API sequence and Bayes algorithm to detect suspicious behavior. In Communication Software and Networks, 2009. ICCSN’09. International Conference on (pp. 544–548). IEEE.

Zetter, K. (2010). Google hack attack was ultra sophisticated, new details show. Wired Magazine, 14.

Title: Analysis of a multistage attack embedded in a video file
Authors: Hiran V. Nath
B. M. Mehtre
Publication date: 01-10-2015
Publisher: Springer US
Published in: Information Systems Frontiers / Issue 5/2015
Print ISSN: 1387-3326
Electronic ISSN: 1572-9419
DOI: https://doi.org/10.1007/s10796-015-9570-5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 5/2015

Examining the role of three sets of innovation attributes for determining adoption of the interbank mobile payment service

Game-theoretic strategies for IDS deployment in peer-to-peer networks

Radio frequency identification (RFID) adoption: A cross-sectional comparison of voluntary and mandatory contexts

Measurements of mislead threshold of company graph distortion

Message diffusion through social network service: The case of rumor and non-rumor related tweets during Boston bombing 2013

Addressing the valuation problem in multi-round combinatorial auctions

Premium Partner